chiron

package

v1.0.0-rc3 Latest Latest Go to latest Published: Feb 5, 2024 License: Apache-2.0 Imports: 24 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/apache/dubbo-go-pixiu

Documentation ¶

Index ¶

Constants
func GenCsrName() string
func GenKeyCertK8sCA(client clientset.Interface, ...) ([]byte, []byte, []byte, error)
func SignCSRK8s(client clientset.Interface, csrData []byte, signerName string, ...) ([]byte, []byte, error)
type CsrNameGenerator
type WebhookController
- func NewWebhookController(gracePeriodRatio float32, minGracePeriod time.Duration, ...) (*WebhookController, error)
- func (wc *WebhookController) Run(stopCh <-chan struct{})

Constants ¶

View Source

const (
	// IstioDNSSecretType is the Istio DNS secret annotation type
	IstioDNSSecretType = "istio.io/dns-key-and-cert"
)

View Source

const (

	// cert-manager use below annotation on kubernetes CSR to control TTL for the generated cert.
	RequestLifeTimeAnnotationForCertManager = "experimental.cert-manager.io/request-duration"
)

Variables ¶

This section is empty.

Functions ¶

func GenCsrName ¶

func GenCsrName() string

GenCsrName : Generate CSR Name for Resource. Guarantees returning a resource name that doesn't already exist

func GenKeyCertK8sCA ¶

func GenKeyCertK8sCA(client clientset.Interface, dnsName,
	secretName, secretNamespace, caFilePath string,
	signerName string, approveCsr bool, requestedLifetime time.Duration,
) ([]byte, []byte, []byte, error)

GenKeyCertK8sCA : Generates a key pair and gets public certificate signed by K8s_CA Options are meant to sign DNS certs 1. Generate a CSR 2. Call SignCSRK8sCA to finish rest of the flow

func SignCSRK8s ¶

func SignCSRK8s(client clientset.Interface, csrData []byte, signerName string, usages []certv1.KeyUsage,
	dnsName, caFilePath string, approveCsr, appendCaCert bool, requestedLifetime time.Duration,
) ([]byte, []byte, error)

SignCSRK8s generates a certificate from CSR using the K8s CA 1. Submit a CSR 2. Approve a CSR 3. Read the signed certificate 4. Clean up the artifacts (e.g., delete CSR)

Types ¶

type CsrNameGenerator ¶

type CsrNameGenerator func(string, string) string

type WebhookController ¶

type WebhookController struct {

	// Current CA certificate
	CACert []byte
	// contains filtered or unexported fields
}

WebhookController manages the service accounts' secrets that contains Istio keys and certificates.

func NewWebhookController ¶

func NewWebhookController(gracePeriodRatio float32, minGracePeriod time.Duration,
	client clientset.Interface,
	k8sCaCertFile string,
	secretNames, dnsNames []string,
	secretNamespace string, certIssuer string) (*WebhookController, error)

NewWebhookController returns a pointer to a newly constructed WebhookController instance.

func (*WebhookController) Run ¶

func (wc *WebhookController) Run(stopCh <-chan struct{})

Run starts the WebhookController until stopCh is notified.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL