ContainerImage.Pinniped/internal/controller
Ryan Richard a2ecd05240 Impersonator config controller writes CA cert & key to different Secret
- The CA cert will end up in the end user's kubeconfig on their client
  machine, so if it changes they would need to fetch the new one and
  update their kubeconfig. Therefore, we should avoid changing it as
  much as possible.
- Now the controller writes the CA to a different Secret. It writes both
  the cert and the key so it can reuse them to create more TLS
  certificates in the future.
- For now, it only needs to make more TLS certificates if the old
  TLS cert Secret gets deleted or updated to be invalid. This allows
  for manual rotation of the TLS certs by simply deleting the Secret.
  In the future, we may want to implement some kind of auto rotation.
- For now, rotation of both the CA and TLS certs will also happen if
  you manually delete the CA Secret. However, this would cause the end
  users to immediately need to get the new CA into their kubeconfig,
  so this is not as elegant as a normal rotation flow where you would
  have a window of time where you have more than one CA.
2021-03-01 17:02:08 -08:00
..
apicerts certs_manager.go: Rename some local variables 2021-02-18 11:16:34 -08:00
authenticator Use new 'go.pinniped.dev/generated/latest' package. 2021-02-16 13:00:08 -06:00
impersonatorconfig Impersonator config controller writes CA cert & key to different Secret 2021-03-01 17:02:08 -08:00
issuerconfig Use new 'go.pinniped.dev/generated/latest' package. 2021-02-16 13:00:08 -06:00
kubecertagent Use new 'go.pinniped.dev/generated/latest' package. 2021-02-16 13:00:08 -06:00
supervisorconfig Reformat some log-based test assertions. 2021-02-25 08:11:37 -06:00
supervisorstorage Sync garbage collector controller less often by adjusting its filters 2020-12-18 09:36:28 -08:00
controller_test.go Clean this test up a trivial amount using require.Implementsf(). 2020-12-17 08:38:16 -06:00
utils.go Upstream Watcher Controller Syncs less often by adjusting its filters 2020-12-18 15:41:18 -08:00