certmanager

package

v0.10.0 Latest Latest Go to latest Published: Jul 18, 2024 License: Apache-2.0 Imports: 18 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/cert-manager/istio-csr

Links

Open Source Insights

Documentation ¶

Index ¶

func New(log logr.Logger, restConfig *rest.Config, opts Options) (*manager, error)
type Bundle
type Options
- func (o Options) HasRuntimeConfiguration() bool
type RuntimeConfigurationWatcher
- func (rcw *RuntimeConfigurationWatcher) NeedLeaderElection() bool
- func (rcw *RuntimeConfigurationWatcher) Start(ctx context.Context) error
type Signer

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func New ¶

func New(log logr.Logger, restConfig *rest.Config, opts Options) (*manager, error)

Types ¶

type Bundle ¶

type Bundle struct {
	Certificate []byte
	CA          []byte
}

Bundle represents the `status.Certificate` and `status.CA` that is populate on a CertificateRequest once it has been signed.

type Options ¶

type Options struct {
	// If PreserveCertificateRequests is true, requests will not be deleted after
	// they are signed.
	PreserveCertificateRequests bool

	// Namespace is the namespace that CertificateRequests will be created in.
	Namespace string

	// IssuerRef is used as the issuerRef on created CertificateRequests.
	IssuerRef cmmeta.ObjectReference

	// IssuanceConfigMapName is the name of a ConfigMap to watch for configuration options. The ConfigMap is expected to be in the same namespace as the csi-driver-spiffe pod.
	IssuanceConfigMapName string

	// IssuanceConfigMapNamespace is the namespace where the runtime configuration ConfigMap is located
	IssuanceConfigMapNamespace string

	// AdditionalAnnotations are any additional annotations to include on created CertificateRequests.
	AdditionalAnnotations map[string]string
}

func (Options) HasRuntimeConfiguration ¶ added in v0.10.0

func (o Options) HasRuntimeConfiguration() bool

type RuntimeConfigurationWatcher ¶ added in v0.10.0

type RuntimeConfigurationWatcher struct {
	// contains filtered or unexported fields
}

RuntimeConfigurationWatcher is a wrapper around ctrlmgr.Runnable for watching runtime config

func (*RuntimeConfigurationWatcher) NeedLeaderElection ¶ added in v0.10.0

func (rcw *RuntimeConfigurationWatcher) NeedLeaderElection() bool

NeedLeaderElection always returns false, ensuring that the runtime configuration watcher is always invoked even if we don't hold the lock. This ensures we use the correct CA for renewing the serving cert, and that we're using the most up-to-date issuerRef for when we do acquire the lock.

func (*RuntimeConfigurationWatcher) Start ¶ added in v0.10.0

func (rcw *RuntimeConfigurationWatcher) Start(ctx context.Context) error

type Signer ¶

type Signer interface {
	// Sign will create a CertificateRequest based on the provided inputs. It will
	// wait for it to reach a terminal state, before optionally deleting it if
	// preserving CertificateRequests if turned off. Will return the certificate
	// bundle on successful signing.
	Sign(ctx context.Context, identities string, csrPEM []byte, duration time.Duration, usages []cmapi.KeyUsage) (Bundle, error)
}

Source Files ¶

View all Source files

certmanager.go

Directories ¶

Path	Synopsis
fake

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL