credentials

package
v3.0.5-rc1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 2, 2023 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Index

Constants

View Source
const (
	DefaultKubernetesServiceAccountPath = "/var/run/secrets/kubernetes.io/serviceaccount/token"
	DefaultIsitoCaServiceAccountPath    = "/var/run/secrets/tokens/istio-token"
	DefaultRootCertPath                 = "/var/run/secrets/istio/root-cert.pem"
	DefaultIstioCAEndpoint              = "istiod.istio-system.svc:15012"
	DefaultCertSigner                   = "kubernetes.default.svc"
	DefaultClusterID                    = "Kubernetes"
)

Variables

View Source
var (
	PodNamespace       = f(os.Getenv("POD_NAMESPACE"), "default")
	CertTTL            = f(os.Getenv("CERT_TTL"), "31536000")
	RootCertPath       = f(os.Getenv("ROOT_CERT_PATH"), DefaultRootCertPath)
	IstioCAEndpoint    = f(os.Getenv("ISTIO_CA_ENDPOINT"), DefaultIstioCAEndpoint)
	ServiceAccountPath = f(os.Getenv("SERVICE_ACCOUNT_PATH"), DefaultIsitoCaServiceAccountPath)

	URIPrefix          = f(os.Getenv("URI_PREFIX"), "spiffe://")
	Domain             = f(os.Getenv("DOMAIN"), "cluster.local")
	ServiceAccountName = f(os.Getenv("SERVICE_ACCOUNT_NAME"), "default")
)

Functions

func NewSaTokenProvider

func NewSaTokenProvider(tokenPath string) (*saTokenProvider, error)

NewSaTokenProvider return a provider

Types

type AgentCertManager

type AgentCertManager struct {
	// contains filtered or unexported fields
}

AgentCertManager work in istio agent mode

func (*AgentCertManager) GetCertificate

func (c *AgentCertManager) GetCertificate() ([]tls.Certificate, error)

GetCertificate return certificate of application

func (*AgentCertManager) GetRootCertificate

func (c *AgentCertManager) GetRootCertificate() (*x509.CertPool, error)

GetRootCertificate return certificate of ca

type CACertManager

type CACertManager struct {
	// Certs contains a slice of cert/key pairs used to prove local identity.
	Certs []tls.Certificate
	// Roots contains the set of trusted roots to validate the peer's identity.
	Roots *x509.CertPool

	NoAfter time.Time

	RootNoAfter time.Time
	// contains filtered or unexported fields
}

CACertManager work in no agent mode, fetch cert form CA

func (*CACertManager) GetCertificate

func (c *CACertManager) GetCertificate() ([]tls.Certificate, error)

GetCertificate return certificate of application

func (*CACertManager) GetRootCertificate

func (c *CACertManager) GetRootCertificate() (*x509.CertPool, error)

GetRootCertificate return certificate of ca

func (*CACertManager) UpdateCert

func (c *CACertManager) UpdateCert() error

UpdateCert update cert

func (*CACertManager) UpdateRoot

func (c *CACertManager) UpdateRoot() error

UpdateRoot update root cert

type CertManager

type CertManager interface {
	GetCertificate() ([]tls.Certificate, error)
	GetRootCertificate() (*x509.CertPool, error)
}

CertManager manage agent or no agent cert

func NewCertManager

func NewCertManager() (CertManager, error)

NewCertManager return a manager

Directories

Path Synopsis
pemfile
Package pemfile provides a file watching certificate provider plugin implementation which works for files with PEM contents.
Package pemfile provides a file watching certificate provider plugin implementation which works for files with PEM contents.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL