Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var CertCallbackRefreshDuration = 1 * time.Minute
CertCallbackRefreshDuration is exposed so that integration tests can crank up the reload speed.
Functions ¶
This section is empty.
Types ¶
type DynamicClientCertificate ¶
type DynamicClientCertificate interface { // run starts the controller and blocks until context expires // calling run is not necessary, but allows us to refresh certificates // before being required for a request (preventing long latency penalties) Run(ctx context.Context) // GetClientCertificate can be used in you tls config. It makes sure a new // certificate is fetched when the current certificate is expired or does not // match the server's *tls.CertificateRequestInfo. GetClientCertificate(cri *tls.CertificateRequestInfo) (*tls.Certificate, error) }
func NewDynamicClientCertificate ¶
func NewDynamicClientCertificate(ctx context.Context, log logr.Logger, newCertificate NewCertificate, closeIdleConnections func()) DynamicClientCertificate
Dynamic client cert: use file/ secret watch and acceptable server CAs to determine if certificate is still valid and fetch a new version of the cerificate if required. A certificate that is about to expire will cause the connection to be closed.
type NewCertificate ¶
type NewCertificate func(ctx context.Context, existing *tls.Certificate) (*tls.Certificate, error)
Click to show internal directories.
Click to hide internal directories.