Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CertificateSource ¶
type CertificateSource interface {
// GetCertificate returns a Certificate based on the given
// ClientHelloInfo. It will only be called if the client supplies SNI
// information or if Certificates is empty.
//
// If GetCertificate is nil or returns nil, then the certificate is
// retrieved from NameToCertificate. If NameToCertificate is nil, the
// first element of Certificates will be used.
GetCertificate(*tls.ClientHelloInfo) (*tls.Certificate, error)
// Run will start the certificate source.
// This may include setting up watches on certificate stores, or any other
// kind of background operation.
// The Run function should return when stopCh is closed, and may return an
// error if an irrecoverable error occurs whilst running.
Run(stopCh <-chan struct{}) error
// Healthy can be used to check the status of the CertificateSource.
// It will return true if the source has a certificate available.
Healthy() bool
}
type FileCertificateSource ¶
type FileCertificateSource struct {
// CertPath is the path to the TLS certificate.
// This file will be read periodically and will be used as the private key
// for TLS connections.
CertPath string
// KeyPath is the path to the private key.
// This file will be read periodically and will be used as the private key
// for TLS connections.
KeyPath string
// UpdateInterval is how often the CertPath and KeyPath will be checked for
// changes.
// If not specified, a default of 10s will be used.
UpdateInterval time.Duration
// MaxFailures is the maximum number of times a failure to read data from
// disk should be allowed before treating it as fatal.
// If not specified, a default of 12 will be used.
MaxFailures int
// Log is an optional logger to write informational and error messages to.
// If not specified, no messages will be logged.
Log logr.Logger
// contains filtered or unexported fields
}
FileCertificateSource provides certificate data for a golang HTTP server by reloading data on disk periodically.
func (*FileCertificateSource) GetCertificate ¶
func (f *FileCertificateSource) GetCertificate(*tls.ClientHelloInfo) (*tls.Certificate, error)
func (*FileCertificateSource) Healthy ¶
func (f *FileCertificateSource) Healthy() bool
func (*FileCertificateSource) Run ¶
func (f *FileCertificateSource) Run(stopCh <-chan struct{}) error
type Server ¶
type Server struct {
// ListenAddr is the address the HTTP server should listen on
// This must be specified.
ListenAddr string
// HealthzAddr is the address the healthz HTTP server should listen on
// If not specified, the healthz endpoint will not be exposed.
HealthzAddr string
// EnablePprof controls whether net/http/pprof handlers are registered with
// the HTTP listener.
EnablePprof bool
// Scheme is used to decode/encode request/response payloads.
// If not specified, a default scheme that registers the AdmissionReview
// and ConversionReview resource types will be used.
// It is not used for performing validation, mutation or conversion.
Scheme *runtime.Scheme
// If specified, the server will listen with TLS using certificates
// provided by this CertificateSource.
CertificateSource CertificateSource
ValidationWebhook handlers.ValidatingAdmissionHook
MutationWebhook handlers.MutatingAdmissionHook
ConversionWebhook handlers.ConversionHook
// Log is an optional logger to write informational and error messages to.
// If not specified, no messages will be logged.
Log logr.Logger
// CipherSuites is a slice of TLS Cipher Suite names
CipherSuites []string
}
Source Files
Click to show internal directories.
Click to hide internal directories.