Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewIdentityServer ¶
func NewIdentityServer(name, version string) *identityServer
Types ¶
type Driver ¶
type Driver struct {
// contains filtered or unexported fields
}
A Driver is a gRPC server that implements the CSI spec. It can be used to build a CSI driver that generates private key data and automatically creates cert-manager CertificateRequests to obtain signed certificate data.
func NewWithListener ¶
NewWithListener will construct a new CSI driver using the given net.Listener. This is useful when more control over the listening parameters is required.
type GRPCServer ¶
type GRPCServer struct {
// contains filtered or unexported fields
}
func NewGRPCServer ¶
func NewGRPCServer(endpoint string, log logr.Logger, ids csi.IdentityServer, cs csi.ControllerServer, ns csi.NodeServer) (*GRPCServer, error)
func NewGRPCServerWithListener ¶
func NewGRPCServerWithListener(lis net.Listener, log logr.Logger, ids csi.IdentityServer, cs csi.ControllerServer, ns csi.NodeServer) *GRPCServer
func (*GRPCServer) ForceStop ¶
func (s *GRPCServer) ForceStop()
func (*GRPCServer) Run ¶
func (g *GRPCServer) Run() error
func (*GRPCServer) Stop ¶
func (s *GRPCServer) Stop()
type GeneratePrivateKeyFunc ¶
type GeneratePrivateKeyFunc func(meta metadata.Metadata) (crypto.PrivateKey, error)
GeneratePrivateKeyFunc returns a private key to be used for issuance of the given request. Depending on the implementation, this may be a newly generated private key, one that has been read from disk, or even simply a pointer to an external signing device such as a HSM.
type GenerateRequestFunc ¶
type GenerateRequestFunc func(meta metadata.Metadata) (*x509.CertificateRequest, error)
GenerateRequestFunc generates a new x509.CertificateRequest for the given metadata.
type Options ¶
type Options struct {
// DriverName should match the driver name as configured in the Kubernetes
// CSIDriver object (e.g. 'csi.cert-manager.io')
DriverName string
// DriverVersion is the version of the driver to be returned during
// IdentityServer calls
DriverVersion string
// NodeID is the name/ID of the node this driver is running on (typically
// the Kubernetes node name)
NodeID string
// Store is a reference to a storage backend for writing files
Store storage.Interface
// Manager is used to fetch & renew certificate data
Manager *manager.Manager
// Mounter will be used to invoke operating system mount operations.
// If not specified, the current operating system's default implementation
// will be used (i.e. 'mount.New("")')
Mounter mount.Interface
// ContinueOnNotReady will cause the driver's nodeserver to continue
// mounting the volume even if the driver is not ready to create a request yet.
// This is useful if you need to defer requesting a certificate until after
// initialization of the Pod (e.g. IPAM so a pod IP is allocated).
// Enabling this option WILL cause a period of time during pod startup whereby
// certificate data is not available in the volume whilst the process is running.
// An `initContainer` or other special logic in the user application must be
// added to avoid running into CrashLoopBackOff situations which can delay pod
// start time.
ContinueOnNotReady bool
}
type SignRequestFunc ¶
type SignRequestFunc func(meta metadata.Metadata, request *x509.CertificateRequest) (csr []byte, err error)
SignRequestFunc returns the signed CSR bytes (in DER format) for the given x509.CertificateRequest.
Source Files