kubernetesk8s.io/kubernetes/pkg/kubelet/podcertificate Index | Files

package podcertificate

import "k8s.io/kubernetes/pkg/kubelet/podcertificate"

Index

Types

type IssuingManager 

type IssuingManager struct {
	// contains filtered or unexported fields
}

IssuingManager is the main implementation of Manager.

The core construct is a workqueue that contains one entry for each PodCertificateProjection (tracked with a podname/volumename/sourceindex tuple) in each non-mirror Pod scheduled to the node. Everytime anything interesting happens to a PodCertificateRequest or Pod, we redrive all of the potentially-affected PodCertificateProjections into the workqueue.

State is not preserved across restarts --- if Kubelet or the node restarts, then all PodCertificateProjections will be queued for immediate refresh.

Refresh is handled by periodicially redriving all PodCertificateProjections into the queue.

func NewIssuingManager 

func NewIssuingManager(kc kubernetes.Interface, podManager PodManager, pcrInformer certinformersv1alpha1.PodCertificateRequestInformer, nodeInformer coreinformersv1.NodeInformer, nodeName types.NodeName, clock clock.WithTicker) *IssuingManager

func (*IssuingManager) ForgetPod 

func (m *IssuingManager) ForgetPod(ctx context.Context, pod *corev1.Pod)

ForgetPod queues the pod's podCertificate projected volume sources for processing.

The pod worker will notice that the pod no longer exists and clear any pending and live credentials associated with it.

func (*IssuingManager) GetPodCertificateCredentialBundle 

func (m *IssuingManager) GetPodCertificateCredentialBundle(ctx context.Context, namespace, podName, podUID, volumeName string, sourceIndex int) ([]byte, []byte, error)

func (*IssuingManager) Run 

func (m *IssuingManager) Run(ctx context.Context)

func (*IssuingManager) TrackPod 

func (m *IssuingManager) TrackPod(ctx context.Context, pod *corev1.Pod)

TrackPod queues the pod's podCertificate projected volume sources for processing.

type Manager 

type Manager interface {
	// TrackPod is called by Kubelet every time a new pod is assigned to the node.
	TrackPod(ctx context.Context, pod *corev1.Pod)
	// ForgetPod is called by Kubelet every time a pod is dropped from the node.
	ForgetPod(ctx context.Context, pod *corev1.Pod)

	// GetPodCertificateCredentialBundle is called by the volume host to
	// retrieve the credential bundle for a given pod certificate volume.
	GetPodCertificateCredentialBundle(ctx context.Context, namespace, podName, podUID, volumeName string, sourceIndex int) (privKey []byte, certChain []byte, err error)
}

Manager abstracts the functionality needed by Kubelet and the volume host in order to provide pod certificate functionality.

type NoOpManager 

type NoOpManager struct{}

NoOpManager is an implementation of Manager that just returns errors, meant for use in static/detached Kubelet mode.

func (*NoOpManager) ForgetPod 

func (m *NoOpManager) ForgetPod(ctx context.Context, pod *corev1.Pod)

func (*NoOpManager) GetPodCertificateCredentialBundle 

func (m *NoOpManager) GetPodCertificateCredentialBundle(ctx context.Context, namespace, podName, podUID, volumeName string, sourceIndex int) ([]byte, []byte, error)

func (*NoOpManager) TrackPod 

func (m *NoOpManager) TrackPod(ctx context.Context, pod *corev1.Pod)

type PodManager 

type PodManager interface {
	GetPodByUID(uid types.UID) (*corev1.Pod, bool)
	GetPods() []*corev1.Pod
}

PodManager is a local wrapper interface for pod.Manager.

Source Files

podcertificatemanager.go

Version
v1.35.0-alpha.0
Published
Aug 2, 2025
Platform
windows/amd64
Imports
31 packages
Last checked
4 minutes ago

Tools for package owners.