rotator

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 18, 2020 License: Apache-2.0 Imports: 30 Imported by: 45

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AddRotator 

func AddRotator(mgr manager.Manager, cr *CertRotator) error

AddRotator adds the CertRotator and ReconcileWH to the manager.

func ValidCert 

func ValidCert(caCert, cert, key []byte, dnsName string, at time.Time) (bool, error)

Types

type CertRotator 

type CertRotator struct {
	SecretKey      types.NamespacedName
	CertDir        string
	CAName         string
	CAOrganization string
	DNSName        string
	IsReady        chan struct{}
	Webhooks       []WebhookInfo
	// contains filtered or unexported fields
}

CertRotator contains cert artifacts and a channel to close when the certs are ready.

func (*CertRotator) CreateCACert 

func (cr *CertRotator) CreateCACert(begin, end time.Time) (*KeyPairArtifacts, error)

CreateCACert creates the self-signed CA cert and private key that will be used to sign the server certificate

func (*CertRotator) CreateCertPEM 

func (cr *CertRotator) CreateCertPEM(ca *KeyPairArtifacts, begin, end time.Time) ([]byte, []byte, error)

CreateCertPEM takes the results of CreateCACert and uses it to create the PEM-encoded public certificate and private key, respectively

func (*CertRotator) Start 

func (cr *CertRotator) Start(stop <-chan struct{}) error

Start starts the CertRotator runnable to rotate certs and ensure the certs are ready.

type KeyPairArtifacts 

type KeyPairArtifacts struct {
	Cert    *x509.Certificate
	Key     *rsa.PrivateKey
	CertPEM []byte
	KeyPEM  []byte
}

KeyPairArtifacts stores cert artifacts.

type ReconcileWH 

type ReconcileWH struct {
	// contains filtered or unexported fields
}

ReconcileWH reconciles a validatingwebhookconfiguration, making sure it has the appropriate CA cert

func (*ReconcileWH) Reconcile 

func (r *ReconcileWH) Reconcile(request reconcile.Request) (reconcile.Result, error)

Reconcile reads that state of the cluster for a validatingwebhookconfiguration object and makes sure the most recent CA cert is included

type SyncingReader 

type SyncingReader interface {
	client.Reader
	WaitForCacheSync(stop <-chan struct{}) bool
}

SyncingSource is a reader that needs syncing prior to being usable.

type WebhookInfo 

type WebhookInfo struct {
	//Name is the name of the webhook for a validating or mutating webhook, or the CRD name in case of a CRD conversion webhook
	Name string
	Type WebhookType
}

WebhookInfo is used by the rotator to receive info about resources to be updated with certificates

type WebhookType 

type WebhookType int

WebhookType it the type of webhook, either validating/mutating webhook or a CRD conversion webhook 

const (
	//ValidatingWebhook indicates the webhook is a ValidatingWebhook
	Validating WebhookType = iota
	//MutingWebhook indicates the webhook is a MutatingWebhook
	Mutating
	//CRDConversionWebhook indicates the webhook is a conversion webhook
	CRDConversion
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.