[go: up one dir, main page]

kube

package
v0.0.0-...-1ad6422 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 24, 2025 License: Apache-2.0 Imports: 21 Imported by: 3

Documentation

Index

Constants

View Source 
const (
	// The ID/name for the certificate chain in kubernetes generic secret.
	GenericScrtCert = "cert"
	// The ID/name for the private key in kubernetes generic secret.
	GenericScrtKey = "key"
	// The ID/name for the CA certificate in kubernetes generic secret.
	GenericScrtCaCert = "cacert"
	// The ID/name for the CRL in kubernetes generic secret.
	GenericScrtCRL = "crl"

	// The ID/name for the certificate chain in kubernetes tls secret.
	TLSSecretCert = "tls.crt"
	// The ID/name for the k8sKey in kubernetes tls secret.
	TLSSecretKey = "tls.key"
	// The ID/name for the certificate OCSP staple in kubernetes tls secret
	TLSSecretOcspStaple = "tls.ocsp-staple"
	// The ID/name for the CA certificate in kubernetes tls secret
	TLSSecretCaCert = "ca.crt"
	// The ID/name for the CRL in kubernetes tls secret.
	TLSSecretCrl = "ca.crl"
)

Variables

View Source 
var SecretsFieldSelector = fields.AndSelectors(
	fields.OneTermNotEqualSelector("type", "helm.sh/release.v1"),
	fields.OneTermNotEqualSelector("type", string(v1.SecretTypeServiceAccountToken))).String()

SecretsFieldSelector is an optimization to avoid excessive secret bloat. We only care about TLS certificates and docker config for Wasm image pulling. Unfortunately, it is not as simple as selecting type=kubernetes.io/tls and type=kubernetes.io/dockerconfigjson. Because of legacy reasons and supporting an extra ca.crt, we also support generic types. Its also likely users have started to use random types and expect them to continue working. This makes the assumption we will never care about Helm secrets or SA token secrets - two common large secrets in clusters. This is a best effort optimization only; the code would behave correctly if we watched all secrets.

Functions

func ExtractCertInfo 

func ExtractCertInfo(scrt *v1.Secret) (certInfo *credentials.CertInfo, err error)

ExtractCertInfo extracts server key, certificate, and OCSP staple

func ExtractRoot 

func ExtractRoot(data map[string][]byte) (certInfo *credentials.CertInfo, err error)

ExtractRoot extracts the root certificate

func ExtractRootFromString 

func ExtractRootFromString(data map[string]string) (certInfo *credentials.CertInfo, err error)

ExtractRootFromString extracts the root certificate

Types

type AggregateController 

type AggregateController struct {
	// contains filtered or unexported fields
}

func (*AggregateController) AddEventHandler 

func (a *AggregateController) AddEventHandler(f func(name string, namespace string))

func (*AggregateController) Authorize 

func (a *AggregateController) Authorize(serviceAccount, namespace string) error

func (*AggregateController) GetCaCert 

func (a *AggregateController) GetCaCert(name, namespace string) (certInfo *credentials.CertInfo, err error)

func (*AggregateController) GetCertInfo 

func (a *AggregateController) GetCertInfo(name, namespace string) (certInfo *credentials.CertInfo, err error)

func (*AggregateController) GetConfigMapCaCert 

func (a *AggregateController) GetConfigMapCaCert(name, namespace string) (certInfo *credentials.CertInfo, err error)

func (*AggregateController) GetDockerCredential 

func (a *AggregateController) GetDockerCredential(name, namespace string) ([]byte, error)

type CredentialsController 

type CredentialsController struct {
	// contains filtered or unexported fields
}

func NewCredentialsController 

func NewCredentialsController(kc kube.Client, handlers []func(typ kind.Kind, name string, namespace string), isConfigCluster bool) *CredentialsController

func (*CredentialsController) Authorize 

func (s *CredentialsController) Authorize(serviceAccount, namespace string) error

func (*CredentialsController) Close 

func (s *CredentialsController) Close()

func (*CredentialsController) GetCaCert 

func (s *CredentialsController) GetCaCert(name, namespace string) (certInfo *credentials.CertInfo, err error)

func (*CredentialsController) GetCertInfo 

func (s *CredentialsController) GetCertInfo(name, namespace string) (certInfo *credentials.CertInfo, err error)

func (*CredentialsController) GetConfigMapCaCert 

func (s *CredentialsController) GetConfigMapCaCert(name, namespace string) (certInfo *credentials.CertInfo, err error)

func (*CredentialsController) GetDockerCredential 

func (s *CredentialsController) GetDockerCredential(name, namespace string) ([]byte, error)

func (*CredentialsController) HasSynced 

func (s *CredentialsController) HasSynced() bool

type Multicluster 

type Multicluster struct {
	// contains filtered or unexported fields
}

Multicluster structure holds the remote kube Controllers and multicluster specific attributes.

func NewMulticluster 

func NewMulticluster(configCluster cluster.ID, controller multicluster.ComponentBuilder) *Multicluster

func (*Multicluster) AddSecretHandler 

func (m *Multicluster) AddSecretHandler(h func(k kind.Kind, name string, namespace string))

func (*Multicluster) ForCluster 

func (m *Multicluster) ForCluster(clusterID cluster.ID) (credentials.Controller, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.