Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AfterCheckFunctionType ¶
type AfterCheckFunctionType func(certificate *Certificate, needsUpdate bool) error
AfterCheckFunctionType is the function signature for functions run if the check was triggered from outside or after the certificate was renewed.
type Certificate ¶
type Certificate struct { // CACertificate is the PEM encoded certificate authority certificate. CACertificate []byte // CAPrivateKey is the PEM encoded certificate authority private key. CAPrivateKey []byte // ServerCertificate is the PEM encoded server certificate. ServerCertificate []byte // ServerPrivateKey is the PEM encoded server private key. ServerPrivateKey []byte }
Certificate describes an x509 certificate.
func NewCertificate ¶
func NewCertificate(dnsNames []string) (*Certificate, error)
NewCertificate returns a self-signed certificate generated for the specified DNS names or alternatively an error.
func NewCertificateFromDirectory ¶
func NewCertificateFromDirectory(directoryPath string) (*Certificate, error)
NewCertificateFromDirectory returns a certificate by reading the corresponding certificate files from the specified directory path or alternatively an error.
func NewCertificateFromFileContents ¶
func NewCertificateFromFileContents(fileContents map[string][]byte) *Certificate
NewCertificateFromFileContents returns a certificate by mapping the specified certificate file name keys and content values to the certificate fields.
func (*Certificate) Verify ¶
func (certificate *Certificate) Verify(dnsName string, checkTime time.Time) bool
Verify returns true if
1. the server key pair is valid,
and the server certificate
2. is good for the specified DNS name,
3. is signed by the certificate authority certificate, and
4. is valid for the desired period of time,
otherwise returns false.
func (*Certificate) Write ¶
func (certificate *Certificate) Write(directoryPath string) error
Write writes the content of the certificate files held by the certificate to files under the specified directory path using the standard certificate file names or returns an error.
type Renewer ¶
type Renewer struct {
// contains filtered or unexported fields
}
Renewer handles the automatic renewal of certificates.
func NewRenewer ¶
func NewRenewer( logger logr.Logger, dnsNames []string, certificateDirectoryPath string, shouldCheckCertificate bool, afterCheckFunctions ...AfterCheckFunctionType, ) (*Renewer, error)
NewRenewer returns a certificate renewer configured to the specified values.
func (*Renewer) WithAfterCheckFunctions ¶
func (renewer *Renewer) WithAfterCheckFunctions(afterCheckFunctions ...AfterCheckFunctionType)
WithAfterCheckFunctions adds appends the specified functions to the existing after check function chain.
func (*Renewer) WithDNSNames ¶
WithDNSNames sets the DNS names used by the renewer in the certificate.
type WebhookCertifier ¶
type WebhookCertifier struct {
// contains filtered or unexported fields
}
WebhookCertifier handles the generation and renewal of webhook certificates.
func NewWebhookCertifier ¶
func NewWebhookCertifier( logger logr.Logger, webhookName string, webhookManager manager.Manager, certificateRenewer *Renewer, ) *WebhookCertifier
NewWebhookCertifier returns an object which can manage the generation and renewal of a certificate based on a webhook configuration.