Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewIdentityServer ¶
func NewIdentityServer(name, version string) *identityServer
Types ¶
type Driver ¶
type Driver struct {
// contains filtered or unexported fields
}
A Driver is a gRPC server that implements the CSI spec. It can be used to build a CSI driver that generates private key data and automatically creates cert-manager CertificateRequests to obtain signed certificate data.
func NewWithListener ¶
NewWithListener will construct a new CSI driver using the given net.Listener. This is useful when more control over the listening parameters is required.
type GRPCServer ¶
type GRPCServer struct {
// contains filtered or unexported fields
}
func NewGRPCServer ¶
func NewGRPCServer(endpoint string, log logr.Logger, ids csi.IdentityServer, cs csi.ControllerServer, ns csi.NodeServer) (*GRPCServer, error)
func NewGRPCServerWithListener ¶
func NewGRPCServerWithListener(lis net.Listener, log logr.Logger, ids csi.IdentityServer, cs csi.ControllerServer, ns csi.NodeServer) *GRPCServer
func (*GRPCServer) ForceStop ¶
func (s *GRPCServer) ForceStop()
func (*GRPCServer) Run ¶
func (g *GRPCServer) Run() error
func (*GRPCServer) Stop ¶
func (s *GRPCServer) Stop()
type GeneratePrivateKeyFunc ¶
type GeneratePrivateKeyFunc func(meta metadata.Metadata) (crypto.PrivateKey, error)
GeneratePrivateKeyFunc returns a private key to be used for issuance of the given request. Depending on the implementation, this may be a newly generated private key, one that has been read from disk, or even simply a pointer to an external signing device such as a HSM.
type GenerateRequestFunc ¶
type GenerateRequestFunc func(meta metadata.Metadata) (*x509.CertificateRequest, error)
GenerateRequestFunc generates a new x509.CertificateRequest for the given metadata.
type Options ¶
type Options struct { // DriverName should match the driver name as configured in the Kubernetes // CSIDriver object (e.g. 'csi.cert-manager.io') DriverName string // DriverVersion is the version of the driver to be returned during // IdentityServer calls DriverVersion string // NodeID is the name/ID of the node this driver is running on (typically // the Kubernetes node name) NodeID string // Store is a reference to a storage backend for writing files Store storage.Interface // Manager is used to fetch & renew certificate data Manager *manager.Manager // Mounter will be used to invoke operating system mount operations. // If not specified, the current operating system's default implementation // will be used (i.e. 'mount.New("")') Mounter mount.Interface // ContinueOnNotReady will cause the driver's nodeserver to continue // mounting the volume even if the driver is not ready to create a request yet. // This is useful if you need to defer requesting a certificate until after // initialization of the Pod (e.g. IPAM so a pod IP is allocated). // Enabling this option WILL cause a period of time during pod startup whereby // certificate data is not available in the volume whilst the process is running. // An `initContainer` or other special logic in the user application must be // added to avoid running into CrashLoopBackOff situations which can delay pod // start time. ContinueOnNotReady bool }
type SignRequestFunc ¶
type SignRequestFunc func(meta metadata.Metadata, request *x509.CertificateRequest) (csr []byte, err error)
SignRequestFunc returns the signed CSR bytes (in DER format) for the given x509.CertificateRequest.