Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type DynamicAuthority ¶
type DynamicAuthority struct {
// Namespace and Name of the Secret resource used to store the authority.
SecretNamespace, SecretName string
// RESTConfig used to connect to the apiserver.
RESTConfig *rest.Config
// The amount of time the root CA certificate will be valid for.
// This must be greater than LeafDuration.
// Defaults to 365d.
CADuration time.Duration
// The amount of time leaf certificates signed by this authority will be
// valid for.
// This must be less than CADuration.
// Defaults to 7d.
LeafDuration time.Duration
// contains filtered or unexported fields
}
DynamicAuthority manages a certificate authority stored in a Secret resource and provides methods to obtain signed leaf certificates. The private key and certificate will be automatically generated, and when nearing expiry, the private key and root certificate will be rotated.
func (*DynamicAuthority) Sign ¶
func (d *DynamicAuthority) Sign(template *x509.Certificate) (*x509.Certificate, error)
Sign will sign the given certificate template using the current version of the managed CA. It will automatically set the NotBefore and NotAfter times appropriately.
func (*DynamicAuthority) WatchRotation ¶
func (d *DynamicAuthority) WatchRotation(stopCh <-chan struct{}) <-chan struct{}
WatchRotation will returns a channel that fires notifications if the CA certificate is rotated/updated. This can be used to automatically trigger rotation of leaf certificates when the root CA changes.
type SignFunc ¶
type SignFunc func(template *x509.Certificate) (*x509.Certificate, error)
Source Files
Click to show internal directories.
Click to hide internal directories.