func ConfigureCRDs(
ctx context.Context,
restConfig *rest.Config,
serviceName, serviceNamespace string,
caSecret *k8sTypesCoreV1.Secret,
scheme *k8sRuntime.Scheme,
) error
ConfigureCRDs uses 'restConfig' to look at all CustomResourceDefinitions that are mentioned in 'scheme', and adjusts each of their .spec.conversion.webhook.clientConfig.caBundle to match the "tls.crt" field in 'caSecret'.
func LogLevelIsAtLeastDebug() bool
func Main(ctx context.Context, version string, args ...string) error
Main is a `github.com/emissary-ingress/emissary/v3/pkg/busy`-compatible wrapper around 'Run()', using values appropriate for the stock Emissary.
func PodNamespace() string
PodNamespace is borrowed from "k8s.io/client-go/tools/clientcmd".inClusterConfig.Namespace()
func Run(ctx context.Context, namespace, svcname string, httpPort, httpsPort int, scheme *k8sRuntime.Scheme) error
Run runs the Emissary apiext server process, but takes enough arguments that you should be able to reuse it to implement your own apiext server.
func ServeHTTP(ctx context.Context, port int) error
func ServeHTTPS(ctx context.Context, port int, ca *CA, scheme *k8sRuntime.Scheme) error
CA is a Certificat Authority that can mint new TLS certificates.
type CA struct {
Cert *x509.Certificate
Key *rsa.PrivateKey
// contains filtered or unexported fields
}
func EnsureCA(ctx context.Context, restConfig *rest.Config, namespace string) (*CA, *k8sTypesCoreV1.Secret, error)
EnsureCA ensures that a Kubernetes Secret named "emissary-ingress-webhook-ca" exists in the given namespace (creating it if it doesn't), and returns both the Secret itself and a CA using the information from the Secret.
func (ca *CA) GenServerCert(ctx context.Context, hostname string) (*tls.Certificate, error)