MCPcopy
hub / github.com/cert-manager/cert-manager / Run

Function Run

cmd/cainjector/app/controller.go:66–253  ·  view source on GitHub ↗
(opts *config.CAInjectorConfiguration, ctx context.Context)

Source from the content-addressed store, hash-verified

64)
65
66func Run(opts *config.CAInjectorConfiguration, ctx context.Context) error {
67 log := logf.FromContext(ctx)
68
69 restConfig := util.RestConfigWithUserAgent(ctrl.GetConfigOrDie(), "cainjector")
70
71 var defaultNamespaces map[string]cache.Config
72 if opts.Namespace != "" {
73 // If a namespace has been provided, only watch resources in that namespace
74 defaultNamespaces = map[string]cache.Config{
75 opts.Namespace: {},
76 }
77 }
78
79 metricsServerCertificateSource := buildCertificateSource(opts.MetricsTLSConfig, restConfig)
80 metricsServerOptions, err := buildMetricsServerOptions(opts, metricsServerCertificateSource)
81 if err != nil {
82 return err
83 }
84
85 scheme := runtime.NewScheme()
86 utilruntime.Must(kscheme.AddToScheme(scheme))
87 utilruntime.Must(cmscheme.AddToScheme(scheme))
88 utilruntime.Must(apiext.AddToScheme(scheme))
89 utilruntime.Must(apireg.AddToScheme(scheme))
90
91 mgr, err := ctrl.NewManager(
92 restConfig,
93 ctrl.Options{
94 Scheme: scheme,
95 Cache: cache.Options{
96 ReaderFailOnMissingInformer: true,
97 DefaultNamespaces: defaultNamespaces,
98 },
99 Client: client.Options{
100 Cache: &client.CacheOptions{
101 // Why do we disable the cache for v1.Secret?
102 //
103 // 1. To reduce memory use of cainjector, by disabling
104 // in-memory cache of Secret resources.
105 // 2. To reduce the load on the K8S API server when
106 // cainjector starts up, caused by the initial listing of
107 // Secret resources in the cluster.
108 //
109 // Clusters may contain many and / or large Secret
110 // resources.
111 // For example OpenShift clusters may have thousands of
112 // ServiceAccounts and each of these has a Secret with the
113 // associated token.
114 // Or where helm is used, there will be large Secret
115 // resources containing the configuration of each Helm
116 // deployment.
117 //
118 // Ordinarily, the controller-runtime client would implicitly
119 // initialize a client-go cache which would list every
120 // Secret, including the entire data of every Secret.
121 // This initial list operation can place enormous load on
122 // the K8S API server.
123 //

Callers 1

NewCAInjectorCommandFunction · 0.70

Calls 15

RestConfigWithUserAgentFunction · 0.92
InstallFunction · 0.92
RegisterAllInjectorsFunction · 0.92
ListenMethod · 0.80
InfoMethod · 0.80
buildCertificateSourceFunction · 0.70
AddMethod · 0.65
ShutdownMethod · 0.65
GetMethod · 0.65
StartMethod · 0.65

Tested by

no test coverage detected