writer

package
v1.106.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 11, 2023 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Overview

Package writer provides method to provision and persist the certificates.

It will create the certificates if they don't exist. It will ensure the certificates are valid and not expiring. If not, it will recreate them.

Create a CertWriter that can write the certificate to secret

writer, err := NewSecretCertWriter(SecretCertWriterOptions{
	Secret: types.NamespacedName{Namespace: "foo", Name: "bar"},
	Client: client,
})
if err != nil {
	// handler error
}

Create a CertWriter that can write the certificate to the filesystem.

writer, err := NewFSCertWriter(FSCertWriterOptions{
	Path: "path/to/cert/",
})
if err != nil {
	// handler error
}

Provision the certificates using the CertWriter. The certificate will be available in the desired secret or the desired path.

// writer can be either one of the CertWriters created above
certs, changed, err := writer.EnsureCerts("admissionwebhook.k8s.io", false)
if err != nil {
	// handler error
}

Inject necessary information given the objects.

err = writer.Inject(objs...)
if err != nil {
	// handler error
}

Index

Constants

View Source
const (
	// CAKeyName is the name of the CA private key
	CAKeyName = "ca-key.pem"
	// CACertName is the name of the CA certificate
	CACertName = "ca-cert.pem"
	// ServerKeyName is the name of the server private key
	ServerKeyName = "key.pem"
	// ServerCertName is the name of the serving certificate
	ServerCertName = "cert.pem"
)

Variables

This section is empty.

Functions

func DoesCertificateWorkWithK8sAPIClient

func DoesCertificateWorkWithK8sAPIClient(cert *x509.Certificate) bool

DoesCertificateWorkWithK8sAPIClient returns false if the certificate is not compatible with Kubernetes HTTP clients.

Types

type CertWriter

type CertWriter interface {
	// EnsureCert provisions the cert for the webhookClientConfig.
	EnsureCert(dnsName string) (*generator.Artifacts, bool, error)
	// Inject injects the necessary information given the objects.
	// It supports MutatingWebhookConfiguration and ValidatingWebhookConfiguration.
	Inject(objs ...client.Object) error
}

CertWriter provides method to handle webhooks.

func NewFSCertWriter

func NewFSCertWriter(ops FSCertWriterOptions) (CertWriter, error)

NewFSCertWriter constructs a CertWriter that persists the certificate on filesystem.

func NewSecretCertWriter

func NewSecretCertWriter(ops SecretCertWriterOptions) (CertWriter, error)

NewSecretCertWriter constructs a CertWriter that persists the certificate in a k8s secret.

type FSCertWriterOptions

type FSCertWriterOptions struct {
	// certGenerator generates the certificates.
	CertGenerator generator.CertGenerator
	// path is the directory that the certificate and private key and CA certificate will be written.
	Path string
}

FSCertWriterOptions are options for constructing a FSCertWriter.

type SecretCertWriterOptions

type SecretCertWriterOptions struct {
	// client talks to a kubernetes cluster for creating the secret.
	Client client.Client
	// certGenerator generates the certificates.
	CertGenerator generator.CertGenerator
	// secret points the secret that contains certificates that written by the CertWriter.
	Secret *types.NamespacedName
}

SecretCertWriterOptions is options for constructing a secretCertWriter.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL