istio: istio.io/istio/security/pkg/k8s/chiron Index | Files

package chiron

import "istio.io/istio/security/pkg/k8s/chiron"

Index

Package Files

controller.go utils.go

Constants

const (
    // The Istio DNS secret annotation type
    IstioDNSSecretType = "istio.io/dns-key-and-cert"
)

#nosec: disable gas linter

func GenKeyCertK8sCA Uses

func GenKeyCertK8sCA(certClient certclient.CertificateSigningRequestInterface, dnsName,
    secretName, secretNamespace, caFilePath string) ([]byte, []byte, []byte, error)

GenKeyCertK8sCA generates a certificate and key from k8s CA Working flow: 1. Generate a CSR 2. Submit a CSR 3. Approve a CSR 4. Read the signed certificate 5. Clean up the artifacts (e.g., delete CSR)

type WebhookController Uses

type WebhookController struct {

    // Current CA certificate
    CACert []byte
    // contains filtered or unexported fields
}

WebhookController manages the service accounts' secrets that contains Istio keys and certificates.

func NewWebhookController Uses

func NewWebhookController(gracePeriodRatio float32, minGracePeriod time.Duration,
    core corev1.CoreV1Interface, admission admissionv1.AdmissionregistrationV1beta1Interface,
    certClient certclient.CertificatesV1beta1Interface, k8sCaCertFile string,
    secretNames, dnsNames, serviceNamespaces []string) (*WebhookController, error)

NewWebhookController returns a pointer to a newly constructed WebhookController instance.

func (*WebhookController) Run Uses

func (wc *WebhookController) Run(stopCh <-chan struct{})

Run starts the WebhookController until stopCh is notified.

type WebhookType Uses

type WebhookType int
const (
    MutatingWebhook WebhookType = iota
    ValidatingWebhook
)

Package chiron imports 26 packages (graph) and is imported by 3 packages. Updated 2020-01-11. Refresh now. Tools for package owners.