weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #6242 from inteon/restructure_controller_configfile

Browse Source 
Restructure the controller configfile
This commit is contained in:
jetstack-bot 2023-08-10 15:37:09 +02:00 committed by GitHub
commit 9d618a17fb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 872 additions and 506 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
cmd/controller/app/controller.go
View File

@ -133,14 +133,14 @@ func Run(opts *config.ControllerConfiguration, stopCh <-chan struct{}) error {
if err != nil {
return fmt.Errorf("failed to listen on healthz address %s: %v", opts.HealthzListenAddress, err)
}
healthzServer := healthz.NewServer(opts.HealthzLeaderElectionTimeout)
healthzServer := healthz.NewServer(opts.LeaderElectionConfig.HealthzTimeout)
g.Go(func() error {
log.V(logf.InfoLevel).Info("starting healthz server", "address", healthzListener.Addr())
return healthzServer.Start(rootCtx, healthzListener)
})
elected := make(chan struct{})
if opts.LeaderElect {
if opts.LeaderElectionConfig.Enabled {
g.Go(func() error {
log.V(logf.InfoLevel).Info("starting leader election")
ctx, err := ctxFactory.Build("leader-election")
@ -241,7 +241,7 @@ func Run(opts *config.ControllerConfiguration, stopCh <-chan struct{}) error {
func buildControllerContextFactory(ctx context.Context, opts *config.ControllerConfiguration) (*controller.ContextFactory, error) {
log := logf.FromContext(ctx)
nameservers := opts.DNS01RecursiveNameservers
nameservers := opts.ACMEDNS01Config.RecursiveNameservers
if len(nameservers) == 0 {
nameservers = dnsutil.RecursiveNameservers
}
@ -250,27 +250,27 @@ func buildControllerContextFactory(ctx context.Context, opts *config.ControllerC
WithValues("nameservers", nameservers).
Info("configured acme dns01 nameservers")
http01SolverResourceRequestCPU, err := resource.ParseQuantity(opts.ACMEHTTP01SolverResourceRequestCPU)
http01SolverResourceRequestCPU, err := resource.ParseQuantity(opts.ACMEHTTP01Config.SolverResourceRequestCPU)
if err != nil {
return nil, fmt.Errorf("error parsing ACMEHTTP01SolverResourceRequestCPU: %w", err)
}
http01SolverResourceRequestMemory, err := resource.ParseQuantity(opts.ACMEHTTP01SolverResourceRequestMemory)
http01SolverResourceRequestMemory, err := resource.ParseQuantity(opts.ACMEHTTP01Config.SolverResourceRequestMemory)
if err != nil {
return nil, fmt.Errorf("error parsing ACMEHTTP01SolverResourceRequestMemory: %w", err)
}
http01SolverResourceLimitsCPU, err := resource.ParseQuantity(opts.ACMEHTTP01SolverResourceLimitsCPU)
http01SolverResourceLimitsCPU, err := resource.ParseQuantity(opts.ACMEHTTP01Config.SolverResourceLimitsCPU)
if err != nil {
return nil, fmt.Errorf("error parsing ACMEHTTP01SolverResourceLimitsCPU: %w", err)
}
http01SolverResourceLimitsMemory, err := resource.ParseQuantity(opts.ACMEHTTP01SolverResourceLimitsMemory)
http01SolverResourceLimitsMemory, err := resource.ParseQuantity(opts.ACMEHTTP01Config.SolverResourceLimitsMemory)
if err != nil {
return nil, fmt.Errorf("error parsing ACMEHTTP01SolverResourceLimitsMemory: %w", err)
}
ACMEHTTP01SolverRunAsNonRoot := opts.ACMEHTTP01SolverRunAsNonRoot
ACMEHTTP01SolverRunAsNonRoot := opts.ACMEHTTP01Config.SolverRunAsNonRoot
acmeAccountRegistry := accounts.NewDefaultRegistry()
ctxFactory, err := controller.NewContextFactory(ctx, controller.ContextOptions{
@ -290,13 +290,13 @@ func buildControllerContextFactory(ctx context.Context, opts *config.ControllerC
HTTP01SolverResourceLimitsCPU: http01SolverResourceLimitsCPU,
HTTP01SolverResourceLimitsMemory: http01SolverResourceLimitsMemory,
ACMEHTTP01SolverRunAsNonRoot: ACMEHTTP01SolverRunAsNonRoot,
HTTP01SolverImage: opts.ACMEHTTP01SolverImage,
HTTP01SolverImage: opts.ACMEHTTP01Config.SolverImage,
// Allows specifying a list of custom nameservers to perform HTTP01 checks on.
HTTP01SolverNameservers: opts.ACMEHTTP01SolverNameservers,
HTTP01SolverNameservers: opts.ACMEHTTP01Config.SolverNameservers,
DNS01Nameservers: nameservers,
DNS01CheckRetryPeriod: opts.DNS01CheckRetryPeriod,
DNS01CheckAuthoritative: !opts.DNS01RecursiveNameserversOnly,
DNS01CheckRetryPeriod: opts.ACMEDNS01Config.CheckRetryPeriod,
DNS01CheckAuthoritative: !opts.ACMEDNS01Config.RecursiveNameserversOnly,
AccountRegistry: acmeAccountRegistry,
},
@ -312,10 +312,10 @@ func buildControllerContextFactory(ctx context.Context, opts *config.ControllerC
},
IngressShimOptions: controller.IngressShimOptions{
DefaultIssuerName: opts.DefaultIssuerName,
DefaultIssuerKind: opts.DefaultIssuerKind,
DefaultIssuerGroup: opts.DefaultIssuerGroup,
DefaultAutoCertificateAnnotations: opts.DefaultAutoCertificateAnnotations,
DefaultIssuerName: opts.IngressShimConfig.DefaultIssuerName,
DefaultIssuerKind: opts.IngressShimConfig.DefaultIssuerKind,
DefaultIssuerGroup: opts.IngressShimConfig.DefaultIssuerGroup,
DefaultAutoCertificateAnnotations: opts.IngressShimConfig.DefaultAutoCertificateAnnotations,
},
CertificateOptions: controller.CertificateOptions{
@ -346,7 +346,7 @@ func startLeaderElection(ctx context.Context, opts *config.ControllerConfigurati
// We only support leases for leader election. Previously we supported ConfigMap & Lease objects for leader
// election.
ml, err := resourcelock.New(resourcelock.LeasesResourceLock,
opts.LeaderElectionNamespace,
opts.LeaderElectionConfig.Namespace,
lockName,
leaderElectionClient.CoreV1(),
leaderElectionClient.CoordinationV1(),
@ -359,9 +359,9 @@ func startLeaderElection(ctx context.Context, opts *config.ControllerConfigurati
// Try and become the leader and start controller manager loops
le, err := leaderelection.NewLeaderElector(leaderelection.LeaderElectionConfig{
Lock: ml,
LeaseDuration: opts.LeaderElectionLeaseDuration,
RenewDeadline: opts.LeaderElectionRenewDeadline,
RetryPeriod: opts.LeaderElectionRetryPeriod,
LeaseDuration: opts.LeaderElectionConfig.LeaseDuration,
RenewDeadline: opts.LeaderElectionConfig.RenewDeadline,
RetryPeriod: opts.LeaderElectionConfig.RetryPeriod,
ReleaseOnCancel: true,
Callbacks: callbacks,
WatchDog: healthzAdaptor,

