cert-manager: github.com/jetstack/cert-manager/pkg/controller Index | Files | Directories

package controller

import "github.com/jetstack/cert-manager/pkg/controller"


Package Files

builder.go context.go controller.go helper.go register.go util.go


var (
    KeyFunc = cache.DeletionHandlingMetaNamespaceKeyFunc

func DefaultItemBasedRateLimiter Uses

func DefaultItemBasedRateLimiter() workqueue.RateLimiter

func HandleOwnedResourceNamespacedFunc Uses

func HandleOwnedResourceNamespacedFunc(log logr.Logger, queue workqueue.RateLimitingInterface, ownerGVK schema.GroupVersionKind, get func(namespace, name string) (interface{}, error)) func(obj interface{})

func Known Uses

func Known() map[string]Constructor

Known returns a map of the registered controller Constructors

func Register Uses

func Register(name string, fn Constructor)

Register registers a controller constructor with the controller package

type ACMEOptions Uses

type ACMEOptions struct {
    // ACMEHTTP01SolverImage is the image to use for solving ACME HTTP01
    // challenges
    HTTP01SolverImage string

    // HTTP01SolverResourceRequestCPU defines the ACME pod's resource request CPU size
    HTTP01SolverResourceRequestCPU resource.Quantity

    // HTTP01SolverResourceRequestMemory defines the ACME pod's resource request Memory size
    HTTP01SolverResourceRequestMemory resource.Quantity

    // HTTP01SolverResourceLimitsCPU defines the ACME pod's resource limits CPU size
    HTTP01SolverResourceLimitsCPU resource.Quantity

    // HTTP01SolverResourceLimitsMemory defines the ACME pod's resource limits Memory size
    HTTP01SolverResourceLimitsMemory resource.Quantity

    // DNS01CheckAuthoritative is a flag for controlling if auth nss are used
    // for checking propagation of an RR. This is the ideal scenario
    DNS01CheckAuthoritative bool

    // DNS01Nameservers is a list of nameservers to use when performing self-checks
    // for ACME DNS01 validations.
    DNS01Nameservers []string

    // AccountRegistry is used as a cache of ACME accounts between various
    // components of cert-manager
    AccountRegistry accounts.Registry

    // DNS01CheckRetryPeriod is the time the controller should wait between checking if a ACME dns entry exists.
    DNS01CheckRetryPeriod time.Duration

type BlockingEventHandler Uses

type BlockingEventHandler struct {
    WorkFunc func(obj interface{})

BlockingEventHandler is an implementation of cache.ResourceEventHandler that simply synchronously calls it's WorkFunc upon calls to OnAdd, OnUpdate or OnDelete.

func (*BlockingEventHandler) Enqueue Uses

func (b *BlockingEventHandler) Enqueue(obj interface{})

func (*BlockingEventHandler) OnAdd Uses

func (b *BlockingEventHandler) OnAdd(obj interface{})

func (*BlockingEventHandler) OnDelete Uses

func (b *BlockingEventHandler) OnDelete(obj interface{})

func (*BlockingEventHandler) OnUpdate Uses

func (b *BlockingEventHandler) OnUpdate(old, new interface{})

type Builder Uses

type Builder struct {
    // contains filtered or unexported fields

Builder is used to build controllers that implement the queuingController interface

func NewBuilder Uses

func NewBuilder(controllerctx *Context, name string) *Builder

New creates a basic Builder, setting the sync call to the one given

func (*Builder) Complete Uses

func (b *Builder) Complete() (Interface, error)

func (*Builder) First Uses

func (b *Builder) First(function func(context.Context)) *Builder

First will register a function that will be called once, after the controller has been initialised. They are queued, run sequentially, and block "With" runDurationFuncs from running until all are complete.

func (*Builder) For Uses

func (b *Builder) For(ctrl queueingController) *Builder

func (*Builder) With Uses

func (b *Builder) With(function func(context.Context), duration time.Duration) *Builder

With will register an additional function that should be called every 'duration' alongside the controller. This is useful if a controller needs to periodically run a scheduled task.

type CertificateOptions Uses

type CertificateOptions struct {
    // EnableOwnerRef controls whether the certificate is configured as an owner of
    // secret where the effective TLS certificate is stored.
    EnableOwnerRef bool

type Constructor Uses

type Constructor func(ctx *Context) (Interface, error)

Constructor is a function that creates a new control loop given a controller Context.

type Context Uses

type Context struct {
    // RootContext is the root context for the controller
    RootContext context.Context

    // StopCh is a channel that will be closed when the controller is signalled
    // to exit
    StopCh <-chan struct{}
    // RESTConfig is the loaded Kubernetes apiserver rest client configuration
    RESTConfig *rest.Config
    // Client is a Kubernetes clientset
    Client kubernetes.Interface
    // CMClient is a cert-manager clientset
    CMClient clientset.Interface
    // Recorder to record events to
    Recorder record.EventRecorder

    // KubeSharedInformerFactory can be used to obtain shared
    // SharedIndexInformer instances for Kubernetes types
    KubeSharedInformerFactory kubeinformers.SharedInformerFactory
    // SharedInformerFactory can be used to obtain shared SharedIndexInformer
    // instances
    SharedInformerFactory informers.SharedInformerFactory

    // Namespace is the namespace to operate within.
    // If unset, operates on all namespaces
    Namespace string

    // Clock should be used to access the current time instead of relying on
    // time.Now, to make it easier to test controllers that utilise time
    Clock clock.Clock

    // Metrics is used for exposing Prometheus metrics across the controllers
    Metrics *metrics.Metrics


Context contains various types that are used by controller implementations. We purposely don't have specific informers/listers here, and instead keep a reference to a SharedInformerFactory so that controllers can choose themselves which listers are required.

type IngressShimOptions Uses

type IngressShimOptions struct {
    // Default issuer/certificates details consumed by ingress-shim
    DefaultIssuerName                 string
    DefaultIssuerKind                 string
    DefaultIssuerGroup                string
    DefaultAutoCertificateAnnotations []string

type Interface Uses

type Interface interface {
    // Run will start a controller. 'workers' should be the  number of
    // independent goroutines for this controller in question that are to be
    // run, and the workers should shut down upon a signal on stopCh.
    // This method should block until all workers have exited cleanly, thus
    // allowing for graceful shutdown of control loops.
    Run(workers int, stopCh <-chan struct{}) error

Interface represents a controller that can be run.

func NewController Uses

func NewController(
    ctx context.Context,
    name string,
    metrics *metrics.Metrics,
    syncFunc func(ctx context.Context, key string) error,
    mustSync []cache.InformerSynced,
    runDurationFuncs []runDurationFunc,
    queue workqueue.RateLimitingInterface,
) Interface

type IssuerOptions Uses

type IssuerOptions struct {
    // ClusterResourceNamespace is the namespace to store resources created by
    // non-namespaced resources (e.g. ClusterIssuer) in.
    ClusterResourceNamespace string

    // ClusterIssuerAmbientCredentials controls whether a cluster issuer should
    // pick up ambient credentials, such as those from metadata services, to
    // construct clients.
    ClusterIssuerAmbientCredentials bool

    // IssuerAmbientCredentials controls whether an issuer should pick up ambient
    // credentials, such as those from metadata services, to construct clients.
    IssuerAmbientCredentials bool

    // RenewBeforeExpiryDuration is the default 'renew before expiry' time for Certificates.
    // Once a certificate is within this duration until expiry, a new Certificate
    // will be attempted to be issued.
    RenewBeforeExpiryDuration time.Duration

func (IssuerOptions) CalculateDurationUntilRenew Uses

func (o IssuerOptions) CalculateDurationUntilRenew(ctx context.Context, cert *x509.Certificate, crt *cmapi.Certificate) time.Duration

CalculateDurationUntilRenew calculates how long cert-manager should wait to until attempting to renew this certificate resource.

func (IssuerOptions) CanUseAmbientCredentials Uses

func (o IssuerOptions) CanUseAmbientCredentials(iss cmapi.GenericIssuer) bool

func (IssuerOptions) CertificateNeedsRenew Uses

func (o IssuerOptions) CertificateNeedsRenew(ctx context.Context, cert *x509.Certificate, crt *cmapi.Certificate) bool

func (IssuerOptions) ResourceNamespace Uses

func (o IssuerOptions) ResourceNamespace(iss cmapi.GenericIssuer) string

type QueuingEventHandler Uses

type QueuingEventHandler struct {
    Queue workqueue.RateLimitingInterface

QueuingEventHandler is an implementation of cache.ResourceEventHandler that simply queues objects that are added/updated/deleted.

func (*QueuingEventHandler) Enqueue Uses

func (q *QueuingEventHandler) Enqueue(obj interface{})

func (*QueuingEventHandler) OnAdd Uses

func (q *QueuingEventHandler) OnAdd(obj interface{})

func (*QueuingEventHandler) OnDelete Uses

func (q *QueuingEventHandler) OnDelete(obj interface{})

func (*QueuingEventHandler) OnUpdate Uses

func (q *QueuingEventHandler) OnUpdate(old, new interface{})

type SchedulerOptions Uses

type SchedulerOptions struct {
    // MaxConcurrentChallenges determines the maximum number of challenges that can be
    // scheduled as 'processing' at once.
    MaxConcurrentChallenges int


testPackage test contains testing utilities used for constructing fake Contexts which can be used during tests.

Package controller imports 25 packages (graph) and is imported by 84 packages. Updated 2020-11-24. Refresh now. Tools for package owners.