Documentation
¶
Index ¶
- Variables
- func CollectAnnotations(annotationKeys ...string) *annotationOptions
- func CombineCABundleOnDiskLocations(in *certgraphapi.CertificateAuthorityBundle, rhs []certgraphapi.OnDiskLocation) *certgraphapi.CertificateAuthorityBundle
- func CombineCertOnDiskLocations(in *certgraphapi.CertKeyPair, rhs []certgraphapi.OnDiskCertKeyPairLocation) *certgraphapi.CertKeyPair
- func CombineConfigMapLocations(in *certgraphapi.CertificateAuthorityBundle, ...) *certgraphapi.CertificateAuthorityBundle
- func CombineSecretLocations(in *certgraphapi.CertKeyPair, rhs []certgraphapi.InClusterSecretLocation) *certgraphapi.CertKeyPair
- func GatherCertsFromAllNamespaces(ctx context.Context, kubeClient kubernetes.Interface, ...) (*certgraphapi.PKIList, error)
- func GatherCertsFromDisk(ctx context.Context, kubeClient kubernetes.Interface, dir string, ...) (*certgraphapi.PKIList, error)
- func GatherCertsFromPlatformNamespaces(ctx context.Context, kubeClient kubernetes.Interface, ...) (*certgraphapi.PKIList, error)
- func GetBootstrapIPAndHostname(ctx context.Context, kubeClient kubernetes.Interface) (string, string, error)
- func InspectCSR(obj *certificatesv1.CertificateSigningRequest) (*certgraphapi.CertKeyPair, error)
- func InspectConfigMap(obj *corev1.ConfigMap) (*certgraphapi.CertificateAuthorityBundle, error)
- func InspectSecret(obj *corev1.Secret) (*certgraphapi.CertKeyPair, error)
- func MergePKILists(ctx context.Context, first, second *certgraphapi.PKIList) *certgraphapi.PKIList
- func PKIListFromParts(ctx context.Context, ...) *certgraphapi.PKIList
- func RewriteNodeNames(nodeList []*corev1.Node, bootstrapHostname string) *metadataOptions
- func StripRootFSMountPoint(rootfsMount string) *metadataOptions
Constants ¶
This section is empty.
Variables ¶
View Source
var ( SkipRevisioned = &resourceFilteringOptions{ rejectConfigMapFn: func(configMap *corev1.ConfigMap) bool { return isRevisioned(configMap.OwnerReferences) }, rejectSecretFn: func(secret *corev1.Secret) bool { return isRevisioned(secret.OwnerReferences) }, } SkipHashed = &resourceFilteringOptions{ rejectConfigMapFn: func(configMap *corev1.ConfigMap) bool { return hasMonitoringHashLabel(configMap.Labels) }, rejectSecretFn: func(secret *corev1.Secret) bool { return hasMonitoringHashLabel(secret.Labels) }, } )
View Source
var ( ElideProxyCADetails = &metadataOptions{ rewriteCABundleFn: func(metadata metav1.ObjectMeta, caBundle *certgraphapi.CertificateAuthorityBundle) { isProxyCA := false if metadata.Namespace == "openshift-config-managed" && metadata.Name == "trusted-ca-bundle" { isProxyCA = true } if metadata.Namespace == "openshift-cloud-controller-manager" && metadata.Name == "ccm-trusted-ca" { isProxyCA = true } if metadata.Namespace == "openshift-monitoring" && strings.Contains(metadata.Name, "-trusted-ca-bundle-") { isProxyCA = true } if len(metadata.Labels["config.openshift.io/inject-trusted-cabundle"]) > 0 { isProxyCA = true } if !isProxyCA { return } if len(caBundle.Spec.CertificateMetadata) < 10 { return } caBundle.Name = "proxy-ca" caBundle.LogicalName = "proxy-ca" caBundle.Spec.CertificateMetadata = []certgraphapi.CertKeyMetadata{ { CertIdentifier: certgraphapi.CertIdentifier{ CommonName: "synthetic-proxy-ca", SerialNumber: "0", Issuer: nil, }, }, } }, } SkipRevisionedLocations = &metadataOptions{ rewriteCABundleFn: func(metadata metav1.ObjectMeta, caBundle *certgraphapi.CertificateAuthorityBundle) { locations := []certgraphapi.OnDiskLocation{} for _, loc := range caBundle.Spec.OnDiskLocations { if skipRevisionedInOnDiskLocation(loc) { continue } locations = append(locations, loc) } caBundle.Spec.OnDiskLocations = locations }, rewriteCertKeyPairFn: func(metadata metav1.ObjectMeta, certKeyPair *certgraphapi.CertKeyPair) { locations := []certgraphapi.OnDiskCertKeyPairLocation{} for _, loc := range certKeyPair.Spec.OnDiskLocations { if len(loc.Cert.Path) != 0 && skipRevisionedInOnDiskLocation(loc.Cert) { continue } if len(loc.Key.Path) != 0 && skipRevisionedInOnDiskLocation(loc.Key) { continue } locations = append(locations, loc) } certKeyPair.Spec.OnDiskLocations = locations }, } StripTimestamps = &metadataOptions{ rewritePathFn: func(path string) string { return timestampReg.ReplaceAllString(path, "<timestamp>.pem") }, } )
Functions ¶
func CollectAnnotations ¶
func CollectAnnotations(annotationKeys ...string) *annotationOptions
CollectAnnotations creates an option that specifies the list of annotation to collect.
