const pollingInterval … const approvedExpiration … const deniedExpiration … const pendingExpiration … type CSRCleanerController … // NewCSRCleanerController creates a new CSRCleanerController. func NewCSRCleanerController( csrClient csrclient.CertificateSigningRequestInterface, csrInformer certificatesinformers.CertificateSigningRequestInformer, ) *CSRCleanerController { … } // Run the main goroutine responsible for watching and syncing jobs. func (ccc *CSRCleanerController) Run(ctx context.Context, workers int) { … } // worker runs a thread that dequeues CSRs, handles them, and marks them done. func (ccc *CSRCleanerController) worker(ctx context.Context) { … } func (ccc *CSRCleanerController) handle(ctx context.Context, csr *capi.CertificateSigningRequest) error { … } // isIssuedExpired checks if the CSR has been issued a certificate and if the // expiration of the certificate (the NotAfter value) has passed. func isIssuedExpired(logger klog.Logger, csr *capi.CertificateSigningRequest) bool { … } // isPendingPastDeadline checks if the certificate has a Pending status and the // creation time of the CSR is passed the deadline that pending requests are // maintained for. func isPendingPastDeadline(logger klog.Logger, csr *capi.CertificateSigningRequest) bool { … } // isDeniedPastDeadline checks if the certificate has a Denied status and the // creation time of the CSR is passed the deadline that denied requests are // maintained for. func isDeniedPastDeadline(logger klog.Logger, csr *capi.CertificateSigningRequest) bool { … } // isFailedPastDeadline checks if the certificate has a Failed status and the // creation time of the CSR is passed the deadline that pending requests are // maintained for. func isFailedPastDeadline(logger klog.Logger, csr *capi.CertificateSigningRequest) bool { … } // isIssuedPastDeadline checks if the certificate has an Issued status and the // creation time of the CSR is passed the deadline that issued requests are // maintained for. func isIssuedPastDeadline(logger klog.Logger, csr *capi.CertificateSigningRequest) bool { … } // isOlderThan checks that t is a non-zero time after time.Now() + d. func isOlderThan(t metav1.Time, d time.Duration) bool { … } // isIssued checks if the CSR has `Issued` status. There is no explicit // 'Issued' status. Implicitly, if there is a certificate associated with the // CSR, the CSR statuses that are visible via `kubectl` will include 'Issued'. func isIssued(csr *capi.CertificateSigningRequest) bool { … } // isExpired checks if the CSR has a certificate and the date in the `NotAfter` // field has gone by. func isExpired(csr *capi.CertificateSigningRequest) bool { … }