60
cmd/controller/app/options/options.go
View File

@ -83,22 +83,22 @@ func AddConfigFlags(fs *pflag.FlagSet, c *config.ControllerConfiguration) {
fs.StringVar(&c.Namespace, "namespace", c.Namespace, ""+
"If set, this limits the scope of cert-manager to a single namespace and ClusterIssuers are disabled. "+
"If not specified, all namespaces will be watched")
fs.BoolVar(&c.LeaderElect, "leader-elect", c.LeaderElect, ""+
fs.BoolVar(&c.LeaderElectionConfig.Enabled, "leader-elect", c.LeaderElectionConfig.Enabled, ""+
"If true, cert-manager will perform leader election between instances to ensure no more "+
"than one instance of cert-manager operates at a time")
fs.StringVar(&c.LeaderElectionNamespace, "leader-election-namespace", c.LeaderElectionNamespace, ""+
fs.StringVar(&c.LeaderElectionConfig.Namespace, "leader-election-namespace", c.LeaderElectionConfig.Namespace, ""+
"Namespace used to perform leader election. Only used if leader election is enabled")
fs.DurationVar(&c.LeaderElectionLeaseDuration, "leader-election-lease-duration", c.LeaderElectionLeaseDuration, ""+
fs.DurationVar(&c.LeaderElectionConfig.LeaseDuration, "leader-election-lease-duration", c.LeaderElectionConfig.LeaseDuration, ""+
"The duration that non-leader candidates will wait after observing a leadership "+
"renewal until attempting to acquire leadership of a led but unrenewed leader "+
"slot. This is effectively the maximum duration that a leader can be stopped "+
"before it is replaced by another candidate. This is only applicable if leader "+
"election is enabled.")
fs.DurationVar(&c.LeaderElectionRenewDeadline, "leader-election-renew-deadline", c.LeaderElectionRenewDeadline, ""+
fs.DurationVar(&c.LeaderElectionConfig.RenewDeadline, "leader-election-renew-deadline", c.LeaderElectionConfig.RenewDeadline, ""+
"The interval between attempts by the acting master to renew a leadership slot "+
"before it stops leading. This must be less than or equal to the lease duration. "+
"This is only applicable if leader election is enabled.")
fs.DurationVar(&c.LeaderElectionRetryPeriod, "leader-election-retry-period", c.LeaderElectionRetryPeriod, ""+
fs.DurationVar(&c.LeaderElectionConfig.RetryPeriod, "leader-election-retry-period", c.LeaderElectionConfig.RetryPeriod, ""+
"The duration the clients should wait between attempting acquisition and renewal "+
"of a leadership. This is only applicable if leader election is enabled.")
@ -109,32 +109,32 @@ func AddConfigFlags(fs *pflag.FlagSet, c *config.ControllerConfiguration) {
"'foo'.\nAll controllers: %s",
strings.Join(defaults.AllControllers, ", ")))
fs.StringVar(&c.ACMEHTTP01Config.SolverImage, "acme-http01-solver-image", c.ACMEHTTP01Config.SolverImage, ""+
"The docker image to use to solve ACME HTTP01 challenges. You most likely will not "+
"need to change this parameter unless you are testing a new feature or developing cert-manager.")
// HTTP-01 solver pod configuration via flags is a now deprecated
// mechanism- please use pod template instead when adding any new
// configuration options
// https://github.com/cert-manager/cert-manager/blob/f1d7c432763100c3fb6eb6a1654d29060b479b3c/pkg/apis/acme/v1/types_issuer.go#L270
// These flags however will not be deprecated for backwards compatibility purposes.
fs.StringVar(&c.ACMEHTTP01SolverImage, "acme-http01-solver-image", c.ACMEHTTP01SolverImage, ""+
"The docker image to use to solve ACME HTTP01 challenges. You most likely will not "+
"need to change this parameter unless you are testing a new feature or developing cert-manager.")
fs.StringVar(&c.ACMEHTTP01SolverResourceRequestCPU, "acme-http01-solver-resource-request-cpu", c.ACMEHTTP01SolverResourceRequestCPU, ""+
fs.StringVar(&c.ACMEHTTP01Config.SolverResourceRequestCPU, "acme-http01-solver-resource-request-cpu", c.ACMEHTTP01Config.SolverResourceRequestCPU, ""+
"Defines the resource request CPU size when spawning new ACME HTTP01 challenge solver pods.")
fs.StringVar(&c.ACMEHTTP01SolverResourceRequestMemory, "acme-http01-solver-resource-request-memory", c.ACMEHTTP01SolverResourceRequestMemory, ""+
fs.StringVar(&c.ACMEHTTP01Config.SolverResourceRequestMemory, "acme-http01-solver-resource-request-memory", c.ACMEHTTP01Config.SolverResourceRequestMemory, ""+
"Defines the resource request Memory size when spawning new ACME HTTP01 challenge solver pods.")
fs.StringVar(&c.ACMEHTTP01SolverResourceLimitsCPU, "acme-http01-solver-resource-limits-cpu", c.ACMEHTTP01SolverResourceLimitsCPU, ""+
fs.StringVar(&c.ACMEHTTP01Config.SolverResourceLimitsCPU, "acme-http01-solver-resource-limits-cpu", c.ACMEHTTP01Config.SolverResourceLimitsCPU, ""+
"Defines the resource limits CPU size when spawning new ACME HTTP01 challenge solver pods.")
fs.StringVar(&c.ACMEHTTP01SolverResourceLimitsMemory, "acme-http01-solver-resource-limits-memory", c.ACMEHTTP01SolverResourceLimitsMemory, ""+
fs.StringVar(&c.ACMEHTTP01Config.SolverResourceLimitsMemory, "acme-http01-solver-resource-limits-memory", c.ACMEHTTP01Config.SolverResourceLimitsMemory, ""+
"Defines the resource limits Memory size when spawning new ACME HTTP01 challenge solver pods.")
fs.BoolVar(&c.ACMEHTTP01SolverRunAsNonRoot, "acme-http01-solver-run-as-non-root", c.ACMEHTTP01SolverRunAsNonRoot, ""+
fs.BoolVar(&c.ACMEHTTP01Config.SolverRunAsNonRoot, "acme-http01-solver-run-as-non-root", c.ACMEHTTP01Config.SolverRunAsNonRoot, ""+
"Defines the ability to run the http01 solver as root for troubleshooting issues")
fs.StringSliceVar(&c.ACMEHTTP01SolverNameservers, "acme-http01-solver-nameservers",
c.ACMEHTTP01SolverNameservers, "A list of comma separated dns server endpoints used for "+
fs.StringSliceVar(&c.ACMEHTTP01Config.SolverNameservers, "acme-http01-solver-nameservers",
c.ACMEHTTP01Config.SolverNameservers, "A list of comma separated dns server endpoints used for "+
"ACME HTTP01 check requests. This should be a list containing host and "+
"port, for example 8.8.8.8:53,8.8.4.4:53")
@ -146,29 +146,31 @@ func AddConfigFlags(fs *pflag.FlagSet, c *config.ControllerConfiguration) {
"Whether an issuer may make use of ambient credentials. 'Ambient Credentials' are credentials drawn from the environment, metadata services, or local files which are not explicitly configured in the Issuer API object. "+
"When this flag is enabled, the following sources for credentials are also used: "+
"AWS - All sources the Go SDK defaults to, notably including any EC2 IAM roles available via instance metadata.")
fs.StringSliceVar(&c.DefaultAutoCertificateAnnotations, "auto-certificate-annotations", c.DefaultAutoCertificateAnnotations, ""+
"The annotation consumed by the ingress-shim controller to indicate a ingress is requesting a certificate")
fs.StringVar(&c.DefaultIssuerName, "default-issuer-name", c.DefaultIssuerName, ""+
fs.StringSliceVar(&c.IngressShimConfig.DefaultAutoCertificateAnnotations, "auto-certificate-annotations", c.IngressShimConfig.DefaultAutoCertificateAnnotations, ""+
"The annotation consumed by the ingress-shim controller to indicate a ingress is requesting a certificate")
fs.StringVar(&c.IngressShimConfig.DefaultIssuerName, "default-issuer-name", c.IngressShimConfig.DefaultIssuerName, ""+
"Name of the Issuer to use when the tls is requested but issuer name is not specified on the ingress resource.")
fs.StringVar(&c.DefaultIssuerKind, "default-issuer-kind", c.DefaultIssuerKind, ""+
fs.StringVar(&c.IngressShimConfig.DefaultIssuerKind, "default-issuer-kind", c.IngressShimConfig.DefaultIssuerKind, ""+
"Kind of the Issuer to use when the tls is requested but issuer kind is not specified on the ingress resource.")
fs.StringVar(&c.DefaultIssuerGroup, "default-issuer-group", c.DefaultIssuerGroup, ""+
fs.StringVar(&c.IngressShimConfig.DefaultIssuerGroup, "default-issuer-group", c.IngressShimConfig.DefaultIssuerGroup, ""+
"Group of the Issuer to use when the tls is requested but issuer group is not specified on the ingress resource.")
fs.StringSliceVar(&c.DNS01RecursiveNameservers, "dns01-recursive-nameservers",
[]string{}, "A list of comma separated dns server endpoints used for DNS01 and DNS-over-HTTPS (DoH) check requests. "+
fs.StringSliceVar(&c.ACMEDNS01Config.RecursiveNameservers, "dns01-recursive-nameservers",
c.ACMEDNS01Config.RecursiveNameservers, "A list of comma separated dns server endpoints used for DNS01 and DNS-over-HTTPS (DoH) check requests. "+
"This should be a list containing entries of the following formats: `<ip address>:<port>` or `https://<DoH RFC 8484 server address>`. "+
"For example: `8.8.8.8:53,8.8.4.4:53` or `https://1.1.1.1/dns-query,https://8.8.8.8/dns-query`. "+
"To make sure ALL DNS requests happen through DoH, `dns01-recursive-nameservers-only` should also be set to true.")
fs.BoolVar(&c.DNS01RecursiveNameserversOnly, "dns01-recursive-nameservers-only",
c.DNS01RecursiveNameserversOnly,
fs.BoolVar(&c.ACMEDNS01Config.RecursiveNameserversOnly, "dns01-recursive-nameservers-only",
c.ACMEDNS01Config.RecursiveNameserversOnly,
"When true, cert-manager will only ever query the configured DNS resolvers "+
"to perform the ACME DNS01 self check. This is useful in DNS constrained "+
"environments, where access to authoritative nameservers is restricted. "+
"Enabling this option could cause the DNS01 self check to take longer "+
"due to caching performed by the recursive nameservers.")
fs.DurationVar(&c.ACMEDNS01Config.CheckRetryPeriod, "dns01-check-retry-period", c.ACMEDNS01Config.CheckRetryPeriod, ""+
"The duration the controller should wait between a propagation check. Despite the name, this flag is used to configure the wait period for both DNS01 and HTTP01 challenge propagation checks. For DNS01 challenges the propagation check verifies that a TXT record with the challenge token has been created. For HTTP01 challenges the propagation check verifies that the challenge token is served at the challenge URL."+
"This should be a valid duration string, for example 180s or 1h")
fs.BoolVar(&c.EnableCertificateOwnerRef, "enable-certificate-owner-ref", c.EnableCertificateOwnerRef, ""+
"Whether to set the certificate resource as an owner of secret where the tls certificate is stored. "+
@ -184,9 +186,6 @@ func AddConfigFlags(fs *pflag.FlagSet, c *config.ControllerConfiguration) {
"The number of concurrent workers for each controller.")
fs.IntVar(&c.MaxConcurrentChallenges, "max-concurrent-challenges", c.MaxConcurrentChallenges, ""+
"The maximum number of challenges that can be scheduled as 'processing' at once.")
fs.DurationVar(&c.DNS01CheckRetryPeriod, "dns01-check-retry-period", c.DNS01CheckRetryPeriod, ""+
"The duration the controller should wait between a propagation check. Despite the name, this flag is used to configure the wait period for both DNS01 and HTTP01 challenge propagation checks. For DNS01 challenges the propagation check verifies that a TXT record with the challenge token has been created. For HTTP01 challenges the propagation check verifies that the challenge token is served at the challenge URL."+
"This should be a valid duration string, for example 180s or 1h")
fs.StringVar(&c.MetricsListenAddress, "metrics-listen-address", c.MetricsListenAddress, ""+
"The host and port that the metrics endpoint should listen on.")
@ -208,7 +207,8 @@ func AddConfigFlags(fs *pflag.FlagSet, c *config.ControllerConfiguration) {
"The host and port that the healthz server should listen on. "+
"The healthz server serves the /livez endpoint, which is called by the LivenessProbe.")
fs.MarkHidden("internal-healthz-listen-address")
fs.DurationVar(&c.HealthzLeaderElectionTimeout, "internal-healthz-leader-election-timeout", c.HealthzLeaderElectionTimeout, ""+
fs.DurationVar(&c.LeaderElectionConfig.HealthzTimeout, "internal-healthz-leader-election-timeout", c.LeaderElectionConfig.HealthzTimeout, ""+
"Leader election healthz checks within this timeout period after the lease expires will still return healthy")
fs.MarkHidden("internal-healthz-leader-election-timeout")

3
cmd/controller/app/options/options_test.go
View File

@ -96,8 +96,7 @@ func TestValidate(t *testing.T) {
for name, test := range tests {
t.Run(name, func(t *testing.T) {
o, _ := NewControllerConfiguration()
o.DNS01RecursiveNameservers = test.DNS01RecursiveServers
//defaults.SetDefaults_ControllerConfiguration(o)
o.ACMEDNS01Config.RecursiveNameservers = test.DNS01RecursiveServers
err := validation.ValidateControllerConfiguration(o)
if test.expError != "" {

3
deploy/charts/cert-manager/values.yaml
View File

@ -129,7 +129,8 @@ config:
# logging:
# verbosity: 2
# format: text
# leaderElectionNamespace: kube-system
# leaderElectionConfig:
# namespace: kube-system
# kubernetesAPIQPS: 9000
# kubernetesAPIBurst: 9000
# numberOfConcurrentWorkers: 200

38
internal/apis/config/controller/fuzzer/fuzzer.go
View File

@ -40,33 +40,33 @@ var Funcs = func(codecs runtimeserializer.CodecFactory) []interface{} {
s.KubernetesAPIBurst = 10
s.ClusterResourceNamespace = "defaultClusterResourceNamespace"
s.Namespace = "defaultNamespace"
s.LeaderElect = true
s.LeaderElectionNamespace = "defaultLeaderElectionNamespace"
s.LeaderElectionLeaseDuration = defaultTime
s.LeaderElectionRenewDeadline = defaultTime
s.LeaderElectionRetryPeriod = defaultTime
s.LeaderElectionConfig.Enabled = true
s.LeaderElectionConfig.Namespace = "defaultLeaderElectionNamespace"
s.LeaderElectionConfig.LeaseDuration = defaultTime
s.LeaderElectionConfig.RenewDeadline = defaultTime
s.LeaderElectionConfig.RetryPeriod = defaultTime
s.Controllers = []string{"*"}
s.ACMEHTTP01SolverImage = "defaultACMEHTTP01SolverImage"
s.ACMEHTTP01SolverResourceRequestCPU = "10m"
s.ACMEHTTP01SolverResourceRequestMemory = "64Mi"
s.ACMEHTTP01SolverResourceLimitsCPU = "100m"
s.ACMEHTTP01SolverResourceLimitsMemory = "64Mi"
s.ACMEHTTP01SolverRunAsNonRoot = true
s.ACMEHTTP01SolverNameservers = []string{"8.8.8.8:53"}
s.ACMEHTTP01Config.SolverImage = "defaultACMEHTTP01SolverImage"
s.ACMEHTTP01Config.SolverResourceRequestCPU = "10m"
s.ACMEHTTP01Config.SolverResourceRequestMemory = "64Mi"
s.ACMEHTTP01Config.SolverResourceLimitsCPU = "100m"
s.ACMEHTTP01Config.SolverResourceLimitsMemory = "64Mi"
s.ACMEHTTP01Config.SolverRunAsNonRoot = true
s.ACMEHTTP01Config.SolverNameservers = []string{"8.8.8.8:53"}
s.ClusterIssuerAmbientCredentials = true
s.IssuerAmbientCredentials = true
s.DefaultIssuerName = "defaultTLSACMEIssuerName"
s.DefaultIssuerKind = "defaultIssuerKind"
s.DefaultIssuerGroup = "defaultTLSACMEIssuerGroup"
s.DefaultAutoCertificateAnnotations = []string{"kubernetes.io/tls-acme"}
s.DNS01RecursiveNameservers = []string{"8.8.8.8:53"}
s.IngressShimConfig.DefaultIssuerName = "defaultTLSACMEIssuerName"
s.IngressShimConfig.DefaultIssuerKind = "defaultIssuerKind"
s.IngressShimConfig.DefaultIssuerGroup = "defaultTLSACMEIssuerGroup"
s.IngressShimConfig.DefaultAutoCertificateAnnotations = []string{"kubernetes.io/tls-acme"}
s.ACMEDNS01Config.RecursiveNameservers = []string{"8.8.8.8:53"}
s.ACMEDNS01Config.RecursiveNameserversOnly = true
s.EnableCertificateOwnerRef = true
s.DNS01RecursiveNameserversOnly = true
s.NumberOfConcurrentWorkers = 1
s.MaxConcurrentChallenges = 1
s.MetricsListenAddress = "0.0.0.0:9402"
s.HealthzListenAddress = "0.0.0.0:9402"
s.HealthzLeaderElectionTimeout = defaultTime
s.LeaderElectionConfig.HealthzTimeout = defaultTime
s.EnablePprof = true
s.PprofAddress = "something:1234"
temp := logs.NewOptions()

