Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AddRotator ¶
func AddRotator(mgr manager.Manager, cr *CertRotator) error
AddRotator adds the CertRotator and ReconcileWH to the manager.
Types ¶
type CertRotator ¶
type CertRotator struct {
SecretKey types.NamespacedName
CertDir string
CAName string
CAOrganization string
DNSName string
ExtraDNSNames []string
IsReady chan struct{}
Webhooks []WebhookInfo
// FieldOwner is the optional fieldmanager of the webhook updated fields.
FieldOwner string
RestartOnSecretRefresh bool
ExtKeyUsages *[]x509.ExtKeyUsage
// RequireLeaderElection should be set to true if the CertRotator needs to
// be run in the leader election mode.
RequireLeaderElection bool
// CaCertDuration sets how long a CA cert will be valid for.
CaCertDuration time.Duration
// ServerCertDuration sets how long a server cert will be valid for.
ServerCertDuration time.Duration
// RotationCheckFrequency sets how often the rotation is executed
RotationCheckFrequency time.Duration
// LookaheadInterval sets how long before the certificate is renewed
LookaheadInterval time.Duration
// CertName and Keyname override certificate path
CertName string
KeyName string
// EnableReadinessCheck if true, reconcilation loop will wait for controller-runtime's
// runnable to finish execution.
EnableReadinessCheck bool
// ControllerName allows registering multiple cert-rotator controllers.
// Use the default value unless rotating multiple certificate secrets.
ControllerName string
// contains filtered or unexported fields
}
CertRotator contains cert artifacts and a channel to close when the certs are ready.
func (*CertRotator) CreateCACert ¶
func (cr *CertRotator) CreateCACert(begin, end time.Time) (*KeyPairArtifacts, error)
CreateCACert creates the self-signed CA cert and private key that will be used to sign the server certificate.
func (*CertRotator) CreateCertPEM ¶
func (cr *CertRotator) CreateCertPEM(ca *KeyPairArtifacts, begin, end time.Time) ([]byte, []byte, error)
CreateCertPEM takes the results of CreateCACert and uses it to create the PEM-encoded public certificate and private key, respectively.
func (*CertRotator) NeedLeaderElection ¶ added in v0.5.0
func (cr *CertRotator) NeedLeaderElection() bool
type KeyPairArtifacts ¶
type KeyPairArtifacts struct {
Cert *x509.Certificate
Key *rsa.PrivateKey
CertPEM []byte
KeyPEM []byte
}
KeyPairArtifacts stores cert artifacts.
type ReconcileWH ¶
type ReconcileWH struct {
// contains filtered or unexported fields
}
ReconcileWH reconciles a validatingwebhookconfiguration, making sure it has the appropriate CA cert.
type SyncingReader ¶
SyncingReader is a reader that needs syncing prior to being usable.
type WebhookInfo ¶
type WebhookInfo struct {
// Name is the name of the webhook for a validating or mutating webhook, or the CRD name in case of a CRD conversion webhook
Name string
Type WebhookType
}
WebhookInfo is used by the rotator to receive info about resources to be updated with certificates.
type WebhookType ¶
type WebhookType int
WebhookType it the type of webhook, either validating/mutating webhook, a CRD conversion webhook, or an extension API server.
const ( // Validating indicates the webhook is a ValidatingWebhook. Validating WebhookType = iota // Mutating indicates the webhook is a MutatingWebhook. Mutating // CRDConversion indicates the webhook is a conversion webhook. CRDConversion // APIService indicates the webhook is an extension API server. APIService // ExternalDataProvider indicates the webhook is a Gatekeeper External Data Provider. ExternalDataProvider )
Source Files