Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func RegisterInternalTLSHook ¶
func RegisterInternalTLSHook(conf GenSelfSignedTLSHookConf) bool
RegisterInternalTLSHook Register hook which save tls cert in values from secret. If secret is not created hook generate CA with long expired time and generate tls cert for passed domains signed with generated CA. That CA cert and TLS cert and private key MUST save in secret with helm. Otherwise, every d8 restart will generate new tls cert. Tls cert also has long expired time same as CA 87600h == 10 years. Therese tls cert often use for in cluster https communication with service which order tls Clients need to use CA cert for verify connection
Types ¶
type GenSelfSignedTLSHookConf ¶
type GenSelfSignedTLSHookConf struct {
// SANs - list of domains to include into certificate
SANs []string
// CN - Certificate common Name
// often it is module name
CN string
// Namespace - namespace for TLS secret
Namespace string
// TLSSecretName - TLS secret name
// secret must be TLS secret type https://kubernetes.io/docs/concepts/configuration/secret/#tls-secrets
// CA certificate MUST set to ca.crt key
TLSSecretName string
// FullValuesPathPrefix - prefix full path to store CA certificate TLS private key and cert
// full paths will be
// FullValuesPathPrefix + CA - CA certificate
// FullValuesPathPrefix + Pem - TLS private key
// FullValuesPathPrefix + Key - TLS certificate
// Example: FullValuesPathPrefix = 'prometheusMetricsAdapter.internal.adapter'
// Values to store:
// prometheusMetricsAdapter.internal.adapterCA
// prometheusMetricsAdapter.internal.adapterPem
// prometheusMetricsAdapter.internal.adapterKey
// Data in values store as plain text
// In helm templates you need use `b64enc` function to encode
FullValuesPathPrefix string
}
Source Files
Click to show internal directories.
Click to hide internal directories.