Documentation
¶
Overview ¶
Package controllermanager provides an entrypoint into running all of the controllers that run as a part of Pinniped.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func PrepareControllers ¶
func PrepareControllers(c *Config) (controllerinit.RunnerBuilder, error)
PrepareControllers prepares the controllers and their informers and returns a function that will start them when called.
Types ¶
type Config ¶
type Config struct {
// ServerInstallationInfo provides the name of the pod in which Pinniped is running and the namespace in which Pinniped is deployed.
ServerInstallationInfo *downward.PodInfo
// APIGroupSuffix is the suffix of the Pinniped API that should be targeted by these controllers.
APIGroupSuffix string
// NamesConfig comes from the Pinniped config API (see api.Config). It specifies how Kubernetes
// objects should be named.
NamesConfig *concierge.NamesConfigSpec
// KubeCertAgentConfig comes from the Pinniped config API (see api.Config). It configures how
// the kubecertagent package's controllers should manage the agent pods.
KubeCertAgentConfig *concierge.KubeCertAgentSpec
// ImpersonationProxyServerPort decides which port the impersonation proxy should bind.
ImpersonationProxyServerPort int
// DiscoveryURLOverride allows a caller to inject a hardcoded discovery URL into Pinniped
// discovery document.
DiscoveryURLOverride *string
// DynamicServingCertProvider provides a setter and a getter to the Pinniped API's serving cert.
DynamicServingCertProvider dynamiccert.Private
// DynamicSigningCertProvider provides a setter and a getter to the Pinniped API's
// signing cert, i.e., the cert that it uses to sign certs for Pinniped clients wishing to login.
// This is filled with the Kube API server's signing cert by a controller, if it can be found.
DynamicSigningCertProvider dynamiccert.Private
// ImpersonationSigningCertProvider provides a setter and a getter to the CA cert that should be
// used to sign client certs for authentication to the impersonation proxy. This CA is used by
// the TokenCredentialRequest to sign certs and by the impersonation proxy to check certs.
// When the impersonation proxy is not running, the getter will return nil cert and nil key.
// (Note that the impersonation proxy also accepts client certs signed by the Kube API server's cert.)
ImpersonationSigningCertProvider dynamiccert.Provider
// ImpersonationProxyTokenCache holds short-lived tokens for the impersonation proxy service account.
ImpersonationProxyTokenCache tokenclient.ExpiringSingletonTokenCacheGet
// ServingCertDuration is the validity period, in seconds, of the API serving certificate.
ServingCertDuration time.Duration
// ServingCertRenewBefore is the period of time, in seconds, that pinniped will wait before
// rotating the serving certificate. This period of time starts upon issuance of the serving
// certificate.
ServingCertRenewBefore time.Duration
// AuthenticatorCache is a cache of authenticators shared amongst various authenticated-related controllers.
AuthenticatorCache *authncache.Cache
// Labels are labels that should be added to any resources created by the controllers.
Labels map[string]string
}
Config holds all the input parameters to the set of controllers run as a part of Pinniped.
It is used to inject parameters into PrepareControllers.
Source Files
Click to show internal directories.
Click to hide internal directories.