weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
2ddf6fe637
cert-manager/cmd/controller/app/start.go
Maël Valais 30f9c123d3 gateway-shim: add the gateway-shim controller 
Note that the gateway-shim is only half the work for supporting the
Gateway API in cert-manager. The other half is the HTTP01 solver
support, which is still worked on.

The Gateway API in cert-manager is releases as an experimental feature
and needs to be enabled manually with the following flag:

  --controllers=*,gateway-shim

All the annotations supported by ingress-shim are also supported by
gateway-shim, with some exceptions:

  "acme.cert-manager.io/http01-ingress-class"

This annotation is not supported on the Gateway resource. Although the
Gateway resource also has a "gatewayClass" field, we will need to add
another field instead of "ingress-class" to avoid confusion with the
ingress-shim.

  "acme.cert-manager.io/http01-edit-in-place"

This annotation is not supported because it is specific to some ingress
controllers like ingress-gce.

  "kubernetes.io/tls-acme"

This annotation is not supported because it is a behavior inherited from
kube-lego and we chose not to keep this behavior with the Gateway API.

Unlike the ingress-shim, you can reuse the same Secret name in multiple
TLS configurations on the same Gateway resource.

The ingress-shim now shows the exact location of the duplicate
secretName when the user gives the same secretName in two separate TLS
blocks.

Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Jake Sanders <i@am.so-aweso.me>
2021-07-15 20:34:55 +02:00

97 lines
3.4 KiB
Go
Raw Blame History

/*
Copyright 2020 The cert-manager Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package app
import (
"fmt"
"github.com/spf13/cobra"
utilerrors "k8s.io/apimachinery/pkg/util/errors"
_ "k8s.io/client-go/plugin/pkg/client/auth"
"github.com/jetstack/cert-manager/cmd/controller/app/options"
_ "github.com/jetstack/cert-manager/pkg/controller/acmechallenges"
_ "github.com/jetstack/cert-manager/pkg/controller/acmeorders"
_ "github.com/jetstack/cert-manager/pkg/controller/certificate-shim/gateways"
_ "github.com/jetstack/cert-manager/pkg/controller/certificate-shim/ingresses"
_ "github.com/jetstack/cert-manager/pkg/controller/certificates/trigger"
_ "github.com/jetstack/cert-manager/pkg/controller/clusterissuers"
_ "github.com/jetstack/cert-manager/pkg/controller/issuers"
_ "github.com/jetstack/cert-manager/pkg/issuer/acme"
_ "github.com/jetstack/cert-manager/pkg/issuer/ca"
_ "github.com/jetstack/cert-manager/pkg/issuer/selfsigned"
_ "github.com/jetstack/cert-manager/pkg/issuer/vault"
_ "github.com/jetstack/cert-manager/pkg/issuer/venafi"
logf "github.com/jetstack/cert-manager/pkg/logs"
"github.com/jetstack/cert-manager/pkg/util"
utilfeature "github.com/jetstack/cert-manager/pkg/util/feature"
)
type CertManagerControllerOptions struct {
ControllerOptions *options.ControllerOptions
}
func NewCertManagerControllerOptions() *CertManagerControllerOptions {
o := &CertManagerControllerOptions{
ControllerOptions: options.NewControllerOptions(),
}
return o
}
// NewCommandStartCertManagerController is a CLI handler for starting cert-manager
func NewCommandStartCertManagerController(stopCh <-chan struct{}) *cobra.Command {
o := NewCertManagerControllerOptions()
cmd := &cobra.Command{
Use: "cert-manager-controller",
Short: fmt.Sprintf("Automated TLS controller for Kubernetes (%s) (%s)", util.AppVersion, util.AppGitCommit),
Long: `
cert-manager is a Kubernetes addon to automate the management and issuance of
TLS certificates from various issuing sources.
It will ensure certificates are valid and up to date periodically, and attempt
to renew certificates at an appropriate time before expiry.`,
RunE: func(cmd *cobra.Command, args []string) error {
if err := o.Validate(args); err != nil {
return fmt.Errorf("error validating options: %s", err)
}
logf.Log.V(logf.InfoLevel).Info("starting controller", "version", util.AppVersion, "git-commit", util.AppGitCommit)
o.RunCertManagerController(stopCh)
return nil
},
}
flags := cmd.Flags()
o.ControllerOptions.AddFlags(flags)
utilfeature.DefaultMutableFeatureGate.AddFlag(flags)
return cmd
}
func (o CertManagerControllerOptions) Validate(args []string) error {
errors := []error{}
errors = append(errors, o.ControllerOptions.Validate())
return utilerrors.NewAggregate(errors)
}
func (o CertManagerControllerOptions) RunCertManagerController(stopCh <-chan struct{}) {
Run(o.ControllerOptions, stopCh)
}
Reference in New Issue View Git Blame Copy Permalink