certwatcher

package

v0.9.0-alpha.1 Latest Latest Go to latest Published: Mar 24, 2021 License: Apache-2.0 Imports: 5 Imported by: 223

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/kubernetes-sigs/controller-runtime

Links

Open Source Insights

Documentation ¶

Overview ¶

Package certwatcher is a helper for reloading Certificates from disk to be used with tls servers. It provides a helper func `GetCertificate` which can be called from `tls.Config` and passed into your tls.Listener. For a detailed example server view pkg/webhook/server.go.

Example ¶

package main

import (
	"context"
	"crypto/tls"
	"net/http"

	ctrl "sigs.k8s.io/controller-runtime"
	"sigs.k8s.io/controller-runtime/pkg/certwatcher"
)

type sampleServer struct {
}

func main() {
	// Setup Context
	ctx := ctrl.SetupSignalHandler()

	// Initialize a new cert watcher with cert/key pari
	watcher, err := certwatcher.New("ssl/tls.crt", "ssl/tls.key")
	if err != nil {
		panic(err)
	}

	// Start goroutine with certwatcher running fsnotify against supplied certdir
	go func() {
		if err := watcher.Start(ctx); err != nil {
			panic(err)
		}
	}()

	// Setup TLS listener using GetCertficate for fetching the cert when changes
	listener, err := tls.Listen("tcp", "localhost:9443", &tls.Config{
		GetCertificate: watcher.GetCertificate,
	})
	if err != nil {
		panic(err)
	}

	// Initialize your tls server
	srv := &http.Server{
		Handler: &sampleServer{},
	}

	// Start goroutine for handling server shutdown.
	go func() {
		<-ctx.Done()
		if err := srv.Shutdown(context.Background()); err != nil {
			panic(err)
		}
	}()

	// Serve t
	if err := srv.Serve(listener); err != nil && err != http.ErrServerClosed {
		panic(err)
	}
}

func (s *sampleServer) ServeHTTP(http.ResponseWriter, *http.Request) {
}

Index ¶

type CertWatcher
- func New(certPath, keyPath string) (*CertWatcher, error)

Examples ¶

Package

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type CertWatcher ¶

type CertWatcher struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

CertWatcher watches certificate and key files for changes. When either file changes, it reads and parses both and calls an optional callback with the new certificate.

func New ¶

func New(certPath, keyPath string) (*CertWatcher, error)

New returns a new CertWatcher watching the given certificate and key.

func (*CertWatcher) GetCertificate ¶

func (cw *CertWatcher) GetCertificate(_ *tls.ClientHelloInfo) (*tls.Certificate, error)

GetCertificate fetches the currently loaded certificate, which may be nil.

func (*CertWatcher) ReadCertificate ¶

func (cw *CertWatcher) ReadCertificate() error

ReadCertificate reads the certificate and key files from disk, parses them, and updates the current certificate on the watcher. If a callback is set, it is invoked with the new certificate.

func (*CertWatcher) Start ¶

func (cw *CertWatcher) Start(ctx context.Context) error

Start starts the watch on the certificate and key files.

func (*CertWatcher) Watch ¶

func (cw *CertWatcher) Watch()

Watch reads events from the watcher's channel and reacts to changes.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL