Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var CertCallbackRefreshDuration = 5 * time.Minute
CertCallbackRefreshDuration is exposed so that integration tests can crank up the reload speed.
Functions ¶
This section is empty.
Types ¶
type DynamicRootCAs ¶
type DynamicRootCAs interface { // run starts the controller and blocks until context expires // calling run is not necessary, but allows us to refresh certificates // before being required for a request (preventing long latency penalties) Run(ctx context.Context) // GetCertPool returns the latest CA bundle that was read. The controller // tries to reload the certificates periodically. GetCertPool(ctx context.Context) (*x509.CertPool, error) }
func NewDynamicClientCertificate ¶
func NewDynamicClientCertificate(ctx context.Context, log logr.Logger, newCertPool NewCertPool) DynamicRootCAs
Dynamic client cert: use file/ secret watch and acceptable server CAs to determine if certificate is still valid and fetch a new version of the cerificate if required. A certificate that is about to expire will cause the connection to be closed.
Click to show internal directories.
Click to hide internal directories.