251
internal/apis/config/controller/types.go
View File

@ -22,7 +22,6 @@ import (
"k8s.io/component-base/logs"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
//"k8s.io/kubectl/pkg/cmd/logs"
)
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
@ -43,36 +42,16 @@ type ControllerConfiguration struct {
// The maximum burst queries-per-second of requests sent to the Kubernetes apiserver
KubernetesAPIBurst int
// Namespace to store resources owned by cluster scoped resources such as ClusterIssuer in.
ClusterResourceNamespace string
// If set, this limits the scope of cert-manager to a single namespace and
// ClusterIssuers are disabled. If not specified, all namespaces will be
// watched"
Namespace string
// If true, cert-manager will perform leader election between instances to
// ensure no more than one instance of cert-manager operates at a time
LeaderElect bool
// Namespace to store resources owned by cluster scoped resources such as ClusterIssuer in.
ClusterResourceNamespace string
//Namespace used to perform leader election. Only used if leader election is enabled
LeaderElectionNamespace string
// The duration that non-leader candidates will wait after observing a leadership
// renewal until attempting to acquire leadership of a led but unrenewed leader
// slot. This is effectively the maximum duration that a leader can be stopped
// before it is replaced by another candidate. This is only applicable if leader
// election is enabled.
LeaderElectionLeaseDuration time.Duration
// The interval between attempts by the acting master to renew a leadership slot
// before it stops leading. This must be less than or equal to the lease duration.
// This is only applicable if leader election is enabled.
LeaderElectionRenewDeadline time.Duration
// The duration the clients should wait between attempting acquisition and renewal
// of a leadership. This is only applicable if leader election is enabled.
LeaderElectionRetryPeriod time.Duration
// LeaderElectionConfig configures the behaviour of the leader election
LeaderElectionConfig LeaderElectionConfig
// A list of controllers to enable.
// ['*'] enables all controllers,
@ -80,50 +59,6 @@ type ControllerConfiguration struct {
// ['*', '-foo'] disables the controller named foo.
Controllers []string
// HTTP-01 solver pod configuration via flags is a now deprecated
// mechanism- please use pod template instead when adding any new
// configuration options
// https://github.com/cert-manager/cert-manager/blob/f1d7c432763100c3fb6eb6a1654d29060b479b3c/pkg/apis/acme/v1/types_issuer.go#L270
// These flags however will not be deprecated for backwards compatibility purposes.
// The Docker image to use to solve ACME HTTP01 challenges. You most likely
// will not need to change this parameter unless you are testing a new
// feature or developing cert-manager.
ACMEHTTP01SolverImage string
// Defines the resource request CPU size when spawning new ACME HTTP01
// challenge solver pods.
ACMEHTTP01SolverResourceRequestCPU string
//Defines the resource request Memory size when spawning new ACME HTTP01
//challenge solver pods.
ACMEHTTP01SolverResourceRequestMemory string
//Defines the resource limits CPU size when spawning new ACME HTTP01
//challenge solver pods.
ACMEHTTP01SolverResourceLimitsCPU string
// Defines the resource limits Memory size when spawning new ACME HTTP01
// challenge solver pods.
ACMEHTTP01SolverResourceLimitsMemory string
// Defines the ability to run the http01 solver as root for troubleshooting
// issues
ACMEHTTP01SolverRunAsNonRoot bool
// A list of comma separated dns server endpoints used for
// ACME HTTP01 check requests. This should be a list containing host and
// port, for example ["8.8.8.8:53","8.8.4.4:53"]
// Allows specifying a list of custom nameservers to perform HTTP01 checks on.
ACMEHTTP01SolverNameservers []string
// Whether a cluster-issuer may make use of ambient credentials for issuers.
// 'Ambient Credentials' are credentials drawn from the environment, metadata
// services, or local files which are not explicitly configured in the
// ClusterIssuer API object. When this flag is enabled, the following sources
// for credentials are also used: AWS - All sources the Go SDK defaults to,
// notably including any EC2 IAM roles available via instance metadata.
ClusterIssuerAmbientCredentials bool
// Whether an issuer may make use of ambient credentials. 'Ambient
// Credentials' are credentials drawn from the environment, metadata services,
// or local files which are not explicitly configured in the Issuer API
@ -132,6 +67,97 @@ type ControllerConfiguration struct {
// notably including any EC2 IAM roles available via instance metadata.
IssuerAmbientCredentials bool
// Whether a cluster-issuer may make use of ambient credentials for issuers.
// 'Ambient Credentials' are credentials drawn from the environment, metadata
// services, or local files which are not explicitly configured in the
// ClusterIssuer API object. When this flag is enabled, the following sources
// for credentials are also used: AWS - All sources the Go SDK defaults to,
// notably including any EC2 IAM roles available via instance metadata.
ClusterIssuerAmbientCredentials bool
// Whether to set the certificate resource as an owner of secret where the
// tls certificate is stored. When this flag is enabled, the secret will be
// automatically removed when the certificate resource is deleted.
EnableCertificateOwnerRef bool
// Specify which annotations should/shouldn't be copied from Certificate to
// CertificateRequest and Order, as well as from CertificateSigningRequest to
// Order, by passing a list of annotation key prefixes. A prefix starting with
// a dash(-) specifies an annotation that shouldn't be copied. Example:
// '*,-kubectl.kuberenetes.io/'- all annotations will be copied apart from the
// ones where the key is prefixed with 'kubectl.kubernetes.io/'.
CopiedAnnotationPrefixes []string
// The number of concurrent workers for each controller.
NumberOfConcurrentWorkers int
// The maximum number of challenges that can be scheduled as 'processing' at once.
MaxConcurrentChallenges int
// The host and port that the metrics endpoint should listen on.
MetricsListenAddress string
// The host and port address, separated by a ':', that the healthz server
// should listen on.
HealthzListenAddress string
// Enable profiling for controller.
EnablePprof bool
// The host and port that Go profiler should listen on, i.e localhost:6060.
// Ensure that profiler is not exposed on a public address. Profiler will be
// served at /debug/pprof.
PprofAddress string
// https://pkg.go.dev/k8s.io/component-base@v0.27.3/logs/api/v1#LoggingConfiguration
Logging logs.Options
// featureGates is a map of feature names to bools that enable or disable experimental
// features.
// Default: nil
// +optional
FeatureGates map[string]bool
// IngressShimConfig configures the behaviour of the ingress-shim controller
IngressShimConfig IngressShimConfig
// ACMEHTTP01Config configures the behaviour of the ACME HTTP01 challenge solver
ACMEHTTP01Config ACMEHTTP01Config
// ACMEDNS01Config configures the behaviour of the ACME DNS01 challenge solver
ACMEDNS01Config ACMEDNS01Config
}
type LeaderElectionConfig struct {
// If true, cert-manager will perform leader election between instances to
// ensure no more than one instance of cert-manager operates at a time
Enabled bool
// Namespace used to perform leader election. Only used if leader election is enabled
Namespace string
// The duration that non-leader candidates will wait after observing a leadership
// renewal until attempting to acquire leadership of a led but unrenewed leader
// slot. This is effectively the maximum duration that a leader can be stopped
// before it is replaced by another candidate. This is only applicable if leader
// election is enabled.
LeaseDuration time.Duration
// The interval between attempts by the acting master to renew a leadership slot
// before it stops leading. This must be less than or equal to the lease duration.
// This is only applicable if leader election is enabled.
RenewDeadline time.Duration
// The duration the clients should wait between attempting acquisition and renewal
// of a leadership. This is only applicable if leader election is enabled.
RetryPeriod time.Duration
// Leader election healthz checks within this timeout period after the lease
// expires will still return healthy.
HealthzTimeout time.Duration
}
type IngressShimConfig struct {
// Default issuer/certificates details consumed by ingress-shim
// Name of the Issuer to use when the tls is requested but issuer name is
// not specified on the ingress resource.
@ -148,52 +174,55 @@ type ControllerConfiguration struct {
// The annotation consumed by the ingress-shim controller to indicate a ingress
// is requesting a certificate
DefaultAutoCertificateAnnotations []string
}
type ACMEHTTP01Config struct {
// The Docker image to use to solve ACME HTTP01 challenges. You most likely
// will not need to change this parameter unless you are testing a new
// feature or developing cert-manager.
SolverImage string
// Defines the resource request CPU size when spawning new ACME HTTP01
// challenge solver pods.
SolverResourceRequestCPU string
// Defines the resource request Memory size when spawning new ACME HTTP01
// challenge solver pods.
SolverResourceRequestMemory string
// Defines the resource limits CPU size when spawning new ACME HTTP01
// challenge solver pods.
SolverResourceLimitsCPU string
// Defines the resource limits Memory size when spawning new ACME HTTP01
// challenge solver pods.
SolverResourceLimitsMemory string
// Defines the ability to run the http01 solver as root for troubleshooting
// issues
SolverRunAsNonRoot bool
// A list of comma separated dns server endpoints used for
// ACME HTTP01 check requests. This should be a list containing host and
// port, for example ["8.8.8.8:53","8.8.4.4:53"]
// Allows specifying a list of custom nameservers to perform HTTP01 checks on.
SolverNameservers []string
}
type ACMEDNS01Config struct {
// Each nameserver can be either the IP address and port of a standard
// recursive DNS server, or the endpoint to an RFC 8484 DNS over HTTPS
// endpoint. For example, the following values are valid:
// - "8.8.8.8:53" (Standard DNS)
// - "https://1.1.1.1/dns-query" (DNS over HTTPS)
DNS01RecursiveNameservers []string
RecursiveNameservers []string
// When true, cert-manager will only ever query the configured DNS resolvers
// to perform the ACME DNS01 self check. This is useful in DNS constrained
// environments, where access to authoritative nameservers is restricted.
// Enabling this option could cause the DNS01 self check to take longer
// due to caching performed by the recursive nameservers.
DNS01RecursiveNameserversOnly bool
// Whether to set the certificate resource as an owner of secret where the
// tls certificate is stored. When this flag is enabled, the secret will be
// automatically removed when the certificate resource is deleted.
EnableCertificateOwnerRef bool
// The number of concurrent workers for each controller.
NumberOfConcurrentWorkers int
// The maximum number of challenges that can be scheduled as 'processing' at once.
MaxConcurrentChallenges int
// The host and port that the metrics endpoint should listen on.
MetricsListenAddress string
// The host and port address, separated by a ':', that the healthz server
// should listen on.
HealthzListenAddress string
// Leader election healthz checks within this timeout period after the lease
// expires will still return healthy.
HealthzLeaderElectionTimeout time.Duration
// The host and port that Go profiler should listen on, i.e localhost:6060.
// Ensure that profiler is not exposed on a public address. Profiler will be
// served at /debug/pprof.
PprofAddress string
// Enable profiling for controller.
EnablePprof bool
Logging logs.Options
RecursiveNameserversOnly bool
// The duration the controller should wait between a propagation check. Despite
// the name, this flag is used to configure the wait period for both DNS01 and
@ -202,19 +231,5 @@ type ControllerConfiguration struct {
// For HTTP01 challenges the propagation check verifies that the challenge
// token is served at the challenge URL. This should be a valid duration
// string, for example 180s or 1h
DNS01CheckRetryPeriod time.Duration
// Specify which annotations should/shouldn't be copied from Certificate to
// CertificateRequest and Order, as well as from CertificateSigningRequest to
// Order, by passing a list of annotation key prefixes. A prefix starting with
// a dash(-) specifies an annotation that shouldn't be copied. Example:
// '*,-kubectl.kuberenetes.io/'- all annotations will be copied apart from the
// ones where the key is prefixed with 'kubectl.kubernetes.io/'.
CopiedAnnotationPrefixes []string
// featureGates is a map of feature names to bools that enable or disable experimental
// features.
// Default: nil
// +optional
FeatureGates map[string]bool
CheckRetryPeriod time.Duration
}

173
internal/apis/config/controller/v1alpha1/defaults.go
View File

@ -83,6 +83,7 @@ var (
defaultDNS01RecursiveNameserversOnly = false
defaultDNS01RecursiveNameservers = []string{}
defaultDNS01CheckRetryPeriod = 10 * time.Second
defaultNumberOfConcurrentWorkers int32 = 5
defaultMaxConcurrentChallenges int32 = 60
@ -96,7 +97,6 @@ var (
defaultHealthzLeaderElectionTimeout = 20 * time.Second
// default time period to wait between checking DNS01 and HTTP01 challenge propagation
defaultDNS01CheckRetryPeriod = 10 * time.Second
defaultACMEHTTP01SolverImage = fmt.Sprintf("quay.io/jetstack/cert-manager-acmesolver:%s", util.AppVersion)
defaultACMEHTTP01SolverResourceRequestCPU = "10m"
defaultACMEHTTP01SolverResourceRequestMemory = "64Mi"
@ -191,101 +191,32 @@ func SetDefaults_ControllerConfiguration(obj *v1alpha1.ControllerConfiguration)
obj.KubernetesAPIBurst = &defaultKubernetesAPIBurst
}
if obj.ClusterResourceNamespace == "" {
obj.ClusterResourceNamespace = defaultClusterResourceNamespace
}
if obj.Namespace == "" {
obj.Namespace = defaultNamespace
}
if obj.LeaderElect == nil {
obj.LeaderElect = &defaultLeaderElect
}
if obj.LeaderElectionNamespace == "" {
obj.LeaderElectionNamespace = defaultLeaderElectionNamespace
}
// TODO: Does it make sense to have a duration of 0?
if obj.LeaderElectionLeaseDuration == time.Duration(0) {
obj.LeaderElectionLeaseDuration = defaultLeaderElectionLeaseDuration
}
if obj.LeaderElectionRenewDeadline == time.Duration(0) {
obj.LeaderElectionRenewDeadline = defaultLeaderElectionRenewDeadline
}
if obj.LeaderElectionRetryPeriod == time.Duration(0) {
obj.LeaderElectionRetryPeriod = defaultLeaderElectionRetryPeriod
if obj.ClusterResourceNamespace == "" {
obj.ClusterResourceNamespace = defaultClusterResourceNamespace
}
if len(obj.Controllers) == 0 {
obj.Controllers = []string{"*"}
}
if obj.ACMEHTTP01SolverImage == "" {
obj.ACMEHTTP01SolverImage = defaultACMEHTTP01SolverImage
}
if obj.ACMEHTTP01SolverResourceRequestCPU == "" {
obj.ACMEHTTP01SolverResourceRequestCPU = defaultACMEHTTP01SolverResourceRequestCPU
}
if obj.ACMEHTTP01SolverResourceRequestMemory == "" {
obj.ACMEHTTP01SolverResourceRequestMemory = defaultACMEHTTP01SolverResourceRequestMemory
}
if obj.ACMEHTTP01SolverResourceLimitsCPU == "" {
obj.ACMEHTTP01SolverResourceLimitsCPU = defaultACMEHTTP01SolverResourceLimitsCPU
}
if obj.ACMEHTTP01SolverResourceLimitsMemory == "" {
obj.ACMEHTTP01SolverResourceLimitsMemory = defaultACMEHTTP01SolverResourceLimitsMemory
}
if obj.ACMEHTTP01SolverRunAsNonRoot == nil {
obj.ACMEHTTP01SolverRunAsNonRoot = &defaultACMEHTTP01SolverRunAsNonRoot
}
if len(obj.ACMEHTTP01SolverNameservers) == 0 {
obj.ACMEHTTP01SolverNameservers = defaultACMEHTTP01SolverNameservers
if obj.IssuerAmbientCredentials == nil {
obj.IssuerAmbientCredentials = &defaultIssuerAmbientCredentials
}
if obj.ClusterIssuerAmbientCredentials == nil {
obj.ClusterIssuerAmbientCredentials = &defaultClusterIssuerAmbientCredentials
}
if obj.IssuerAmbientCredentials == nil {
obj.IssuerAmbientCredentials = &defaultIssuerAmbientCredentials
}
if obj.DefaultIssuerName == "" {
obj.DefaultIssuerName = defaultTLSACMEIssuerName
}
if obj.DefaultIssuerKind == "" {
obj.DefaultIssuerKind = defaultTLSACMEIssuerKind
}
if obj.DefaultIssuerGroup == "" {
obj.DefaultIssuerGroup = defaultTLSACMEIssuerGroup
}
if len(obj.DefaultAutoCertificateAnnotations) == 0 {
obj.DefaultAutoCertificateAnnotations = defaultAutoCertificateAnnotations
}
if len(obj.DNS01RecursiveNameservers) == 0 {
obj.DNS01RecursiveNameservers = defaultDNS01RecursiveNameservers
}
if obj.EnableCertificateOwnerRef == nil {
obj.EnableCertificateOwnerRef = &defaultEnableCertificateOwnerRef
}
if obj.DNS01RecursiveNameserversOnly == nil {
obj.DNS01RecursiveNameserversOnly = &defaultDNS01RecursiveNameserversOnly
if len(obj.CopiedAnnotationPrefixes) == 0 {
obj.CopiedAnnotationPrefixes = defaultCopiedAnnotationPrefixes
}
if obj.NumberOfConcurrentWorkers == nil {
@ -310,15 +241,99 @@ func SetDefaults_ControllerConfiguration(obj *v1alpha1.ControllerConfiguration)
if obj.PprofAddress == "" {
obj.PprofAddress = defaultProfilerAddr
}
if obj.Logging == nil {
obj.Logging = defaultLogging
}
}
if len(obj.CopiedAnnotationPrefixes) == 0 {
obj.CopiedAnnotationPrefixes = defaultCopiedAnnotationPrefixes
func SetDefaults_LeaderElectionConfig(obj *v1alpha1.LeaderElectionConfig) {
if obj.Enabled == nil {
obj.Enabled = &defaultLeaderElect
}
if obj.Namespace == "" {
obj.Namespace = defaultLeaderElectionNamespace
}
// TODO: Does it make sense to have a duration of 0?
if obj.LeaseDuration == time.Duration(0) {
obj.LeaseDuration = defaultLeaderElectionLeaseDuration
}
if obj.RenewDeadline == time.Duration(0) {
obj.RenewDeadline = defaultLeaderElectionRenewDeadline
}
if obj.RetryPeriod == time.Duration(0) {
obj.RetryPeriod = defaultLeaderElectionRetryPeriod
}
if obj.HealthzTimeout == time.Duration(0) {
obj.HealthzTimeout = defaultHealthzLeaderElectionTimeout
}
}
func SetDefaults_IngressShimConfig(obj *v1alpha1.IngressShimConfig) {
if obj.DefaultIssuerName == "" {
obj.DefaultIssuerName = defaultTLSACMEIssuerName
}
if obj.DefaultIssuerKind == "" {
obj.DefaultIssuerKind = defaultTLSACMEIssuerKind
}
if obj.DefaultIssuerGroup == "" {
obj.DefaultIssuerGroup = defaultTLSACMEIssuerGroup
}
if len(obj.DefaultAutoCertificateAnnotations) == 0 {
obj.DefaultAutoCertificateAnnotations = defaultAutoCertificateAnnotations
}
}
func SetDefaults_ACMEHTTP01Config(obj *v1alpha1.ACMEHTTP01Config) {
if obj.SolverImage == "" {
obj.SolverImage = defaultACMEHTTP01SolverImage
}
if obj.SolverResourceRequestCPU == "" {
obj.SolverResourceRequestCPU = defaultACMEHTTP01SolverResourceRequestCPU
}
if obj.SolverResourceRequestMemory == "" {
obj.SolverResourceRequestMemory = defaultACMEHTTP01SolverResourceRequestMemory
}
if obj.SolverResourceLimitsCPU == "" {
obj.SolverResourceLimitsCPU = defaultACMEHTTP01SolverResourceLimitsCPU
}
if obj.SolverResourceLimitsMemory == "" {
obj.SolverResourceLimitsMemory = defaultACMEHTTP01SolverResourceLimitsMemory
}
if obj.SolverRunAsNonRoot == nil {
obj.SolverRunAsNonRoot = &defaultACMEHTTP01SolverRunAsNonRoot
}
if len(obj.SolverNameservers) == 0 {
obj.SolverNameservers = defaultACMEHTTP01SolverNameservers
}
}
func SetDefaults_ACMEDNS01Config(obj *v1alpha1.ACMEDNS01Config) {
if len(obj.RecursiveNameservers) == 0 {
obj.RecursiveNameservers = defaultDNS01RecursiveNameservers
}
if obj.RecursiveNameserversOnly == nil {
obj.RecursiveNameserversOnly = &defaultDNS01RecursiveNameserversOnly
}
if obj.CheckRetryPeriod == time.Duration(0) {
obj.CheckRetryPeriod = defaultDNS01CheckRetryPeriod
}
}

264
internal/apis/config/controller/v1alpha1/zz_generated.conversion.go
View File

@ -26,7 +26,7 @@ import (
unsafe "unsafe"
controller "github.com/cert-manager/cert-manager/internal/apis/config/controller"
controllerv1alpha1 "github.com/cert-manager/cert-manager/pkg/apis/config/controller/v1alpha1"
v1alpha1 "github.com/cert-manager/cert-manager/pkg/apis/config/controller/v1alpha1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
conversion "k8s.io/apimachinery/pkg/conversion"
runtime "k8s.io/apimachinery/pkg/runtime"
@ -40,6 +40,46 @@ func init() {
// RegisterConversions adds conversion functions to the given scheme.
// Public to allow building arbitrary schemes.
func RegisterConversions(s *runtime.Scheme) error {
if err := s.AddGeneratedConversionFunc((*v1alpha1.ACMEDNS01Config)(nil), (*controller.ACMEDNS01Config)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1alpha1_ACMEDNS01Config_To_controller_ACMEDNS01Config(a.(*v1alpha1.ACMEDNS01Config), b.(*controller.ACMEDNS01Config), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*controller.ACMEDNS01Config)(nil), (*v1alpha1.ACMEDNS01Config)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_controller_ACMEDNS01Config_To_v1alpha1_ACMEDNS01Config(a.(*controller.ACMEDNS01Config), b.(*v1alpha1.ACMEDNS01Config), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*v1alpha1.ACMEHTTP01Config)(nil), (*controller.ACMEHTTP01Config)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1alpha1_ACMEHTTP01Config_To_controller_ACMEHTTP01Config(a.(*v1alpha1.ACMEHTTP01Config), b.(*controller.ACMEHTTP01Config), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*controller.ACMEHTTP01Config)(nil), (*v1alpha1.ACMEHTTP01Config)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_controller_ACMEHTTP01Config_To_v1alpha1_ACMEHTTP01Config(a.(*controller.ACMEHTTP01Config), b.(*v1alpha1.ACMEHTTP01Config), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*v1alpha1.IngressShimConfig)(nil), (*controller.IngressShimConfig)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1alpha1_IngressShimConfig_To_controller_IngressShimConfig(a.(*v1alpha1.IngressShimConfig), b.(*controller.IngressShimConfig), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*controller.IngressShimConfig)(nil), (*v1alpha1.IngressShimConfig)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_controller_IngressShimConfig_To_v1alpha1_IngressShimConfig(a.(*controller.IngressShimConfig), b.(*v1alpha1.IngressShimConfig), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*v1alpha1.LeaderElectionConfig)(nil), (*controller.LeaderElectionConfig)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1alpha1_LeaderElectionConfig_To_controller_LeaderElectionConfig(a.(*v1alpha1.LeaderElectionConfig), b.(*controller.LeaderElectionConfig), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*controller.LeaderElectionConfig)(nil), (*v1alpha1.LeaderElectionConfig)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_controller_LeaderElectionConfig_To_v1alpha1_LeaderElectionConfig(a.(*controller.LeaderElectionConfig), b.(*v1alpha1.LeaderElectionConfig), scope)
}); err != nil {
return err
}
if err := s.AddConversionFunc((**float32)(nil), (*float32)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_Pointer_float32_To_float32(a.(**float32), b.(*float32), scope)
}); err != nil {
@ -55,8 +95,8 @@ func RegisterConversions(s *runtime.Scheme) error {
}); err != nil {
return err
}
if err := s.AddConversionFunc((*controller.ControllerConfiguration)(nil), (*controllerv1alpha1.ControllerConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_controller_ControllerConfiguration_To_v1alpha1_ControllerConfiguration(a.(*controller.ControllerConfiguration), b.(*controllerv1alpha1.ControllerConfiguration), scope)
if err := s.AddConversionFunc((*controller.ControllerConfiguration)(nil), (*v1alpha1.ControllerConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_controller_ControllerConfiguration_To_v1alpha1_ControllerConfiguration(a.(*controller.ControllerConfiguration), b.(*v1alpha1.ControllerConfiguration), scope)
}); err != nil {
return err
}
@ -75,59 +115,103 @@ func RegisterConversions(s *runtime.Scheme) error {
}); err != nil {
return err
}
if err := s.AddConversionFunc((*controllerv1alpha1.ControllerConfiguration)(nil), (*controller.ControllerConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1alpha1_ControllerConfiguration_To_controller_ControllerConfiguration(a.(*controllerv1alpha1.ControllerConfiguration), b.(*controller.ControllerConfiguration), scope)
if err := s.AddConversionFunc((*v1alpha1.ControllerConfiguration)(nil), (*controller.ControllerConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1alpha1_ControllerConfiguration_To_controller_ControllerConfiguration(a.(*v1alpha1.ControllerConfiguration), b.(*controller.ControllerConfiguration), scope)
}); err != nil {
return err
}
return nil
}
func autoConvert_v1alpha1_ControllerConfiguration_To_controller_ControllerConfiguration(in *controllerv1alpha1.ControllerConfiguration, out *controller.ControllerConfiguration, s conversion.Scope) error {
out.APIServerHost = in.APIServerHost
func autoConvert_v1alpha1_ACMEDNS01Config_To_controller_ACMEDNS01Config(in *v1alpha1.ACMEDNS01Config, out *controller.ACMEDNS01Config, s conversion.Scope) error {
out.RecursiveNameservers = *(*[]string)(unsafe.Pointer(&in.RecursiveNameservers))
if err := metav1.Convert_Pointer_bool_To_bool(&in.RecursiveNameserversOnly, &out.RecursiveNameserversOnly, s); err != nil {
return err
}
out.CheckRetryPeriod = time.Duration(in.CheckRetryPeriod)
return nil
}
// Convert_v1alpha1_ACMEDNS01Config_To_controller_ACMEDNS01Config is an autogenerated conversion function.
func Convert_v1alpha1_ACMEDNS01Config_To_controller_ACMEDNS01Config(in *v1alpha1.ACMEDNS01Config, out *controller.ACMEDNS01Config, s conversion.Scope) error {
return autoConvert_v1alpha1_ACMEDNS01Config_To_controller_ACMEDNS01Config(in, out, s)
}
func autoConvert_controller_ACMEDNS01Config_To_v1alpha1_ACMEDNS01Config(in *controller.ACMEDNS01Config, out *v1alpha1.ACMEDNS01Config, s conversion.Scope) error {
out.RecursiveNameservers = *(*[]string)(unsafe.Pointer(&in.RecursiveNameservers))
if err := metav1.Convert_bool_To_Pointer_bool(&in.RecursiveNameserversOnly, &out.RecursiveNameserversOnly, s); err != nil {
return err
}
out.CheckRetryPeriod = time.Duration(in.CheckRetryPeriod)
return nil
}
// Convert_controller_ACMEDNS01Config_To_v1alpha1_ACMEDNS01Config is an autogenerated conversion function.
func Convert_controller_ACMEDNS01Config_To_v1alpha1_ACMEDNS01Config(in *controller.ACMEDNS01Config, out *v1alpha1.ACMEDNS01Config, s conversion.Scope) error {
return autoConvert_controller_ACMEDNS01Config_To_v1alpha1_ACMEDNS01Config(in, out, s)
}
func autoConvert_v1alpha1_ACMEHTTP01Config_To_controller_ACMEHTTP01Config(in *v1alpha1.ACMEHTTP01Config, out *controller.ACMEHTTP01Config, s conversion.Scope) error {
out.SolverImage = in.SolverImage
out.SolverResourceRequestCPU = in.SolverResourceRequestCPU
out.SolverResourceRequestMemory = in.SolverResourceRequestMemory
out.SolverResourceLimitsCPU = in.SolverResourceLimitsCPU
out.SolverResourceLimitsMemory = in.SolverResourceLimitsMemory
if err := metav1.Convert_Pointer_bool_To_bool(&in.SolverRunAsNonRoot, &out.SolverRunAsNonRoot, s); err != nil {
return err
}
out.SolverNameservers = *(*[]string)(unsafe.Pointer(&in.SolverNameservers))
return nil
}
// Convert_v1alpha1_ACMEHTTP01Config_To_controller_ACMEHTTP01Config is an autogenerated conversion function.
func Convert_v1alpha1_ACMEHTTP01Config_To_controller_ACMEHTTP01Config(in *v1alpha1.ACMEHTTP01Config, out *controller.ACMEHTTP01Config, s conversion.Scope) error {
return autoConvert_v1alpha1_ACMEHTTP01Config_To_controller_ACMEHTTP01Config(in, out, s)
}
func autoConvert_controller_ACMEHTTP01Config_To_v1alpha1_ACMEHTTP01Config(in *controller.ACMEHTTP01Config, out *v1alpha1.ACMEHTTP01Config, s conversion.Scope) error {
out.SolverImage = in.SolverImage
out.SolverResourceRequestCPU = in.SolverResourceRequestCPU
out.SolverResourceRequestMemory = in.SolverResourceRequestMemory
out.SolverResourceLimitsCPU = in.SolverResourceLimitsCPU
out.SolverResourceLimitsMemory = in.SolverResourceLimitsMemory
if err := metav1.Convert_bool_To_Pointer_bool(&in.SolverRunAsNonRoot, &out.SolverRunAsNonRoot, s); err != nil {
return err
}
out.SolverNameservers = *(*[]string)(unsafe.Pointer(&in.SolverNameservers))
return nil
}
// Convert_controller_ACMEHTTP01Config_To_v1alpha1_ACMEHTTP01Config is an autogenerated conversion function.
func Convert_controller_ACMEHTTP01Config_To_v1alpha1_ACMEHTTP01Config(in *controller.ACMEHTTP01Config, out *v1alpha1.ACMEHTTP01Config, s conversion.Scope) error {
return autoConvert_controller_ACMEHTTP01Config_To_v1alpha1_ACMEHTTP01Config(in, out, s)
}
func autoConvert_v1alpha1_ControllerConfiguration_To_controller_ControllerConfiguration(in *v1alpha1.ControllerConfiguration, out *controller.ControllerConfiguration, s conversion.Scope) error {
out.KubeConfig = in.KubeConfig
out.APIServerHost = in.APIServerHost
if err := Convert_Pointer_float32_To_float32(&in.KubernetesAPIQPS, &out.KubernetesAPIQPS, s); err != nil {
return err
}
if err := Convert_Pointer_int32_To_int(&in.KubernetesAPIBurst, &out.KubernetesAPIBurst, s); err != nil {
return err
}
out.ClusterResourceNamespace = in.ClusterResourceNamespace
out.Namespace = in.Namespace
if err := metav1.Convert_Pointer_bool_To_bool(&in.LeaderElect, &out.LeaderElect, s); err != nil {
out.ClusterResourceNamespace = in.ClusterResourceNamespace
if err := Convert_v1alpha1_LeaderElectionConfig_To_controller_LeaderElectionConfig(&in.LeaderElectionConfig, &out.LeaderElectionConfig, s); err != nil {
return err
}
out.LeaderElectionNamespace = in.LeaderElectionNamespace
out.LeaderElectionLeaseDuration = time.Duration(in.LeaderElectionLeaseDuration)
out.LeaderElectionRenewDeadline = time.Duration(in.LeaderElectionRenewDeadline)
out.LeaderElectionRetryPeriod = time.Duration(in.LeaderElectionRetryPeriod)
out.Controllers = *(*[]string)(unsafe.Pointer(&in.Controllers))
out.ACMEHTTP01SolverImage = in.ACMEHTTP01SolverImage
out.ACMEHTTP01SolverResourceRequestCPU = in.ACMEHTTP01SolverResourceRequestCPU
out.ACMEHTTP01SolverResourceRequestMemory = in.ACMEHTTP01SolverResourceRequestMemory
out.ACMEHTTP01SolverResourceLimitsCPU = in.ACMEHTTP01SolverResourceLimitsCPU
out.ACMEHTTP01SolverResourceLimitsMemory = in.ACMEHTTP01SolverResourceLimitsMemory
if err := metav1.Convert_Pointer_bool_To_bool(&in.ACMEHTTP01SolverRunAsNonRoot, &out.ACMEHTTP01SolverRunAsNonRoot, s); err != nil {
return err
}
out.ACMEHTTP01SolverNameservers = *(*[]string)(unsafe.Pointer(&in.ACMEHTTP01SolverNameservers))
if err := metav1.Convert_Pointer_bool_To_bool(&in.ClusterIssuerAmbientCredentials, &out.ClusterIssuerAmbientCredentials, s); err != nil {
return err
}
if err := metav1.Convert_Pointer_bool_To_bool(&in.IssuerAmbientCredentials, &out.IssuerAmbientCredentials, s); err != nil {
return err
}
out.DefaultIssuerName = in.DefaultIssuerName
out.DefaultIssuerKind = in.DefaultIssuerKind
out.DefaultIssuerGroup = in.DefaultIssuerGroup
out.DefaultAutoCertificateAnnotations = *(*[]string)(unsafe.Pointer(&in.DefaultAutoCertificateAnnotations))
out.DNS01RecursiveNameservers = *(*[]string)(unsafe.Pointer(&in.DNS01RecursiveNameservers))
if err := metav1.Convert_Pointer_bool_To_bool(&in.DNS01RecursiveNameserversOnly, &out.DNS01RecursiveNameserversOnly, s); err != nil {
if err := metav1.Convert_Pointer_bool_To_bool(&in.ClusterIssuerAmbientCredentials, &out.ClusterIssuerAmbientCredentials, s); err != nil {
return err
}
if err := metav1.Convert_Pointer_bool_To_bool(&in.EnableCertificateOwnerRef, &out.EnableCertificateOwnerRef, s); err != nil {
return err
}
out.CopiedAnnotationPrefixes = *(*[]string)(unsafe.Pointer(&in.CopiedAnnotationPrefixes))
if err := Convert_Pointer_int32_To_int(&in.NumberOfConcurrentWorkers, &out.NumberOfConcurrentWorkers, s); err != nil {
return err
}
@ -136,21 +220,27 @@ func autoConvert_v1alpha1_ControllerConfiguration_To_controller_ControllerConfig
}
out.MetricsListenAddress = in.MetricsListenAddress
out.HealthzListenAddress = in.HealthzListenAddress
out.HealthzLeaderElectionTimeout = time.Duration(in.HealthzLeaderElectionTimeout)
out.PprofAddress = in.PprofAddress
if err := metav1.Convert_Pointer_bool_To_bool(&in.EnablePprof, &out.EnablePprof, s); err != nil {
return err
}
out.PprofAddress = in.PprofAddress
if err := Convert_Pointer_v1_LoggingConfiguration_To_v1_LoggingConfiguration(&in.Logging, &out.Logging, s); err != nil {
return err
}
out.DNS01CheckRetryPeriod = time.Duration(in.DNS01CheckRetryPeriod)
out.CopiedAnnotationPrefixes = *(*[]string)(unsafe.Pointer(&in.CopiedAnnotationPrefixes))
out.FeatureGates = *(*map[string]bool)(unsafe.Pointer(&in.FeatureGates))
if err := Convert_v1alpha1_IngressShimConfig_To_controller_IngressShimConfig(&in.IngressShimConfig, &out.IngressShimConfig, s); err != nil {
return err
}
if err := Convert_v1alpha1_ACMEHTTP01Config_To_controller_ACMEHTTP01Config(&in.ACMEHTTP01Config, &out.ACMEHTTP01Config, s); err != nil {
return err
}
if err := Convert_v1alpha1_ACMEDNS01Config_To_controller_ACMEDNS01Config(&in.ACMEDNS01Config, &out.ACMEDNS01Config, s); err != nil {
return err
}
return nil
}
func autoConvert_controller_ControllerConfiguration_To_v1alpha1_ControllerConfiguration(in *controller.ControllerConfiguration, out *controllerv1alpha1.ControllerConfiguration, s conversion.Scope) error {
func autoConvert_controller_ControllerConfiguration_To_v1alpha1_ControllerConfiguration(in *controller.ControllerConfiguration, out *v1alpha1.ControllerConfiguration, s conversion.Scope) error {
out.APIServerHost = in.APIServerHost
out.KubeConfig = in.KubeConfig
if err := Convert_float32_To_Pointer_float32(&in.KubernetesAPIQPS, &out.KubernetesAPIQPS, s); err != nil {
@ -159,42 +249,22 @@ func autoConvert_controller_ControllerConfiguration_To_v1alpha1_ControllerConfig
if err := Convert_int_To_Pointer_int32(&in.KubernetesAPIBurst, &out.KubernetesAPIBurst, s); err != nil {
return err
}
out.ClusterResourceNamespace = in.ClusterResourceNamespace
out.Namespace = in.Namespace
if err := metav1.Convert_bool_To_Pointer_bool(&in.LeaderElect, &out.LeaderElect, s); err != nil {
out.ClusterResourceNamespace = in.ClusterResourceNamespace
if err := Convert_controller_LeaderElectionConfig_To_v1alpha1_LeaderElectionConfig(&in.LeaderElectionConfig, &out.LeaderElectionConfig, s); err != nil {
return err
}
out.LeaderElectionNamespace = in.LeaderElectionNamespace
out.LeaderElectionLeaseDuration = time.Duration(in.LeaderElectionLeaseDuration)
out.LeaderElectionRenewDeadline = time.Duration(in.LeaderElectionRenewDeadline)
out.LeaderElectionRetryPeriod = time.Duration(in.LeaderElectionRetryPeriod)
out.Controllers = *(*[]string)(unsafe.Pointer(&in.Controllers))
out.ACMEHTTP01SolverImage = in.ACMEHTTP01SolverImage
out.ACMEHTTP01SolverResourceRequestCPU = in.ACMEHTTP01SolverResourceRequestCPU
out.ACMEHTTP01SolverResourceRequestMemory = in.ACMEHTTP01SolverResourceRequestMemory
out.ACMEHTTP01SolverResourceLimitsCPU = in.ACMEHTTP01SolverResourceLimitsCPU
out.ACMEHTTP01SolverResourceLimitsMemory = in.ACMEHTTP01SolverResourceLimitsMemory
if err := metav1.Convert_bool_To_Pointer_bool(&in.ACMEHTTP01SolverRunAsNonRoot, &out.ACMEHTTP01SolverRunAsNonRoot, s); err != nil {
return err
}
out.ACMEHTTP01SolverNameservers = *(*[]string)(unsafe.Pointer(&in.ACMEHTTP01SolverNameservers))
if err := metav1.Convert_bool_To_Pointer_bool(&in.ClusterIssuerAmbientCredentials, &out.ClusterIssuerAmbientCredentials, s); err != nil {
return err
}
if err := metav1.Convert_bool_To_Pointer_bool(&in.IssuerAmbientCredentials, &out.IssuerAmbientCredentials, s); err != nil {
return err
}
out.DefaultIssuerName = in.DefaultIssuerName
out.DefaultIssuerKind = in.DefaultIssuerKind
out.DefaultIssuerGroup = in.DefaultIssuerGroup
out.DefaultAutoCertificateAnnotations = *(*[]string)(unsafe.Pointer(&in.DefaultAutoCertificateAnnotations))
out.DNS01RecursiveNameservers = *(*[]string)(unsafe.Pointer(&in.DNS01RecursiveNameservers))
if err := metav1.Convert_bool_To_Pointer_bool(&in.DNS01RecursiveNameserversOnly, &out.DNS01RecursiveNameserversOnly, s); err != nil {
if err := metav1.Convert_bool_To_Pointer_bool(&in.ClusterIssuerAmbientCredentials, &out.ClusterIssuerAmbientCredentials, s); err != nil {
return err
}
if err := metav1.Convert_bool_To_Pointer_bool(&in.EnableCertificateOwnerRef, &out.EnableCertificateOwnerRef, s); err != nil {
return err
}
out.CopiedAnnotationPrefixes = *(*[]string)(unsafe.Pointer(&in.CopiedAnnotationPrefixes))
if err := Convert_int_To_Pointer_int32(&in.NumberOfConcurrentWorkers, &out.NumberOfConcurrentWorkers, s); err != nil {
return err
}
@ -203,16 +273,82 @@ func autoConvert_controller_ControllerConfiguration_To_v1alpha1_ControllerConfig
}
out.MetricsListenAddress = in.MetricsListenAddress
out.HealthzListenAddress = in.HealthzListenAddress
out.HealthzLeaderElectionTimeout = time.Duration(in.HealthzLeaderElectionTimeout)
out.PprofAddress = in.PprofAddress
if err := metav1.Convert_bool_To_Pointer_bool(&in.EnablePprof, &out.EnablePprof, s); err != nil {
return err
}
out.PprofAddress = in.PprofAddress
if err := Convert_v1_LoggingConfiguration_To_Pointer_v1_LoggingConfiguration(&in.Logging, &out.Logging, s); err != nil {
return err
}
out.DNS01CheckRetryPeriod = time.Duration(in.DNS01CheckRetryPeriod)
out.CopiedAnnotationPrefixes = *(*[]string)(unsafe.Pointer(&in.CopiedAnnotationPrefixes))
out.FeatureGates = *(*map[string]bool)(unsafe.Pointer(&in.FeatureGates))
if err := Convert_controller_IngressShimConfig_To_v1alpha1_IngressShimConfig(&in.IngressShimConfig, &out.IngressShimConfig, s); err != nil {
return err
}
if err := Convert_controller_ACMEHTTP01Config_To_v1alpha1_ACMEHTTP01Config(&in.ACMEHTTP01Config, &out.ACMEHTTP01Config, s); err != nil {
return err
}
if err := Convert_controller_ACMEDNS01Config_To_v1alpha1_ACMEDNS01Config(&in.ACMEDNS01Config, &out.ACMEDNS01Config, s); err != nil {
return err
}
return nil
}
func autoConvert_v1alpha1_IngressShimConfig_To_controller_IngressShimConfig(in *v1alpha1.IngressShimConfig, out *controller.IngressShimConfig, s conversion.Scope) error {
out.DefaultIssuerName = in.DefaultIssuerName
out.DefaultIssuerKind = in.DefaultIssuerKind
out.DefaultIssuerGroup = in.DefaultIssuerGroup
out.DefaultAutoCertificateAnnotations = *(*[]string)(unsafe.Pointer(&in.DefaultAutoCertificateAnnotations))
return nil
}
// Convert_v1alpha1_IngressShimConfig_To_controller_IngressShimConfig is an autogenerated conversion function.
func Convert_v1alpha1_IngressShimConfig_To_controller_IngressShimConfig(in *v1alpha1.IngressShimConfig, out *controller.IngressShimConfig, s conversion.Scope) error {
return autoConvert_v1alpha1_IngressShimConfig_To_controller_IngressShimConfig(in, out, s)
}
func autoConvert_controller_IngressShimConfig_To_v1alpha1_IngressShimConfig(in *controller.IngressShimConfig, out *v1alpha1.IngressShimConfig, s conversion.Scope) error {
out.DefaultIssuerName = in.DefaultIssuerName
out.DefaultIssuerKind = in.DefaultIssuerKind
out.DefaultIssuerGroup = in.DefaultIssuerGroup
out.DefaultAutoCertificateAnnotations = *(*[]string)(unsafe.Pointer(&in.DefaultAutoCertificateAnnotations))
return nil
}
// Convert_controller_IngressShimConfig_To_v1alpha1_IngressShimConfig is an autogenerated conversion function.
func Convert_controller_IngressShimConfig_To_v1alpha1_IngressShimConfig(in *controller.IngressShimConfig, out *v1alpha1.IngressShimConfig, s conversion.Scope) error {
return autoConvert_controller_IngressShimConfig_To_v1alpha1_IngressShimConfig(in, out, s)
}
func autoConvert_v1alpha1_LeaderElectionConfig_To_controller_LeaderElectionConfig(in *v1alpha1.LeaderElectionConfig, out *controller.LeaderElectionConfig, s conversion.Scope) error {
if err := metav1.Convert_Pointer_bool_To_bool(&in.Enabled, &out.Enabled, s); err != nil {
return err
}
out.Namespace = in.Namespace
out.LeaseDuration = time.Duration(in.LeaseDuration)
out.RenewDeadline = time.Duration(in.RenewDeadline)
out.RetryPeriod = time.Duration(in.RetryPeriod)
out.HealthzTimeout = time.Duration(in.HealthzTimeout)
return nil
}
// Convert_v1alpha1_LeaderElectionConfig_To_controller_LeaderElectionConfig is an autogenerated conversion function.
func Convert_v1alpha1_LeaderElectionConfig_To_controller_LeaderElectionConfig(in *v1alpha1.LeaderElectionConfig, out *controller.LeaderElectionConfig, s conversion.Scope) error {
return autoConvert_v1alpha1_LeaderElectionConfig_To_controller_LeaderElectionConfig(in, out, s)
}
func autoConvert_controller_LeaderElectionConfig_To_v1alpha1_LeaderElectionConfig(in *controller.LeaderElectionConfig, out *v1alpha1.LeaderElectionConfig, s conversion.Scope) error {
if err := metav1.Convert_bool_To_Pointer_bool(&in.Enabled, &out.Enabled, s); err != nil {
return err
}
out.Namespace = in.Namespace
out.LeaseDuration = time.Duration(in.LeaseDuration)
out.RenewDeadline = time.Duration(in.RenewDeadline)
out.RetryPeriod = time.Duration(in.RetryPeriod)
out.HealthzTimeout = time.Duration(in.HealthzTimeout)
return nil
}
// Convert_controller_LeaderElectionConfig_To_v1alpha1_LeaderElectionConfig is an autogenerated conversion function.
func Convert_controller_LeaderElectionConfig_To_v1alpha1_LeaderElectionConfig(in *controller.LeaderElectionConfig, out *v1alpha1.LeaderElectionConfig, s conversion.Scope) error {
return autoConvert_controller_LeaderElectionConfig_To_v1alpha1_LeaderElectionConfig(in, out, s)
}

