authority

package
v1.14.0-alpha.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 3, 2024 License: Apache-2.0 Imports: 27 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type DynamicAuthority

type DynamicAuthority struct {
	// Namespace and Name of the Secret resource used to store the authority.
	SecretNamespace, SecretName string

	// RESTConfig used to connect to the apiserver.
	RESTConfig *rest.Config

	// The amount of time the root CA certificate will be valid for.
	// This must be greater than LeafDuration.
	// Defaults to 365d.
	CADuration time.Duration

	// The amount of time leaf certificates signed by this authority will be
	// valid for.
	// This must be less than CADuration.
	// Defaults to 7d.
	LeafDuration time.Duration
	// contains filtered or unexported fields
}

DynamicAuthority manages a certificate authority stored in a Secret resource and provides methods to obtain signed leaf certificates. The private key and certificate will be automatically generated, and when nearing expiry, the private key and root certificate will be rotated.

func (*DynamicAuthority) Run

func (d *DynamicAuthority) Run(ctx context.Context) error

func (*DynamicAuthority) Sign

func (d *DynamicAuthority) Sign(template *x509.Certificate) (*x509.Certificate, error)

Sign will sign the given certificate template using the current version of the managed CA. It will automatically set the NotBefore and NotAfter times appropriately.

func (*DynamicAuthority) WatchRotation

func (d *DynamicAuthority) WatchRotation(stopCh <-chan struct{}) <-chan struct{}

WatchRotation will returns a channel that fires notifications if the CA certificate is rotated/updated. This can be used to automatically trigger rotation of leaf certificates when the root CA changes.

type SignFunc

type SignFunc func(template *x509.Certificate) (*x509.Certificate, error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL