certificate

package
v0.6.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 17, 2026 License: Apache-2.0 Imports: 27 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AutocertController added in v0.6.0 

type AutocertController struct {
	// contains filtered or unexported fields
}

AutocertController provisions TLS certificates eagerly using HTTP-01 ACME challenges via autocert.Manager. It watches http_route entities and triggers cert provisioning when routes are created, rather than waiting for the first TLS handshake.

func NewAutocertController added in v0.6.0 

func NewAutocertController(log *slog.Logger, eac *entityserver_v1alpha.EntityAccessClient, dataPath string, email string) *AutocertController

NewAutocertController creates a new autocert controller for HTTP-01 ACME challenges.

func (*AutocertController) Delete added in v0.6.0 

func (c *AutocertController) Delete(ctx context.Context, id entity.Id) error

Delete implements DeletingReconcileController — removes the domain from allowedHosts only if no other http_route entities reference the same host.

func (*AutocertController) GetCertificate added in v0.6.0 

func (c *AutocertController) GetCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, error)

GetCertificate implements autotls.CertificateProvider — returns a cert from autocert, falling back to the self-signed cert on any error.

func (*AutocertController) HTTPHandler added in v0.6.0 

func (c *AutocertController) HTTPHandler(fallback http.Handler) http.Handler

HTTPHandler returns an http.Handler that serves ACME HTTP-01 challenge responses, delegating non-challenge requests to the provided fallback handler.

func (*AutocertController) Init added in v0.6.0 

func (c *AutocertController) Init(ctx context.Context) error

Init implements ReconcileControllerI — creates the autocert.Manager and loads the fallback cert.

func (*AutocertController) Reconcile added in v0.6.0 

func (c *AutocertController) Reconcile(ctx context.Context, route *ingress_v1alpha.HttpRoute, meta *entity.Meta) error

Reconcile implements ReconcileControllerI — adds the route's domain to allowedHosts and eagerly provisions a TLS certificate via autocert.

func (*AutocertController) SetReady added in v0.6.0 

func (c *AutocertController) SetReady()

SetReady signals that the port-80 ACME challenge server is up and accepting connections. This unblocks Reconcile calls that are waiting to provision certificates.

type Controller 

type Controller struct {
	Log *slog.Logger
	// contains filtered or unexported fields
}

Controller provisions and manages TLS certificates for http_route entities using DNS-01 ACME challenges

func NewController 

func NewController(log *slog.Logger, dataPath string, email string, dnsProvider string) *Controller

NewController creates a new certificate controller

func (*Controller) Delete 

func (c *Controller) Delete(ctx context.Context, id entity.Id, obj *ingress_v1alpha.HttpRoute) error

Delete handles http_route deletion - we keep the cert in cache/disk for potential reuse

func (*Controller) GetCertificate 

func (c *Controller) GetCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, error)

GetCertificate implements tls.Config.GetCertificate - returns cached certs for TLS handshakes

func (*Controller) Init 

func (c *Controller) Init(ctx context.Context) error

Init implements ReconcileControllerI - called once at startup

func (*Controller) Reconcile 

func (c *Controller) Reconcile(ctx context.Context, route *ingress_v1alpha.HttpRoute, meta *entity.Meta) error

Reconcile implements ReconcileControllerI - called for each http_route add/update and periodic resyncs

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.