Documentation
¶
Index ¶
- Constants
- func ApplyDefaultSettings(opts *Options, cfg configv1.BuiltInCertManagement) error
- func BuildAll(opts Options) ([]client.Object, error)
- func CABundleName(stackName string) string
- func CertificatesExpired(opts Options) error
- func ComponentCertSecretNames(stackName string) []string
- func SigningCAExpired(opts Options) error
- func SigningCASecretName(stackName string) string
- type CertExpiredError
- type ComponentCertificates
- type Options
- type Rotation
- type SelfSignedCertKey
- type SigningCA
Constants ¶
const ( // CertificateNotBeforeAnnotation contains the certificate expiration date in RFC3339 format. CertificateNotBeforeAnnotation = "loki.grafana.com/certificate-not-before" // CertificateNotAfterAnnotation contains the certificate expiration date in RFC3339 format. CertificateNotAfterAnnotation = "loki.grafana.com/certificate-not-after" // CertificateIssuer contains the common name of the certificate that signed another certificate. CertificateIssuer = "loki.grafana.com/certificate-issuer" // CertificateHostnames contains the hostnames used by a signer. CertificateHostnames = "loki.grafana.com/certificate-hostnames" )
const (
// CAFile is the file name of the certificate authority file
CAFile = "service-ca.crt"
)
Variables ¶
This section is empty.
Functions ¶
func ApplyDefaultSettings ¶
func ApplyDefaultSettings(opts *Options, cfg configv1.BuiltInCertManagement) error
ApplyDefaultSettings merges the default options with the ones we give.
func BuildAll ¶
BuildAll builds all secrets and configmaps containing CA certificates, CA bundles and client certificates for a LokiStack.
func CABundleName ¶
CABundleName returns the lokistack ca bundle configmap name
func CertificatesExpired ¶
CertificatesExpired returns an error if any certificates expired and the list of expiry reasons.
func ComponentCertSecretNames ¶
ComponentCertSecretNames retruns a list of all loki component certificate secret names.
func SigningCAExpired ¶
SigningCAExpired returns true if the signer certificate expired and the reason of expiry.
func SigningCASecretName ¶
SigningCASecretName returns the lokistack signing CA secret name
Types ¶
type CertExpiredError ¶
CertExpiredError contains information if a certificate expired and the reasons of expiry.
func (*CertExpiredError) Error ¶
func (e *CertExpiredError) Error() string
type ComponentCertificates ¶
type ComponentCertificates map[string]SelfSignedCertKey
ComponentCertificates is a map of lokistack component names to TLS certificates
type Options ¶
type Options struct {
StackName string
StackNamespace string
Rotation Rotation
Signer SigningCA
CABundle *corev1.ConfigMap
RawCACerts []*x509.Certificate
Certificates ComponentCertificates
}
Options is a set of configuration values to use when building manifests for LokiStack certificates.
type Rotation ¶
type Rotation struct {
CACertValidity time.Duration
CACertRefresh time.Duration
TargetCertValidity time.Duration
TargetCertRefresh time.Duration
}
Rotation define the validity/refresh pairs for certificates
func ParseRotation ¶
func ParseRotation(cfg configv1.BuiltInCertManagement) (Rotation, error)
ParseRotation builds a new RotationOptions struct from the feature gate string values.
type SelfSignedCertKey ¶
SelfSignedCertKey rotates a key and cert signed by a signing CA and stores it in a secret.
It creates a new one when - refresh duration is over - or 80% of validity is over - or the cert is expired. - or the signing CA changes.
Source Files