istio: istio.io/istio/security/pkg/k8s/chiron Index | Files

package chiron

import "istio.io/istio/security/pkg/k8s/chiron"

Index

Package Files

controller.go utils.go

Constants 

const (
    // The Istio DNS secret annotation type
    IstioDNSSecretType = "istio.io/dns-key-and-cert"
)

#nosec: disable gas linter

func GenKeyCertK8sCA Uses

func GenKeyCertK8sCA(certClient certclient.CertificateSigningRequestInterface, dnsName,
    secretName, secretNamespace, caFilePath string) ([]byte, []byte, []byte, error)

GenKeyCertK8sCA generates a certificate and key from k8s CA Working flow: 1. Generate a CSR 2. Submit a CSR 3. Approve a CSR 4. Read the signed certificate 5. Clean up the artifacts (e.g., delete CSR)

type WebhookController Uses

type WebhookController struct {

    // Current CA certificate
    CACert []byte
    // contains filtered or unexported fields
}

WebhookController manages the service accounts' secrets that contains Istio keys and certificates.

func NewWebhookController Uses

func NewWebhookController(gracePeriodRatio float32, minGracePeriod time.Duration,
    core corev1.CoreV1Interface, admission admissionv1beta1.AdmissionregistrationV1beta1Interface,
    certClient certclient.CertificatesV1beta1Interface, k8sCaCertFile string,
    secretNames, dnsNames, serviceNamespaces []string) (*WebhookController, error)

NewWebhookController returns a pointer to a newly constructed WebhookController instance.

func (*WebhookController) Run Uses

func (wc *WebhookController) Run(stopCh <-chan struct{})

Run starts the WebhookController until stopCh is notified.

type WebhookType Uses

type WebhookType int

Package chiron imports 27 packages (graph) and is imported by 3 packages. Updated 2020-08-13. Refresh now. Tools for package owners.