certificate

package

v0.7.1 Latest Latest Go to latest Published: Apr 22, 2026 License: Apache-2.0 Imports: 29 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/mirendev/runtime

Links

Open Source Insights

Documentation ¶

Index ¶

type AutocertController
- func NewAutocertController(opts AutocertControllerOpts) *AutocertController
type AutocertControllerOpts
type Controller
- func NewController(log *slog.Logger, dataPath string, email string, dnsProvider string) *Controller

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AutocertController ¶ added in v0.6.0

type AutocertController struct {
	// contains filtered or unexported fields
}

AutocertController provisions TLS certificates eagerly using HTTP-01 ACME challenges via autocert.Manager. It watches http_route entities and triggers cert provisioning when routes are created, rather than waiting for the first TLS handshake.

func NewAutocertController ¶ added in v0.6.0

func NewAutocertController(opts AutocertControllerOpts) *AutocertController

func (*AutocertController) Delete ¶ added in v0.6.0

func (c *AutocertController) Delete(ctx context.Context, id entity.Id) error

Delete implements DeletingReconcileController — removes the domain from allowedHosts only if no other http_route entities reference the same host.

func (*AutocertController) GetCertificate ¶ added in v0.6.0

func (c *AutocertController) GetCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, error)

GetCertificate implements autotls.CertificateProvider — returns a cert from autocert, falling back to the self-signed cert on any error or timeout.

func (*AutocertController) HTTPHandler ¶ added in v0.6.0

func (c *AutocertController) HTTPHandler(fallback http.Handler) http.Handler

HTTPHandler returns an http.Handler that serves ACME HTTP-01 challenge responses, delegating non-challenge requests to the provided fallback handler.

func (*AutocertController) Init ¶ added in v0.6.0

func (c *AutocertController) Init(ctx context.Context) error

Init implements ReconcileControllerI — creates the autocert.Manager and loads the fallback cert.

func (*AutocertController) Reconcile ¶ added in v0.6.0

func (c *AutocertController) Reconcile(ctx context.Context, route *ingress_v1alpha.HttpRoute, meta *entity.Meta) error

Reconcile implements ReconcileControllerI — adds the route's domain to allowedHosts and eagerly provisions a TLS certificate via autocert.

func (*AutocertController) SetReady ¶ added in v0.6.0

func (c *AutocertController) SetReady()

SetReady signals that the port-80 ACME challenge server is up and accepting connections. This unblocks Reconcile calls that are waiting to provision certificates.

type AutocertControllerOpts ¶ added in v0.7.0

type AutocertControllerOpts struct {
	Log      *slog.Logger
	EAC      *entityserver_v1alpha.EntityAccessClient
	DataPath string
	Email    string

	// PublicIPs, if non-nil, is called before eager provisioning to verify DNS
	// points to this cluster; when nil the check is skipped.
	PublicIPs func() []net.IP
}

type Controller ¶

type Controller struct {
	Log *slog.Logger
	// contains filtered or unexported fields
}

Controller provisions and manages TLS certificates for http_route entities using DNS-01 ACME challenges

func NewController ¶

func NewController(log *slog.Logger, dataPath string, email string, dnsProvider string) *Controller

NewController creates a new certificate controller

func (*Controller) Delete ¶

func (c *Controller) Delete(ctx context.Context, id entity.Id, obj *ingress_v1alpha.HttpRoute) error

Delete handles http_route deletion - we keep the cert in cache/disk for potential reuse

func (*Controller) GetCertificate ¶

func (c *Controller) GetCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, error)

GetCertificate implements tls.Config.GetCertificate - returns cached certs for TLS handshakes

func (*Controller) Init ¶

func (c *Controller) Init(ctx context.Context) error

Init implements ReconcileControllerI - called once at startup

func (*Controller) Reconcile ¶

func (c *Controller) Reconcile(ctx context.Context, route *ingress_v1alpha.HttpRoute, meta *entity.Meta) error

Reconcile implements ReconcileControllerI - called for each http_route add/update and periodic resyncs

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL