Documentation ¶
Index ¶
- Constants
- type SecretFetcher
- func (sf *SecretFetcher) AddSecret(obj interface{})
- func (sf *SecretFetcher) DeleteSecret(obj interface{})
- func (sf *SecretFetcher) FindIngressGatewaySecret(key string) (secret model.SecretItem, ok bool)
- func (sf *SecretFetcher) Init(core corev1.CoreV1Interface)
- func (sf *SecretFetcher) Run(ch chan struct{})
Constants ¶
const ( // IngressGatewaySdsCaSuffix is the suffix of the sds resource name for root CA. All resource // names for ingress gateway root certs end with "-cacert". IngressGatewaySdsCaSuffix = "-cacert" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type SecretFetcher ¶
type SecretFetcher struct { // If UseCaClient is true, use caClient to send CSR to CA. UseCaClient bool CaClient caClientInterface.Client // Add all entries containing secretName in SecretCache. Called when K8S secret is added. AddCache func(secretName string, ns model.SecretItem) // Delete all entries containing secretName in SecretCache. Called when K8S secret is deleted. DeleteCache func(secretName string) // Update all entries containing secretName in SecretCache. Called when K8S secret is updated. UpdateCache func(secretName string, ns model.SecretItem) // FallbackSecretName stores the name of fallback secret which is set at env variable // INGRESS_GATEWAY_FALLBACK_SECRET. If INGRESS_GATEWAY_FALLBACK_SECRET is empty, then use // gateway-fallback as default name of fallback secret. If a fallback secret exists, // FindIngressGatewaySecret returns this fallback secret when expected secret is not available. FallbackSecretName string // contains filtered or unexported fields }
SecretFetcher fetches secret via watching k8s secrets or sending CSR to CA.
func NewSecretFetcher ¶
func NewSecretFetcher(ingressGatewayAgent bool, endpoint, CAProviderName string, tlsFlag bool, tlsRootCert []byte, vaultAddr, vaultRole, vaultAuthPath, vaultSignCsrPath string) (*SecretFetcher, error)
NewSecretFetcher returns a pointer to a newly constructed SecretFetcher instance.
func (*SecretFetcher) AddSecret ¶
func (sf *SecretFetcher) AddSecret(obj interface{})
AddSecret adds obj into local store. Only used for testing.
func (*SecretFetcher) DeleteSecret ¶
func (sf *SecretFetcher) DeleteSecret(obj interface{})
DeleteSecret deletes obj from local store. Only used for testing.
func (*SecretFetcher) FindIngressGatewaySecret ¶
func (sf *SecretFetcher) FindIngressGatewaySecret(key string) (secret model.SecretItem, ok bool)
FindIngressGatewaySecret returns the secret whose name matches the key, or empty secret if no secret is present. The ok result indicates whether secret was found. If there is a fallback secret named FallbackSecretName, return the fall back secret.
func (*SecretFetcher) Init ¶
func (sf *SecretFetcher) Init(core corev1.CoreV1Interface)
Init initializes SecretFetcher to watch kubernetes secrets.
func (*SecretFetcher) Run ¶
func (sf *SecretFetcher) Run(ch chan struct{})
Run starts the SecretFetcher until a value is sent to ch. Only used when watching kubernetes gateway secrets.