package certificates

kubernetes – k8s.io/kubernetes/pkg/controller/certificates Index | Files | Directories

package certificates

import "k8s.io/kubernetes/pkg/controller/certificates"

Package certificates implements an abstract controller that is useful for building controllers that manage CSRs

Index ¶

func GetCertApprovalCondition(status *certificates.CertificateSigningRequestStatus) (approved bool, denied bool)
func HasTrueCondition(csr *certificates.CertificateSigningRequest, conditionType certificates.RequestConditionType) bool
func IgnorableError(s string, args ...interface{}) ignorableError
func IsCertificateRequestApproved(csr *certificates.CertificateSigningRequest) bool
type CertificateController

func NewCertificateController( ctx context.Context, name string, kubeClient clientset.Interface, csrInformer certificatesinformers.CertificateSigningRequestInformer, handler func(context.Context, *certificates.CertificateSigningRequest) error, ) *CertificateController
func (cc *CertificateController) Run(ctx context.Context, workers int)

Functions ¶

func GetCertApprovalCondition ¶

func GetCertApprovalCondition(status *certificates.CertificateSigningRequestStatus) (approved bool, denied bool)

func HasTrueCondition ¶

func HasTrueCondition(csr *certificates.CertificateSigningRequest, conditionType certificates.RequestConditionType) bool

HasTrueCondition returns true if the csr contains a condition of the specified type with a status that is set to True or is empty

func IgnorableError ¶

func IgnorableError(s string, args ...interface{}) ignorableError

IgnorableError returns an error that we shouldn't handle (i.e. log) because it's spammy and usually user error. Instead we will log these errors at a higher log level. We still need to throw these errors to signal that the sync should be retried.

func IsCertificateRequestApproved ¶

func IsCertificateRequestApproved(csr *certificates.CertificateSigningRequest) bool

IsCertificateRequestApproved returns true if a certificate request has the "Approved" condition and no "Denied" conditions; false otherwise.

Types ¶

type CertificateController ¶

type CertificateController struct {
	// contains filtered or unexported fields
}

func NewCertificateController ¶

func NewCertificateController(
	ctx context.Context,
	name string,
	kubeClient clientset.Interface,
	csrInformer certificatesinformers.CertificateSigningRequestInformer,
	handler func(context.Context, *certificates.CertificateSigningRequest) error,
) *CertificateController

func (*CertificateController) Run ¶

func (cc *CertificateController) Run(ctx context.Context, workers int)

Run the main goroutine responsible for watching and syncing jobs.

Source Files ¶

certificate_controller.go certificate_controller_utils.go

Directories ¶

Path	Synopsis
pkg/controller/certificates/approver	Package approver implements an automated approver for kubelet certificates.
pkg/controller/certificates/authority
pkg/controller/certificates/cleaner	Package cleaner implements an automated cleaner that does garbage collection on CSRs that meet specific criteria.
pkg/controller/certificates/clustertrustbundlepublisher
pkg/controller/certificates/rootcacertpublisher
pkg/controller/certificates/signer	Package signer implements a CA signer that uses keys stored on local disk.
pkg/controller/certificates/signer/config
pkg/controller/certificates/signer/config/v1alpha1

Version: v1.33.0 (latest)
Published: Apr 23, 2025
Platform: linux/amd64
Imports: 16 packages
Last checked: 3 hours ago –

Tools for package owners.

?	: This menu
/	: Search site
f	: Jump to identifier
g then g	: Go to top of page
g then b	: Go to end of page
G	: Go to end of page
g then i	: Go to index
g then e	: Go to examples