func CombineCABundleOnDiskLocations ¶
func CombineCABundleOnDiskLocations(in *certgraphapi.CertificateAuthorityBundle, rhs []certgraphapi.OnDiskLocation) *certgraphapi.CertificateAuthorityBundle
CombineCABundleOnDiskLocations returns a CertificateAuthorityBundle with all on-disk locations from in and rhs de-duplicated into a single list
func CombineCertOnDiskLocations ¶
func CombineCertOnDiskLocations(in *certgraphapi.CertKeyPair, rhs []certgraphapi.OnDiskCertKeyPairLocation) *certgraphapi.CertKeyPair
CombineCertOnDiskLocations returns a CertKeyPair with all on-disk locations from in and rhs de-duplicated into a single list
func CombineConfigMapLocations ¶
func CombineConfigMapLocations(in *certgraphapi.CertificateAuthorityBundle, rhs []certgraphapi.InClusterConfigMapLocation) *certgraphapi.CertificateAuthorityBundle
CombineConfigMapLocations returns a CertificateAuthorityBundle with all in-cluster locations from in and rhs de-duplicated into a single list
func CombineSecretLocations ¶
func CombineSecretLocations(in *certgraphapi.CertKeyPair, rhs []certgraphapi.InClusterSecretLocation) *certgraphapi.CertKeyPair
CombineSecretLocations returns a CertKeyPair with all in-cluster locations from in and rhs de-duplicated into a single list
func GatherCertsFromAllNamespaces ¶
func GatherCertsFromAllNamespaces(ctx context.Context, kubeClient kubernetes.Interface, options ...certGenerationOptions) (*certgraphapi.PKIList, error)
func GatherCertsFromDisk ¶
func GatherCertsFromDisk(ctx context.Context, kubeClient kubernetes.Interface, dir string, options ...certGenerationOptions) (*certgraphapi.PKIList, error)
func GatherCertsFromPlatformNamespaces ¶
func GatherCertsFromPlatformNamespaces(ctx context.Context, kubeClient kubernetes.Interface, options ...certGenerationOptions) (*certgraphapi.PKIList, error)
func GetBootstrapIPAndHostname ¶
func GetBootstrapIPAndHostname(ctx context.Context, kubeClient kubernetes.Interface) (string, string, error)
GetBootstrapIPAndHostname finds bootstrap IP and hostname in openshift-etcd namespace configmaps and secrets Either IP or hostname may be empty
func InspectCSR ¶
func InspectCSR(obj *certificatesv1.CertificateSigningRequest) (*certgraphapi.CertKeyPair, error)
func InspectConfigMap ¶
func InspectConfigMap(obj *corev1.ConfigMap) (*certgraphapi.CertificateAuthorityBundle, error)
func InspectSecret ¶
func InspectSecret(obj *corev1.Secret) (*certgraphapi.CertKeyPair, error)
func MergePKILists ¶
func MergePKILists(ctx context.Context, first, second *certgraphapi.PKIList) *certgraphapi.PKIList
func PKIListFromParts ¶
func PKIListFromParts(ctx context.Context, inClusterResourceData *certgraphapi.PerInClusterResourceData, certs []*certgraphapi.CertKeyPair, caBundles []*certgraphapi.CertificateAuthorityBundle) *certgraphapi.PKIList
func RewriteNodeNames ¶
func StripRootFSMountPoint ¶
func StripRootFSMountPoint(rootfsMount string) *metadataOptions
Types ¶
This section is empty.
Source Files
Click to show internal directories.
Click to hide internal directories.