4
internal/apis/config/controller/v1alpha1/zz_generated.defaults.go
View File

@ -38,4 +38,8 @@ func RegisterDefaults(scheme *runtime.Scheme) error {
func SetObjectDefaults_ControllerConfiguration(in *v1alpha1.ControllerConfiguration) {
SetDefaults_ControllerConfiguration(in)
SetDefaults_LeaderElectionConfig(&in.LeaderElectionConfig)
SetDefaults_IngressShimConfig(&in.IngressShimConfig)
SetDefaults_ACMEHTTP01Config(&in.ACMEHTTP01Config)
SetDefaults_ACMEDNS01Config(&in.ACMEDNS01Config)
}

6
internal/apis/config/controller/validation/validation.go
View File

@ -32,7 +32,7 @@ import (
)
func ValidateControllerConfiguration(o *config.ControllerConfiguration) error {
if len(o.DefaultIssuerKind) == 0 {
if len(o.IngressShimConfig.DefaultIssuerKind) == 0 {
return errors.New("the --default-issuer-kind flag must not be empty")
}
@ -48,7 +48,7 @@ func ValidateControllerConfiguration(o *config.ControllerConfiguration) error {
return fmt.Errorf("invalid value for kube-api-burst: %v must be higher or equal to kube-api-qps: %v", o.KubernetesAPIQPS, o.KubernetesAPIQPS)
}
for _, server := range o.ACMEHTTP01SolverNameservers {
for _, server := range o.ACMEHTTP01Config.SolverNameservers {
// ensure all servers have a port number
_, _, err := net.SplitHostPort(server)
if err != nil {
@ -56,7 +56,7 @@ func ValidateControllerConfiguration(o *config.ControllerConfiguration) error {
}
}
for _, server := range o.DNS01RecursiveNameservers {
for _, server := range o.ACMEDNS01Config.RecursiveNameservers {
// ensure all servers follow one of the following formats:
// - <ip address>:<port>
// - https://<DoH RFC 8484 server address>

