secretfetcher

package

v0.0.0-...-edfa39e Latest Latest Go to latest Published: Jan 28, 2019 License: Apache-2.0 Imports: 17 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/simpleusd/istio

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type SecretFetcher
- func NewSecretFetcher(ingressGatewayAgent bool, endpoint, CAProviderName string, tlsFlag bool, ...) (*SecretFetcher, error)

Constants ¶

View Source

const (

	// IngressSecretType the type of kubernetes secrets for ingress gateway.
	IngressSecretType = "istio.io/ingress-key-cert"

	// KubeConfigFile the config file name for kubernetes client.
	// Specifies empty file name to use InClusterConfig.
	KubeConfigFile = ""

	// The ID/name for the certificate chain in kubernetes secret.
	ScrtCert = "cert"
	// The ID/name for the k8sKey in kubernetes secret.
	ScrtKey = "key"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type SecretFetcher ¶

type SecretFetcher struct {
	// If UseCaClient is true, use caClient to send CSR to CA.
	UseCaClient bool
	CaClient    caClientInterface.Client

	// Delete all entries containing secretName in SecretCache. Called when K8S secret is deleted.
	DeleteCache func(secretName string)
	// Update all entries containing secretName in SecretCache. Called when K8S secret is updated.
	UpdateCache func(secretName string, ns model.SecretItem)
	// contains filtered or unexported fields
}

SecretFetcher fetches secret via watching k8s secrets or sending CSR to CA.

func NewSecretFetcher ¶

func NewSecretFetcher(ingressGatewayAgent bool, endpoint, CAProviderName string, tlsFlag bool,
	tlsRootCert []byte, vaultAddr, vaultRole, vaultAuthPath, vaultSignCsrPath string) (*SecretFetcher, error)

NewSecretFetcher returns a pointer to a newly constructed SecretFetcher instance.

func (*SecretFetcher) AddSecret ¶

func (sf *SecretFetcher) AddSecret(obj interface{})

AddSecret adds obj into local store. Only used for testing.

func (*SecretFetcher) FindIngressGatewaySecret ¶

func (sf *SecretFetcher) FindIngressGatewaySecret(key string) (secret model.SecretItem, ok bool)

FindIngressGatewaySecret returns the secret for a k8sKeyA, or empty secret if no secret is present. The ok result indicates whether secret was found.

func (*SecretFetcher) Init ¶

func (sf *SecretFetcher) Init(core corev1.CoreV1Interface)

Init initializes SecretFetcher to watch kubernetes secrets.

func (*SecretFetcher) Run ¶

func (sf *SecretFetcher) Run(ch chan struct{})

Run starts the SecretFetcher until a value is sent to ch. Only used when watching kubernetes gateway secrets.

Source Files ¶

View all Source files

secretfetcher.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL