shared

package
v1.15.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 24, 2024 License: Apache-2.0 Imports: 1 Imported by: 0

Documentation

Overview

Package shared contains shared types for the cert-manager configuration API

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type DynamicServingConfig

type DynamicServingConfig struct {
	// Namespace of the Kubernetes Secret resource containing the TLS certificate
	// used as a CA to sign dynamic serving certificates.
	SecretNamespace string

	// Secret resource name containing the TLS certificate
	// used as a CA to sign dynamic serving certificates.
	SecretName string

	// DNSNames that must be present on serving certificates signed by the CA.
	DNSNames []string

	// LeafDuration is a customizable duration on serving certificates signed by the CA.
	LeafDuration time.Duration
}

DynamicServingConfig makes the controller generate a CA and persist it into Secret resources. This CA will be used by all instances of the controller for signing serving certificates.

func (*DynamicServingConfig) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DynamicServingConfig.

func (*DynamicServingConfig) DeepCopyInto

func (in *DynamicServingConfig) DeepCopyInto(out *DynamicServingConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type FilesystemServingConfig

type FilesystemServingConfig struct {
	// Path to a file containing TLS certificate & chain to serve with
	CertFile string

	// Path to a file containing a TLS private key to serve with
	KeyFile string
}

FilesystemServingConfig enables using a certificate and private key found on the local filesystem. These files will be periodically polled in case they have changed, and dynamically reloaded.

func (*FilesystemServingConfig) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FilesystemServingConfig.

func (*FilesystemServingConfig) DeepCopyInto

func (in *FilesystemServingConfig) DeepCopyInto(out *FilesystemServingConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type LeaderElectionConfig

type LeaderElectionConfig struct {
	// If true, cert-manager will perform leader election between instances to
	// ensure no more than one instance of cert-manager operates at a time
	Enabled bool

	// Namespace used to perform leader election. Only used if leader election is enabled
	Namespace string

	// The duration that non-leader candidates will wait after observing a leadership
	// renewal until attempting to acquire leadership of a led but unrenewed leader
	// slot. This is effectively the maximum duration that a leader can be stopped
	// before it is replaced by another candidate. This is only applicable if leader
	// election is enabled.
	LeaseDuration time.Duration

	// The interval between attempts by the acting master to renew a leadership slot
	// before it stops leading. This must be less than or equal to the lease duration.
	// This is only applicable if leader election is enabled.
	RenewDeadline time.Duration

	// The duration the clients should wait between attempting acquisition and renewal
	// of a leadership. This is only applicable if leader election is enabled.
	RetryPeriod time.Duration
}

func (*LeaderElectionConfig) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LeaderElectionConfig.

func (*LeaderElectionConfig) DeepCopyInto

func (in *LeaderElectionConfig) DeepCopyInto(out *LeaderElectionConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TLSConfig

type TLSConfig struct {
	// cipherSuites is the list of allowed cipher suites for the server.
	// Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants).
	// If not specified, the default for the Go version will be used and may change over time.
	CipherSuites []string

	// minTLSVersion is the minimum TLS version supported.
	// Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants).
	// If not specified, the default for the Go version will be used and may change over time.
	MinTLSVersion string

	// Filesystem enables using a certificate and private key found on the local filesystem.
	// These files will be periodically polled in case they have changed, and dynamically reloaded.
	Filesystem FilesystemServingConfig

	// When Dynamic serving is enabled, the controller will generate a CA used to sign
	// certificates and persist it into a Kubernetes Secret resource (for other replicas of the
	// controller to consume).
	// It will then generate a certificate in-memory for itself using this CA to serve with.
	Dynamic DynamicServingConfig
}

TLSConfig configures how TLS certificates are sourced for serving. Only one of 'filesystem' or 'dynamic' may be specified.

func (*TLSConfig) DeepCopy

func (in *TLSConfig) DeepCopy() *TLSConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSConfig.

func (*TLSConfig) DeepCopyInto

func (in *TLSConfig) DeepCopyInto(out *TLSConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*TLSConfig) DynamicConfigProvided

func (c *TLSConfig) DynamicConfigProvided() bool

func (*TLSConfig) FilesystemConfigProvided

func (c *TLSConfig) FilesystemConfigProvided() bool

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL