certificate

package
v1.110.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 10, 2025 License: Apache-2.0 Imports: 22 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (

	// EventGardenletCertificateRotationFailed is an event reason to describe a failed Gardenlet certificate rotation.
	EventGardenletCertificateRotationFailed = "GardenletCertificateRotationFailed"
)

Functions

func GetCurrentCertificate added in v1.34.0

func GetCurrentCertificate(log logr.Logger, gardenKubeconfig []byte, gardenClientConnection *config.GardenClientConnection) (*tls.Certificate, error)

GetCurrentCertificate returns the client certificate which is currently used to communicate with the garden cluster.

Types

type Manager

type Manager struct {
	// contains filtered or unexported fields
}

Manager can be used to schedule the certificate rotation for the Gardenlet's Garden cluster client certificate

func NewCertificateManager

func NewCertificateManager(log logr.Logger, gardenCluster cluster.Cluster, seedClient client.Client, config *config.GardenletConfiguration) (*Manager, error)

NewCertificateManager creates a certificate manager that can be used to rotate gardenlet's client certificate for the Garden cluster

func (*Manager) ScheduleCertificateRotation

func (cr *Manager) ScheduleCertificateRotation(ctx context.Context, gardenletCancel context.CancelFunc, recorder record.EventRecorder) error

ScheduleCertificateRotation waits until the currently used Garden cluster client certificate approaches expiration. Then requests a new certificate and stores the kubeconfig in a secret (`gardenClientConnection.kubeconfigSecret`) on the Seed. the argument is a context.Cancel function to cancel the context of the Gardenlet used for graceful termination after a successful certificate rotation. When the new gardenlet pod is started, it uses the rotated certificate stored in the secret in the Seed cluster

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL