Documentation
¶
Overview ¶
Package certs provides TLS configuration resolution using deployment-specific defaults: the CERTDIR environment variable and the Kubernetes SPIFFE secret path. For explicit path-based loading, use pkg/certs.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ErrNotPresent = errors.New("certificates are not present")
ErrNotPresent is returned when no certificate files are found at the resolved directory. Callers may use errors.Is(err, ErrNotPresent) to detect this case and fall back to non-mTLS.
Functions ¶
func IsTLSAvailable ¶
IsTLSAvailable reports whether TLS certificates can be resolved. It checks, in order: explicit paths in c, the CERTDIR env var, and the k8s SPIFFE default directory. This mirrors the resolution order used by ResolveServer without loading any files.
func ResolveServer ¶
ResolveServer returns a server-side TLS config and source description. If c has explicit paths set, uses them via pkg/certs.ServerTLSConfig; otherwise falls back to the CERTDIR env var / k8s default via ServerTLSConfig.
func ServerTLSConfig ¶
ServerTLSConfig resolves cert paths from the CERTDIR environment variable, falling back to the k8s default /var/run/secrets/spiffe.io, and returns a server-side tls.Config. Returns ErrNotPresent if no cert files are found.
Types ¶
This section is empty.
Source Files