auth

package

v0.0.0-...-d3eceb9 Latest Latest Go to latest Published: Aug 31, 2017 License: Apache-2.0 Imports: 7 Imported by: 0

Details

View Source

const CaCertPEMFile = "ca.crt"

CaCertPEMFile is the name of the CaCertPEMFile in the SecretDirectory directory.

View Source

const CertPEMFile = "cert.pem"

CertPEMFile is the name of the CertPEsMFile in the SecretDirectory directory.

View Source

const KeyPEMFile = "key.pem"

KeyPEMFile is the name of the KeyPEMFile in the SecretDirectory directory.

This section is empty.

This section is empty.

type Certs struct {
	// contains filtered or unexported fields
}

Certs is used to monitor the Certificate used all over the Kubernetes Cluster.

func NewCertsWatcher(client kubernetes.Client, pki enforcer.PublicKeyAdder, nodeAnnotationKey string) *Certs

NewCertsWatcher creates a new Certs object and start watching for changes and updates on all the nodes on the Kube Cluster.

func (c *Certs) AddCertToNodeAnnotation(client kubernetes.Client, cert []byte)

AddCertToNodeAnnotation registers the Cert of this node as an annotation on the KubeAPI.

func (c *Certs) StartWatchingCerts()

StartWatchingCerts processes all the events for certs.

func (c *Certs) StopWatchingCerts()

StopWatchingCerts stops watching for new certs and stops all the routines.

func (c *Certs) SyncNodeCerts(client kubernetes.Client) error

SyncNodeCerts syncs all the nodes on the Kube Cluster and register the certs written as annotations.

type PKI struct {
	KeyPEM    []byte
	CertPEM   []byte
	CaCertPEM []byte
}

A PKI is used to

func LoadPKI(dir string) (*PKI, error)

LoadPKI Create a new PKISecret from Kube Secret.