Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var (
ErrNotAvailable = errors.New("no tls.Certificate available")
)
Functions ¶
This section is empty.
Types ¶
type CertificateSource ¶
type CertificateSource interface { // GetCertificate returns a Certificate based on the given // ClientHelloInfo. It will only be called if the client supplies SNI // information or if Certificates is empty. // // If GetCertificate is nil or returns nil, then the certificate is // retrieved from NameToCertificate. If NameToCertificate is nil, the // first element of Certificates will be used. GetCertificate(*tls.ClientHelloInfo) (*tls.Certificate, error) // Run will start the certificate source. // This may include setting up watches on certificate stores, or any other // kind of background operation. // The Run function should return when stopCh is closed, and may return an // error if an irrecoverable error occurs whilst running. Run(stopCh <-chan struct{}) error // Healthy can be used to check the status of the CertificateSource. // It will return true if the source has a certificate available. Healthy() bool }
type DynamicSource ¶
type DynamicSource struct { // DNSNames that will be set on certificates this source produces. DNSNames []string // The authority used to sign certificate templates. Authority *authority.DynamicAuthority // Log is an optional logger to write informational and error messages to. // If not specified, no messages will be logged. Log logr.Logger // contains filtered or unexported fields }
DynamicSource provides certificate data for a golang HTTP server by automatically generating certificates using an authority.SignFunc.
func (*DynamicSource) GetCertificate ¶
func (f *DynamicSource) GetCertificate(*tls.ClientHelloInfo) (*tls.Certificate, error)
func (*DynamicSource) Healthy ¶
func (f *DynamicSource) Healthy() bool
func (*DynamicSource) Run ¶
func (f *DynamicSource) Run(stopCh <-chan struct{}) error
type FileCertificateSource ¶
type FileCertificateSource struct { // CertPath is the path to the TLS certificate. // This file will be read periodically and will be used as the private key // for TLS connections. CertPath string // KeyPath is the path to the private key. // This file will be read periodically and will be used as the private key // for TLS connections. KeyPath string // UpdateInterval is how often the CertPath and KeyPath will be checked for // changes. // If not specified, a default of 10s will be used. UpdateInterval time.Duration // MaxFailures is the maximum number of times a failure to read data from // disk should be allowed before treating it as fatal. // If not specified, a default of 12 will be used. MaxFailures int // Log is an optional logger to write informational and error messages to. // If not specified, no messages will be logged. Log logr.Logger // contains filtered or unexported fields }
FileCertificateSource provides certificate data for a golang HTTP server by reloading data on disk periodically.
func (*FileCertificateSource) GetCertificate ¶
func (f *FileCertificateSource) GetCertificate(*tls.ClientHelloInfo) (*tls.Certificate, error)
func (*FileCertificateSource) Healthy ¶
func (f *FileCertificateSource) Healthy() bool
func (*FileCertificateSource) Run ¶
func (f *FileCertificateSource) Run(stopCh <-chan struct{}) error
Click to show internal directories.
Click to hide internal directories.