type CSRSigningController …
func NewKubeletServingCSRSigningController(
ctx context.Context,
client clientset.Interface,
csrInformer certificatesinformers.CertificateSigningRequestInformer,
caFile, caKeyFile string,
certTTL time.Duration,
) (*CSRSigningController, error) { … }
func NewKubeletClientCSRSigningController(
ctx context.Context,
client clientset.Interface,
csrInformer certificatesinformers.CertificateSigningRequestInformer,
caFile, caKeyFile string,
certTTL time.Duration,
) (*CSRSigningController, error) { … }
func NewKubeAPIServerClientCSRSigningController(
ctx context.Context,
client clientset.Interface,
csrInformer certificatesinformers.CertificateSigningRequestInformer,
caFile, caKeyFile string,
certTTL time.Duration,
) (*CSRSigningController, error) { … }
func NewLegacyUnknownCSRSigningController(
ctx context.Context,
client clientset.Interface,
csrInformer certificatesinformers.CertificateSigningRequestInformer,
caFile, caKeyFile string,
certTTL time.Duration,
) (*CSRSigningController, error) { … }
func NewCSRSigningController(
ctx context.Context,
controllerName string,
signerName string,
client clientset.Interface,
csrInformer certificatesinformers.CertificateSigningRequestInformer,
caFile, caKeyFile string,
certTTL time.Duration,
) (*CSRSigningController, error) { … }
func (c *CSRSigningController) Run(ctx context.Context, workers int) { … }
type isRequestForSignerFunc …
type signer …
func newSigner(signerName, caFile, caKeyFile string, client clientset.Interface, certificateDuration time.Duration) (*signer, error) { … }
func (s *signer) handle(ctx context.Context, csr *capi.CertificateSigningRequest) error { … }
func (s *signer) sign(x509cr *x509.CertificateRequest, usages []capi.KeyUsage, expirationSeconds *int32, now func() time.Time) ([]byte, error) { … }
func (s *signer) duration(expirationSeconds *int32) time.Duration { … }
func getCSRVerificationFuncForSignerName(signerName string) (isRequestForSignerFunc, error) { … }
func isKubeletServing(req *x509.CertificateRequest, usages []capi.KeyUsage, signerName string) (bool, error) { … }
func isKubeletClient(req *x509.CertificateRequest, usages []capi.KeyUsage, signerName string) (bool, error) { … }
func isKubeAPIServerClient(req *x509.CertificateRequest, usages []capi.KeyUsage, signerName string) (bool, error) { … }
func isLegacyUnknown(req *x509.CertificateRequest, usages []capi.KeyUsage, signerName string) (bool, error) { … }
func validAPIServerClientUsages(usages []capi.KeyUsage) error { … }
func usagesToSet(usages []capi.KeyUsage) sets.String { … }