Documentation ¶
Overview ¶
An example implementation of a CSR Controller.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CertificateAuthority ¶
type CertificateAuthority struct { // Chain including the signing CA (as leaf), up to the roots // tls.crt Chain []byte // Roots contains the ca.crt Roots []byte Key []byte Certificate *x509.Certificate PrivateKey crypto.Signer }
CertificateAuthority implements a certificate authority that supports policy based signing. It's used by the signing controller.
func (*CertificateAuthority) Init ¶
func (ca *CertificateAuthority) Init() (err error)
func (*CertificateAuthority) Sign ¶
func (ca *CertificateAuthority) Sign(crDER []byte) ([]byte, error)
Sign signs a certificate request, applying a SigningPolicy and returns a DER encoded x509 certificate.
func (*CertificateAuthority) SignCSR ¶
func (s *CertificateAuthority) SignCSR(x509cr *x509.CertificateRequest) ([]byte, error)
SingCSR signs the certificate and returns a full chain.
type K8SSigner ¶
type K8SSigner struct { K8SClient *kubernetes.Clientset Name string Signer *CertificateAuthority // contains filtered or unexported fields }
func NewK8SSigner ¶
func NewK8SSigner(cl *kubernetes.Clientset, s string, factory informers.SharedInformerFactory, signers *CertificateAuthority) *K8SSigner
Click to show internal directories.
Click to hide internal directories.