certwatcher

package
v0.15.0-alpha.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 17, 2023 License: Apache-2.0 Imports: 11 Imported by: 223

Documentation

Overview

Package certwatcher is a helper for reloading Certificates from disk to be used with tls servers. It provides a helper func `GetCertificate` which can be called from `tls.Config` and passed into your tls.Listener. For a detailed example server view pkg/webhook/server.go.

Example 
package main

import (
	"context"
	"crypto/tls"
	"net/http"
	"time"

	ctrl "sigs.k8s.io/controller-runtime"
	"sigs.k8s.io/controller-runtime/pkg/certwatcher"
)

type sampleServer struct {
}

func main() {
	// Setup Context
	ctx := ctrl.SetupSignalHandler()

	// Initialize a new cert watcher with cert/key pair
	watcher, err := certwatcher.New("ssl/tls.crt", "ssl/tls.key")
	if err != nil {
		panic(err)
	}

	// Start goroutine with certwatcher running fsnotify against supplied certdir
	go func() {
		if err := watcher.Start(ctx); err != nil {
			panic(err)
		}
	}()

	// Setup TLS listener using GetCertficate for fetching the cert when changes
	listener, err := tls.Listen("tcp", "localhost:9443", &tls.Config{
		GetCertificate: watcher.GetCertificate,
		MinVersion:     tls.VersionTLS12,
	})
	if err != nil {
		panic(err)
	}

	// Initialize your tls server
	srv := &http.Server{
		Handler:           &sampleServer{},
		ReadHeaderTimeout: 5 * time.Second,
	}

	// Start goroutine for handling server shutdown.
	go func() {
		<-ctx.Done()
		ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
		defer cancel()
		if err := srv.Shutdown(ctx); err != nil {
			panic(err)
		}
	}()

	// Serve t
	if err := srv.Serve(listener); err != nil && err != http.ErrServerClosed {
		panic(err)
	}
}

func (s *sampleServer) ServeHTTP(http.ResponseWriter, *http.Request) {
}

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type CertWatcher 

type CertWatcher struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

CertWatcher watches certificate and key files for changes. When either file changes, it reads and parses both and calls an optional callback with the new certificate.

func New 

func New(certPath, keyPath string) (*CertWatcher, error)

New returns a new CertWatcher watching the given certificate and key.

func (*CertWatcher) GetCertificate 

func (cw *CertWatcher) GetCertificate(_ *tls.ClientHelloInfo) (*tls.Certificate, error)

GetCertificate fetches the currently loaded certificate, which may be nil.

func (*CertWatcher) ReadCertificate 

func (cw *CertWatcher) ReadCertificate() error

ReadCertificate reads the certificate and key files from disk, parses them, and updates the current certificate on the watcher. If a callback is set, it is invoked with the new certificate.

func (*CertWatcher) RegisterCallback added in v0.15.0 

func (cw *CertWatcher) RegisterCallback(callback func(tls.Certificate))

RegisterCallback registers a callback to be invoked when the certificate changes.

func (*CertWatcher) Start 

func (cw *CertWatcher) Start(ctx context.Context) error

Start starts the watch on the certificate and key files.

func (*CertWatcher) Watch 

func (cw *CertWatcher) Watch()

Watch reads events from the watcher's channel and reacts to changes.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.