Documentation
¶
Index ¶
Constants ¶
View Source
const (
// CertSigner info
CertSigner = "CertSigner"
)
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CitadelClient ¶
type CitadelClient struct {
// contains filtered or unexported fields
}
func NewCitadelClient ¶
func NewCitadelClient(opts *Options) (*CitadelClient, error)
NewCitadelClient create a CA client for Citadel.
func (*CitadelClient) CSRSign ¶
func (c *CitadelClient) CSRSign(csrPEM []byte, certValidTTLInSec int64) ([]string, error)
CSR Sign calls Citadel to sign a CSR.
func (*CitadelClient) Close ¶
func (c *CitadelClient) Close()
func (*CitadelClient) GetRootCertBundle ¶
func (c *CitadelClient) GetRootCertBundle() ([]string, error)
GetRootCertBundle: Citadel (Istiod) CA doesn't publish any endpoint to retrieve CA certs
type Options ¶
type Options struct {
CAEndpoint string
CAEndpointSAN string
TokenProvider credentials.PerRPCCredentials
GRPCOptions []grpc.DialOption
CertSigner string
ClusterID string
TrustedRoots *x509.CertPool
// ProvCert contains a long-lived 'provider' certificate that will be
// exchanged with the workload certificate.
// It is a cert signed by same CA (or a CA trusted by Istiod).
// It is still exchanged because Istiod may add info to the cert.
ProvCert string
}
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.