▽

Package controllers

type CertificateRequestPatch ¶

type CertificateRequestPatch interface {
    CertificateRequestPatch() *cmapi.CertificateRequestStatus
}

type CertificateRequestPredicate ¶

This predicate is used to indicate when a CertificateRequest event should trigger a reconciliation of itself.

In these cases we want to trigger: - an annotation changed/ was added or removed - a status condition was added or removed - a status condition that does not have type == Ready was changed (aka. other Status value)

type CertificateRequestPredicate struct {
    predicate.Funcs
}

func (CertificateRequestPredicate) Update ¶

func (CertificateRequestPredicate) Update(e event.UpdateEvent) bool

type CertificateRequestReconciler ¶

CertificateRequestReconciler reconciles a CertificateRequest object

type CertificateRequestReconciler struct {
    RequestController

    // SetCAOnCertificateRequest is used to enable setting the CA status field on
    // the CertificateRequest resource. This is disabled by default.
    // Deprecated: this option is for backwards compatibility only. The use of
    // ca.crt is discouraged. Instead, the CA certificate should be provided
    // separately using a tool such as trust-manager.
    SetCAOnCertificateRequest bool
}

func (*CertificateRequestReconciler) Init ¶

func (r *CertificateRequestReconciler) Init() *CertificateRequestReconciler

func (*CertificateRequestReconciler) SetupWithManager ¶

func (r *CertificateRequestReconciler) SetupWithManager(ctx context.Context, mgr ctrl.Manager) error

type CertificateSigningRequestPatch ¶

type CertificateSigningRequestPatch interface {
    CertificateSigningRequestPatch() *certificatesv1.CertificateSigningRequestStatus
}

type CertificateSigningRequestPredicate ¶

This predicate is used to indicate when a CertificateSigningRequest event should trigger a reconciliation of itself.

In these cases we want to trigger: - an annotation changed/ was added or removed - a status condition was added or removed - a status condition was changed

type CertificateSigningRequestPredicate struct {
    predicate.Funcs
}

func (CertificateSigningRequestPredicate) Update ¶

func (CertificateSigningRequestPredicate) Update(e event.UpdateEvent) bool

type CertificateSigningRequestReconciler ¶

CertificateSigningRequestReconciler reconciles a CertificateSigningRequest object

type CertificateSigningRequestReconciler struct {
    RequestController
}

func (*CertificateSigningRequestReconciler) Init ¶

func (r *CertificateSigningRequestReconciler) Init() *CertificateSigningRequestReconciler

func (*CertificateSigningRequestReconciler) SetupWithManager ¶

func (r *CertificateSigningRequestReconciler) SetupWithManager(ctx context.Context, mgr ctrl.Manager) error

SetupWithManager sets up the controller with the Manager.

type CombinedController ¶

type CombinedController struct {
    IssuerTypes        []v1alpha1.Issuer
    ClusterIssuerTypes []v1alpha1.Issuer

    FieldOwner string

    MaxRetryDuration time.Duration

    // Check connects to a CA and checks if it is available
    signer.Check
    // Sign connects to a CA and returns a signed certificate for the supplied CertificateRequest.
    signer.Sign

    // IgnoreCertificateRequest is an optional function that can prevent the CertificateRequest
    // and Kubernetes CSR controllers from reconciling a CertificateRequest resource.
    signer.IgnoreCertificateRequest
    // IgnoreIssuer is an optional function that can prevent the issuer controllers from
    // reconciling an issuer resource.
    signer.IgnoreIssuer

    // EventRecorder is used for creating Kubernetes events on resources.
    EventRecorder record.EventRecorder

    // Clock is used to mock condition transition times in tests.
    Clock clock.PassiveClock

    // SetCAOnCertificateRequest is used to enable setting the CA status field on
    // the CertificateRequest resource. This is disabled by default.
    // Deprecated: this option is for backwards compatibility only. The use of
    // ca.crt is discouraged. Instead, the CA certificate should be provided
    // separately using a tool such as trust-manager.
    SetCAOnCertificateRequest bool

    // DisableCertificateRequestController is used to disable the CertificateRequest
    // controller. This controller is enabled by default.
    // You should only disable this controller if you eg. don't want to rely on the cert-manager
    // CRDs to be installed.
    // Note: in the future, we might remove this option and always enable the CertificateRequest
    // controller.
    DisableCertificateRequestController bool

    // DisableKubernetesCSRController is used to disable the Kubernetes CSR controller.
    // This controller is enabled by default.
    // You should only disable this controller if you really don't want to support signing
    // Kubernetes CSRs.
    // Note: in the future, we might remove this option and always enable the Kubernetes CSR
    // controller.
    DisableKubernetesCSRController bool

    // PreSetupWithManager is an optional function that can be used to perform
    // additional setup before the controller is built and registered with the
    // manager.
    PreSetupWithManager func(context.Context, schema.GroupVersionKind, ctrl.Manager, *builder.Builder) error

    // PostSetupWithManager is an optional function that can be used to perform
    // additional setup after the controller is built and registered with the
    // manager.
    PostSetupWithManager func(context.Context, schema.GroupVersionKind, ctrl.Manager, controller.Controller) error
}

func (*CombinedController) SetupWithManager ¶

func (r *CombinedController) SetupWithManager(ctx context.Context, mgr ctrl.Manager) error

type IssuerPredicate ¶

Predicate for Issuer events that should trigger the Issuer reconciler

In these cases we want to trigger: - an annotation changed/ was added or removed - the generation changed - the Ready condition was added/ removed

type IssuerPredicate struct {
    predicate.Funcs
}

func (IssuerPredicate) Update ¶

func (IssuerPredicate) Update(e event.UpdateEvent) bool

Update implements default UpdateEvent filter for validating generation change.

type IssuerReconciler ¶

IssuerReconciler reconciles a TestIssuer object

type IssuerReconciler struct {
    ForObject v1alpha1.Issuer

    FieldOwner  string
    EventSource kubeutil.EventSource

    // Client is a controller-runtime client used to get and set K8S API resources
    client.Client
    // Check connects to a CA and checks if it is available
    signer.Check
    // IgnoreIssuer is an optional function that can prevent the issuer controllers from
    // reconciling an issuer resource.
    signer.IgnoreIssuer

    // EventRecorder is used for creating Kubernetes events on resources.
    EventRecorder record.EventRecorder

    // Clock is used to mock condition transition times in tests.
    Clock clock.PassiveClock

    // PreSetupWithManager is an optional function that can be used to perform
    // additional setup before the controller is built and registered with the
    // manager.
    PreSetupWithManager func(context.Context, schema.GroupVersionKind, ctrl.Manager, *builder.Builder) error

    // PostSetupWithManager is an optional function that can be used to perform
    // additional setup after the controller is built and registered with the
    // manager.
    PostSetupWithManager func(context.Context, schema.GroupVersionKind, ctrl.Manager, controller.Controller) error
}

func (*IssuerReconciler) Reconcile ¶

func (r *IssuerReconciler) Reconcile(ctx context.Context, req ctrl.Request) (result ctrl.Result, returnedError error)

func (*IssuerReconciler) SetupWithManager ¶

func (r *IssuerReconciler) SetupWithManager(ctx context.Context, mgr ctrl.Manager) error

SetupWithManager sets up the controller with the Manager.

type IssuerType ¶

type IssuerType struct {
    Type         v1alpha1.Issuer
    IsNamespaced bool
}

type LinkedIssuerPredicate ¶

Predicate for Issuer events that should trigger the CertificateRequest reconciler

In these cases we want to trigger: - the Ready condition was added/ removed - the Ready condition's Status property changed - the Ready condition's observed generation changed

type LinkedIssuerPredicate struct {
    predicate.Funcs
}

func (LinkedIssuerPredicate) Update ¶

func (LinkedIssuerPredicate) Update(e event.UpdateEvent) bool

Update implements default UpdateEvent filter for validating resource version change.

type MatchIssuerType ¶

type MatchIssuerType func(client.Object) (v1alpha1.Issuer, client.ObjectKey, error)

type RequestController ¶

RequestController reconciles a "request" object. A request object implementation can be provided using the requestObjectHelperCreator function. This function is responsible for creating a RequestObjectHelper that is used to interact with the request object. Currently, we support cert-manager CertificateRequests and Kubernetes CertificateSigningRequests.

type RequestController struct {
    IssuerTypes        []v1alpha1.Issuer
    ClusterIssuerTypes []v1alpha1.Issuer

    FieldOwner       string
    MaxRetryDuration time.Duration
    EventSource      kubeutil.EventSource

    // Client is a controller-runtime client used to get and set K8S API resources
    client.Client
    // Sign connects to a CA and returns a signed certificate for the supplied Request.
    signer.Sign
    // IgnoreCertificateRequest is an optional function that can prevent the Request
    // and Kubernetes CSR controllers from reconciling a Request resource.
    signer.IgnoreCertificateRequest

    // EventRecorder is used for creating Kubernetes events on resources.
    EventRecorder record.EventRecorder

    // Clock is used to mock condition transition times in tests.
    Clock clock.PassiveClock

    // PreSetupWithManager is an optional function that can be used to perform
    // additional setup before the controller is built and registered with the
    // manager.
    PreSetupWithManager func(context.Context, schema.GroupVersionKind, ctrl.Manager, *builder.Builder) error

    // PostSetupWithManager is an optional function that can be used to perform
    // additional setup after the controller is built and registered with the
    // manager.
    PostSetupWithManager func(context.Context, schema.GroupVersionKind, ctrl.Manager, controller.Controller) error
    // contains filtered or unexported fields
}

func (*RequestController) AllIssuerTypes ¶

func (r *RequestController) AllIssuerTypes() []IssuerType

func (*RequestController) Init ¶

func (r *RequestController) Init(
    requestType client.Object,
    requestPredicate predicate.Predicate,
    matchIssuerType MatchIssuerType,
    requestObjectHelperCreator RequestObjectHelperCreator,
) *RequestController

func (*RequestController) Reconcile ¶

func (r *RequestController) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)

func (*RequestController) SetupWithManager ¶

func (r *RequestController) SetupWithManager(
    ctx context.Context,
    mgr ctrl.Manager,
) error

SetupWithManager sets up the controller with the Manager.

type RequestObjectHelper ¶

type RequestObjectHelper interface {
    IsApproved() bool
    IsDenied() bool
    IsReady() bool
    IsFailed() bool

    RequestObject() signer.CertificateRequestObject

    NewPatch(
        clock clock.PassiveClock,
        fieldOwner string,
        eventRecorder record.EventRecorder,
    ) RequestPatchHelper
}

type RequestObjectHelperCreator ¶

type RequestObjectHelperCreator func(client.Object) RequestObjectHelper

type RequestPatch ¶

type RequestPatch interface {
    Patch() (client.Object, client.Patch, error)
}

type RequestPatchHelper ¶

type RequestPatchHelper interface {
    RequestPatch

    SetInitializing() (didInitialise bool)
    SetWaitingForIssuerExist(error)
    SetWaitingForIssuerReadyNoCondition()
    SetWaitingForIssuerReadyOutdated()
    SetWaitingForIssuerReadyNotReady(*cmapi.IssuerCondition)
    SetCustomCondition(
        conditionType string,
        conditionStatus metav1.ConditionStatus,
        conditionReason string, conditionMessage string,
    ) (didCustomConditionTransition bool)
    SetPending(reason string)
    SetRetryableError(error)
    SetPermanentError(error)
    SetUnexpectedError(error)
    SetIssued(signer.PEMBundle)
}

Subdirectories