100
internal/apis/config/controller/zz_generated.deepcopy.go
View File

@ -25,36 +25,64 @@ import (
runtime "k8s.io/apimachinery/pkg/runtime"
)
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEDNS01Config) DeepCopyInto(out *ACMEDNS01Config) {
*out = *in
if in.RecursiveNameservers != nil {
in, out := &in.RecursiveNameservers, &out.RecursiveNameservers
*out = make([]string, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEDNS01Config.
func (in *ACMEDNS01Config) DeepCopy() *ACMEDNS01Config {
if in == nil {
return nil
}
out := new(ACMEDNS01Config)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEHTTP01Config) DeepCopyInto(out *ACMEHTTP01Config) {
*out = *in
if in.SolverNameservers != nil {
in, out := &in.SolverNameservers, &out.SolverNameservers
*out = make([]string, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEHTTP01Config.
func (in *ACMEHTTP01Config) DeepCopy() *ACMEHTTP01Config {
if in == nil {
return nil
}
out := new(ACMEHTTP01Config)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ControllerConfiguration) DeepCopyInto(out *ControllerConfiguration) {
*out = *in
out.TypeMeta = in.TypeMeta
out.LeaderElectionConfig = in.LeaderElectionConfig
if in.Controllers != nil {
in, out := &in.Controllers, &out.Controllers
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.ACMEHTTP01SolverNameservers != nil {
in, out := &in.ACMEHTTP01SolverNameservers, &out.ACMEHTTP01SolverNameservers
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.DefaultAutoCertificateAnnotations != nil {
in, out := &in.DefaultAutoCertificateAnnotations, &out.DefaultAutoCertificateAnnotations
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.DNS01RecursiveNameservers != nil {
in, out := &in.DNS01RecursiveNameservers, &out.DNS01RecursiveNameservers
*out = make([]string, len(*in))
copy(*out, *in)
}
in.Logging.DeepCopyInto(&out.Logging)
if in.CopiedAnnotationPrefixes != nil {
in, out := &in.CopiedAnnotationPrefixes, &out.CopiedAnnotationPrefixes
*out = make([]string, len(*in))
copy(*out, *in)
}
in.Logging.DeepCopyInto(&out.Logging)
if in.FeatureGates != nil {
in, out := &in.FeatureGates, &out.FeatureGates
*out = make(map[string]bool, len(*in))
@ -62,6 +90,9 @@ func (in *ControllerConfiguration) DeepCopyInto(out *ControllerConfiguration) {
(*out)[key] = val
}
}
in.IngressShimConfig.DeepCopyInto(&out.IngressShimConfig)
in.ACMEHTTP01Config.DeepCopyInto(&out.ACMEHTTP01Config)
in.ACMEDNS01Config.DeepCopyInto(&out.ACMEDNS01Config)
return
}
@ -82,3 +113,40 @@ func (in *ControllerConfiguration) DeepCopyObject() runtime.Object {
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *IngressShimConfig) DeepCopyInto(out *IngressShimConfig) {
*out = *in
if in.DefaultAutoCertificateAnnotations != nil {
in, out := &in.DefaultAutoCertificateAnnotations, &out.DefaultAutoCertificateAnnotations
*out = make([]string, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressShimConfig.
func (in *IngressShimConfig) DeepCopy() *IngressShimConfig {
if in == nil {
return nil
}
out := new(IngressShimConfig)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *LeaderElectionConfig) DeepCopyInto(out *LeaderElectionConfig) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LeaderElectionConfig.
func (in *LeaderElectionConfig) DeepCopy() *LeaderElectionConfig {
if in == nil {
return nil
}
out := new(LeaderElectionConfig)
in.DeepCopyInto(out)
return out
}

273
pkg/apis/config/controller/v1alpha1/types.go
View File

@ -29,13 +29,14 @@ import (
type ControllerConfiguration struct {
metav1.TypeMeta `json:",inline"`
// Optional apiserver host address to connect to. If not specified,
// autoconfiguration will be attempted
APIServerHost string `json:"apiServerHost,omitempty"`
// Paths to a kubeconfig. Only required if out-of-cluster.
// kubeConfig is the kubeconfig file used to connect to the Kubernetes apiserver.
// If not specified, the webhook will attempt to load the in-cluster-config.
KubeConfig string `json:"kubeConfig,omitempty"`
// apiServerHost is used to override the API server connection address.
// Deprecated: use `kubeConfig` instead.
APIServerHost string `json:"apiServerHost,omitempty"`
// Indicates the maximum queries-per-second requests to the Kubernetes apiserver
// TODO: floats are not recommended. Maybe we should use resource.Quantity? https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/
KubernetesAPIQPS *float32 `json:"kubernetesAPIQPS,omitempty"`
@ -43,36 +44,16 @@ type ControllerConfiguration struct {
// The maximum burst queries-per-second of requests sent to the Kubernetes apiserver
KubernetesAPIBurst *int32 `json:"kubernetesAPIBurst,omitempty"`
// Namespace to store resources owned by cluster scoped resources such as ClusterIssuer in.
ClusterResourceNamespace string `json:"clusterResourceNamespace,omitempty"`
// If set, this limits the scope of cert-manager to a single namespace and
// ClusterIssuers are disabled. If not specified, all namespaces will be
// watched"
Namespace string `json:"namespace,omitempty"`
// If true, cert-manager will perform leader election between instances to
// ensure no more than one instance of cert-manager operates at a time
LeaderElect *bool `json:"leaderElect,omitempty"`
// Namespace to store resources owned by cluster scoped resources such as ClusterIssuer in.
ClusterResourceNamespace string `json:"clusterResourceNamespace,omitempty"`
//Namespace used to perform leader election. Only used if leader election is enabled
LeaderElectionNamespace string `json:"leaderElectionNamespace,omitempty"`
// The duration that non-leader candidates will wait after observing a leadership
// renewal until attempting to acquire leadership of a led but unrenewed leader
// slot. This is effectively the maximum duration that a leader can be stopped
// before it is replaced by another candidate. This is only applicable if leader
// election is enabled.
LeaderElectionLeaseDuration time.Duration `json:"leaderElectionLeaseDuration,omitempty"`
// The interval between attempts by the acting master to renew a leadership slot
// before it stops leading. This must be less than or equal to the lease duration.
// This is only applicable if leader election is enabled.
LeaderElectionRenewDeadline time.Duration `json:"leaderElectionRenewDeadline,omitempty"`
// The duration the clients should wait between attempting acquisition and renewal
// of a leadership. This is only applicable if leader election is enabled.
LeaderElectionRetryPeriod time.Duration `json:"leaderElectionRetryPeriod,omitempty"`
// LeaderElectionConfig configures the behaviour of the leader election
LeaderElectionConfig LeaderElectionConfig `json:"leaderElectionConfig"`
// A list of controllers to enable.
// ['*'] enables all controllers,
@ -80,45 +61,6 @@ type ControllerConfiguration struct {
// ['*', '-foo'] disables the controller named foo.
Controllers []string `json:"controllers,omitempty"`
// The Docker image to use to solve ACME HTTP01 challenges. You most likely
// will not need to change this parameter unless you are testing a new
// feature or developing cert-manager.
ACMEHTTP01SolverImage string `json:"acmeHTTP01SolverImage,omitempty"`
// Defines the resource request CPU size when spawning new ACME HTTP01
// challenge solver pods.
ACMEHTTP01SolverResourceRequestCPU string `json:"acmeHTTP01SolverResourceRequestCPU,omitempty"`
//Defines the resource request Memory size when spawning new ACME HTTP01
//challenge solver pods.
ACMEHTTP01SolverResourceRequestMemory string `json:"acmeHTTP01SolverResourceRequestMemory,omitempty"`
//Defines the resource limits CPU size when spawning new ACME HTTP01
//challenge solver pods.
ACMEHTTP01SolverResourceLimitsCPU string `json:"acmeHTTP01SolverResourceLimitsCPU,omitempty"`
// Defines the resource limits Memory size when spawning new ACME HTTP01
// challenge solver pods.
ACMEHTTP01SolverResourceLimitsMemory string `json:"acmeHTTP01SolverResourceLimitsMemory,omitempty"`
// Defines the ability to run the http01 solver as root for troubleshooting
// issues
ACMEHTTP01SolverRunAsNonRoot *bool `json:"acmeHTTP01SolverRunAsNonRoot,omitempty"`
// A list of comma separated dns server endpoints used for
// ACME HTTP01 check requests. This should be a list containing host and
// port, for example ["8.8.8.8:53","8.8.4.4:53"]
// Allows specifying a list of custom nameservers to perform HTTP01 checks on.
ACMEHTTP01SolverNameservers []string `json:"acmeHTTP01SolverNameservers,omitempty"`
// Whether a cluster-issuer may make use of ambient credentials for issuers.
// 'Ambient Credentials' are credentials drawn from the environment, metadata
// services, or local files which are not explicitly configured in the
// ClusterIssuer API object. When this flag is enabled, the following sources
// for credentials are also used: AWS - All sources the Go SDK defaults to,
// notably including any EC2 IAM roles available via instance metadata.
ClusterIssuerAmbientCredentials *bool `json:"clusterIssuerAmbientCredentials,omitempty"`
// Whether an issuer may make use of ambient credentials. 'Ambient
// Credentials' are credentials drawn from the environment, metadata services,
// or local files which are not explicitly configured in the Issuer API
@ -127,6 +69,114 @@ type ControllerConfiguration struct {
// notably including any EC2 IAM roles available via instance metadata.
IssuerAmbientCredentials *bool `json:"issuerAmbientCredentials,omitempty"`
// Whether a cluster-issuer may make use of ambient credentials for issuers.
// 'Ambient Credentials' are credentials drawn from the environment, metadata
// services, or local files which are not explicitly configured in the
// ClusterIssuer API object. When this flag is enabled, the following sources
// for credentials are also used: AWS - All sources the Go SDK defaults to,
// notably including any EC2 IAM roles available via instance metadata.
ClusterIssuerAmbientCredentials *bool `json:"clusterIssuerAmbientCredentials,omitempty"`
// Whether to set the certificate resource as an owner of secret where the
// tls certificate is stored. When this flag is enabled, the secret will be
// automatically removed when the certificate resource is deleted.
EnableCertificateOwnerRef *bool `json:"enableCertificateOwnerRef,omitempty"`
// Specify which annotations should/shouldn't be copied from Certificate to
// CertificateRequest and Order, as well as from CertificateSigningRequest to
// Order, by passing a list of annotation key prefixes. A prefix starting with
// a dash(-) specifies an annotation that shouldn't be copied. Example:
// '*,-kubectl.kuberenetes.io/'- all annotations will be copied apart from the
// ones where the key is prefixed with 'kubectl.kubernetes.io/'.
CopiedAnnotationPrefixes []string `json:"copiedAnnotationPrefixes,omitempty"`
// The number of concurrent workers for each controller.
NumberOfConcurrentWorkers *int32 `json:"numberOfConcurrentWorkers,omitempty"`
// The maximum number of challenges that can be scheduled as 'processing' at once.
MaxConcurrentChallenges *int32 `json:"maxConcurrentChallenges,omitempty"`
// The host and port that the metrics endpoint should listen on.
MetricsListenAddress string `json:"metricsListenAddress,omitempty"`
// The host and port address, separated by a ':', that the healthz server
// should listen on.
HealthzListenAddress string `json:"healthzListenAddress,omitempty"`
// Enable profiling for controller.
EnablePprof *bool `json:"enablePprof"`
// The host and port that Go profiler should listen on, i.e localhost:6060.
// Ensure that profiler is not exposed on a public address. Profiler will be
// served at /debug/pprof.
PprofAddress string `json:"pprofAddress,omitempty"`
// logging configures the logging behaviour of the controller.
// https://pkg.go.dev/k8s.io/component-base@v0.27.3/logs/api/v1#LoggingConfiguration
Logging *logs.Options `json:"logging,omitempty"`
// featureGates is a map of feature names to bools that enable or disable experimental
// features.
// Default: nil
// +optional
FeatureGates map[string]bool `json:"featureGates,omitempty"`
// ingressShimConfig configures the behaviour of the ingress-shim controller
IngressShimConfig IngressShimConfig `json:"ingressShimConfig,omitempty"`
// acmeHTTP01Config configures the behaviour of the ACME HTTP01 challenge solver
ACMEHTTP01Config ACMEHTTP01Config `json:"acmeHTTP01Config,omitempty"`
// acmeDNS01Config configures the behaviour of the ACME DNS01 challenge solver
ACMEDNS01Config ACMEDNS01Config `json:"acmeDNS01Config,omitempty"`
}
type KubeConfig struct {
// Path to a kubeconfig. Only required if out-of-cluster.
Path string `json:"path,omitempty"`
// If true, use the current context from the kubeconfig file.
// If false, use the context specified by ControllerConfiguration.Context.
// Default: true
// +optional
CurrentContext *bool `json:"currentContext,omitempty"`
// The kubeconfig context to use.
// Default: current-context from kubeconfig file
// +optional
Context string `json:"context,omitempty"`
}
type LeaderElectionConfig struct {
// If true, cert-manager will perform leader election between instances to
// ensure no more than one instance of cert-manager operates at a time
Enabled *bool `json:"enabled,omitempty"`
// Namespace used to perform leader election. Only used if leader election is enabled
Namespace string `json:"namespace,omitempty"`
// The duration that non-leader candidates will wait after observing a leadership
// renewal until attempting to acquire leadership of a led but unrenewed leader
// slot. This is effectively the maximum duration that a leader can be stopped
// before it is replaced by another candidate. This is only applicable if leader
// election is enabled.
LeaseDuration time.Duration `json:"leaseDuration,omitempty"`
// The interval between attempts by the acting master to renew a leadership slot
// before it stops leading. This must be less than or equal to the lease duration.
// This is only applicable if leader election is enabled.
RenewDeadline time.Duration `json:"renewDeadline,omitempty"`
// The duration the clients should wait between attempting acquisition and renewal
// of a leadership. This is only applicable if leader election is enabled.
RetryPeriod time.Duration `json:"retryPeriod,omitempty"`
// Leader election healthz checks within this timeout period after the lease
// expires will still return healthy.
HealthzTimeout time.Duration `json:"healthzTimeout,omitempty"`
}
type IngressShimConfig struct {
// Default issuer/certificates details consumed by ingress-shim
// Name of the Issuer to use when the tls is requested but issuer name is
// not specified on the ingress resource.
@ -143,52 +193,55 @@ type ControllerConfiguration struct {
// The annotation consumed by the ingress-shim controller to indicate a ingress
// is requesting a certificate
DefaultAutoCertificateAnnotations []string `json:"defaultAutoCertificateAnnotations,omitempty"`
}
type ACMEHTTP01Config struct {
// The Docker image to use to solve ACME HTTP01 challenges. You most likely
// will not need to change this parameter unless you are testing a new
// feature or developing cert-manager.
SolverImage string `json:"solverImage,omitempty"`
// Defines the resource request CPU size when spawning new ACME HTTP01
// challenge solver pods.
SolverResourceRequestCPU string `json:"solverResourceRequestCPU,omitempty"`
// Defines the resource request Memory size when spawning new ACME HTTP01
// challenge solver pods.
SolverResourceRequestMemory string `json:"solverResourceRequestMemory,omitempty"`
// Defines the resource limits CPU size when spawning new ACME HTTP01
// challenge solver pods.
SolverResourceLimitsCPU string `json:"solverResourceLimitsCPU,omitempty"`
// Defines the resource limits Memory size when spawning new ACME HTTP01
// challenge solver pods.
SolverResourceLimitsMemory string `json:"solverResourceLimitsMemory,omitempty"`
// Defines the ability to run the http01 solver as root for troubleshooting
// issues
SolverRunAsNonRoot *bool `json:"solverRunAsNonRoot,omitempty"`
// A list of comma separated dns server endpoints used for
// ACME HTTP01 check requests. This should be a list containing host and
// port, for example ["8.8.8.8:53","8.8.4.4:53"]
// Allows specifying a list of custom nameservers to perform HTTP01 checks on.
SolverNameservers []string `json:"solverNameservers,omitempty"`
}
type ACMEDNS01Config struct {
// Each nameserver can be either the IP address and port of a standard
// recursive DNS server, or the endpoint to an RFC 8484 DNS over HTTPS
// endpoint. For example, the following values are valid:
// - "8.8.8.8:53" (Standard DNS)
// - "https://1.1.1.1/dns-query" (DNS over HTTPS)
DNS01RecursiveNameservers []string `json:"dns01RecursiveNameservers,omitempty"`
RecursiveNameservers []string `json:"recursiveNameservers,omitempty"`
// When true, cert-manager will only ever query the configured DNS resolvers
// to perform the ACME DNS01 self check. This is useful in DNS constrained
// environments, where access to authoritative nameservers is restricted.
// Enabling this option could cause the DNS01 self check to take longer
// due to caching performed by the recursive nameservers.
DNS01RecursiveNameserversOnly *bool `json:"dns01RecursiveNameserversOnly,omitempty"`
// Whether to set the certificate resource as an owner of secret where the
// tls certificate is stored. When this flag is enabled, the secret will be
// automatically removed when the certificate resource is deleted.
EnableCertificateOwnerRef *bool `json:"enableCertificateOwnerRef,omitempty"`
// The number of concurrent workers for each controller.
NumberOfConcurrentWorkers *int32 `json:"numberOfConcurrentWorkers,omitempty"`
// The maximum number of challenges that can be scheduled as 'processing' at once.
MaxConcurrentChallenges *int32 `json:"maxConcurrentChallenges,omitempty"`
// The host and port that the metrics endpoint should listen on.
MetricsListenAddress string `json:"metricsListenAddress,omitempty"`
// The host and port address, separated by a ':', that the healthz server
// should listen on.
HealthzListenAddress string `json:"healthzListenAddress,omitempty"`
// Leader election healthz checks within this timeout period after the lease
// expires will still return healthy.
HealthzLeaderElectionTimeout time.Duration `json:"healthzLeaderElectionTimeout,omitempty"`
// The host and port that Go profiler should listen on, i.e localhost:6060.
// Ensure that profiler is not exposed on a public address. Profiler will be
// served at /debug/pprof.
PprofAddress string `json:"pprofAddress,omitempty"`
// Enable profiling for controller.
EnablePprof *bool `json:"enablePprof"`
// https://pkg.go.dev/k8s.io/component-base@v0.27.3/logs/api/v1#LoggingConfiguration
Logging *logs.Options `json:"logging,omitempty"`
RecursiveNameserversOnly *bool `json:"recursiveNameserversOnly,omitempty"`
// The duration the controller should wait between a propagation check. Despite
// the name, this flag is used to configure the wait period for both DNS01 and
@ -197,19 +250,5 @@ type ControllerConfiguration struct {
// For HTTP01 challenges the propagation check verifies that the challenge
// token is served at the challenge URL. This should be a valid duration
// string, for example 180s or 1h
DNS01CheckRetryPeriod time.Duration `json:"dns01CheckRetryPeriod,omitempty"`
// Specify which annotations should/shouldn't be copied from Certificate to
// CertificateRequest and Order, as well as from CertificateSigningRequest to
// Order, by passing a list of annotation key prefixes. A prefix starting with
// a dash(-) specifies an annotation that shouldn't be copied. Example:
// '*,-kubectl.kuberenetes.io/'- all annotations will be copied apart from the
// ones where the key is prefixed with 'kubectl.kubernetes.io/'.
CopiedAnnotationPrefixes []string `json:"copiedAnnotationPrefixes,omitempty"`
// featureGates is a map of feature names to bools that enable or disable experimental
// features.
// Default: nil
// +optional
FeatureGates map[string]bool `json:"featureGates,omitempty"`
CheckRetryPeriod time.Duration `json:"checkRetryPeriod,omitempty"`
}

163
pkg/apis/config/controller/v1alpha1/zz_generated.deepcopy.go
View File

@ -26,6 +26,58 @@ import (
v1 "k8s.io/component-base/logs/api/v1"
)
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEDNS01Config) DeepCopyInto(out *ACMEDNS01Config) {
*out = *in
if in.RecursiveNameservers != nil {
in, out := &in.RecursiveNameservers, &out.RecursiveNameservers
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.RecursiveNameserversOnly != nil {
in, out := &in.RecursiveNameserversOnly, &out.RecursiveNameserversOnly
*out = new(bool)
**out = **in
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEDNS01Config.
func (in *ACMEDNS01Config) DeepCopy() *ACMEDNS01Config {
if in == nil {
return nil
}
out := new(ACMEDNS01Config)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ACMEHTTP01Config) DeepCopyInto(out *ACMEHTTP01Config) {
*out = *in
if in.SolverRunAsNonRoot != nil {
in, out := &in.SolverRunAsNonRoot, &out.SolverRunAsNonRoot
*out = new(bool)
**out = **in
}
if in.SolverNameservers != nil {
in, out := &in.SolverNameservers, &out.SolverNameservers
*out = make([]string, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEHTTP01Config.
func (in *ACMEHTTP01Config) DeepCopy() *ACMEHTTP01Config {
if in == nil {
return nil
}
out := new(ACMEHTTP01Config)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ControllerConfiguration) DeepCopyInto(out *ControllerConfiguration) {
*out = *in
@ -40,48 +92,19 @@ func (in *ControllerConfiguration) DeepCopyInto(out *ControllerConfiguration) {
*out = new(int32)
**out = **in
}
if in.LeaderElect != nil {
in, out := &in.LeaderElect, &out.LeaderElect
*out = new(bool)
**out = **in
}
in.LeaderElectionConfig.DeepCopyInto(&out.LeaderElectionConfig)
if in.Controllers != nil {
in, out := &in.Controllers, &out.Controllers
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.ACMEHTTP01SolverRunAsNonRoot != nil {
in, out := &in.ACMEHTTP01SolverRunAsNonRoot, &out.ACMEHTTP01SolverRunAsNonRoot
*out = new(bool)
**out = **in
}
if in.ACMEHTTP01SolverNameservers != nil {
in, out := &in.ACMEHTTP01SolverNameservers, &out.ACMEHTTP01SolverNameservers
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.ClusterIssuerAmbientCredentials != nil {
in, out := &in.ClusterIssuerAmbientCredentials, &out.ClusterIssuerAmbientCredentials
*out = new(bool)
**out = **in
}
if in.IssuerAmbientCredentials != nil {
in, out := &in.IssuerAmbientCredentials, &out.IssuerAmbientCredentials
*out = new(bool)
**out = **in
}
if in.DefaultAutoCertificateAnnotations != nil {
in, out := &in.DefaultAutoCertificateAnnotations, &out.DefaultAutoCertificateAnnotations
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.DNS01RecursiveNameservers != nil {
in, out := &in.DNS01RecursiveNameservers, &out.DNS01RecursiveNameservers
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.DNS01RecursiveNameserversOnly != nil {
in, out := &in.DNS01RecursiveNameserversOnly, &out.DNS01RecursiveNameserversOnly
if in.ClusterIssuerAmbientCredentials != nil {
in, out := &in.ClusterIssuerAmbientCredentials, &out.ClusterIssuerAmbientCredentials
*out = new(bool)
**out = **in
}
@ -90,6 +113,11 @@ func (in *ControllerConfiguration) DeepCopyInto(out *ControllerConfiguration) {
*out = new(bool)
**out = **in
}
if in.CopiedAnnotationPrefixes != nil {
in, out := &in.CopiedAnnotationPrefixes, &out.CopiedAnnotationPrefixes
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.NumberOfConcurrentWorkers != nil {
in, out := &in.NumberOfConcurrentWorkers, &out.NumberOfConcurrentWorkers
*out = new(int32)
@ -110,11 +138,6 @@ func (in *ControllerConfiguration) DeepCopyInto(out *ControllerConfiguration) {
*out = new(v1.LoggingConfiguration)
(*in).DeepCopyInto(*out)
}
if in.CopiedAnnotationPrefixes != nil {
in, out := &in.CopiedAnnotationPrefixes, &out.CopiedAnnotationPrefixes
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.FeatureGates != nil {
in, out := &in.FeatureGates, &out.FeatureGates
*out = make(map[string]bool, len(*in))
@ -122,6 +145,9 @@ func (in *ControllerConfiguration) DeepCopyInto(out *ControllerConfiguration) {
(*out)[key] = val
}
}
in.IngressShimConfig.DeepCopyInto(&out.IngressShimConfig)
in.ACMEHTTP01Config.DeepCopyInto(&out.ACMEHTTP01Config)
in.ACMEDNS01Config.DeepCopyInto(&out.ACMEDNS01Config)
return
}
@ -142,3 +168,66 @@ func (in *ControllerConfiguration) DeepCopyObject() runtime.Object {
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *IngressShimConfig) DeepCopyInto(out *IngressShimConfig) {
*out = *in
if in.DefaultAutoCertificateAnnotations != nil {
in, out := &in.DefaultAutoCertificateAnnotations, &out.DefaultAutoCertificateAnnotations
*out = make([]string, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressShimConfig.
func (in *IngressShimConfig) DeepCopy() *IngressShimConfig {
if in == nil {
return nil
}
out := new(IngressShimConfig)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *KubeConfig) DeepCopyInto(out *KubeConfig) {
*out = *in
if in.CurrentContext != nil {
in, out := &in.CurrentContext, &out.CurrentContext
*out = new(bool)
**out = **in
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeConfig.
func (in *KubeConfig) DeepCopy() *KubeConfig {
if in == nil {
return nil
}
out := new(KubeConfig)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *LeaderElectionConfig) DeepCopyInto(out *LeaderElectionConfig) {
*out = *in
if in.Enabled != nil {
in, out := &in.Enabled, &out.Enabled
*out = new(bool)
**out = **in
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LeaderElectionConfig.
func (in *LeaderElectionConfig) DeepCopy() *LeaderElectionConfig {
if in == nil {
return nil
}
out := new(LeaderElectionConfig)
in.DeepCopyInto(out)
return out
}