Documentation ¶
Overview ¶
Package providers implements generic certificate provider related functionality
Index ¶
- Variables
- func NewCertificateManager(ctx context.Context, kubeClient kubernetes.Interface, kubeConfig *rest.Config, ...) (*certificate.Manager, error)
- func NewCertificateManagerFromMRC(ctx context.Context, kubeClient kubernetes.Interface, kubeConfig *rest.Config, ...) (*certificate.Manager, error)
- type CertManagerOptions
- type Kind
- type MRCCompatClient
- type MRCComposer
- type MRCProviderGenerator
- type Options
- type TresorOptions
- type VaultOptions
Constants ¶
This section is empty.
Variables ¶
var ( // ValidCertificateProviders is the list of supported certificate providers ValidCertificateProviders = []Kind{TresorKind, VaultKind, CertManagerKind} )
Functions ¶
func NewCertificateManager ¶
func NewCertificateManager(ctx context.Context, kubeClient kubernetes.Interface, kubeConfig *rest.Config, providerNamespace string, option Options, computeClient compute.Interface, checkInterval time.Duration, trustDomain string) (*certificate.Manager, error)
NewCertificateManager returns a new certificate manager with a MRC compat client. TODO(4713): Remove and use NewCertificateManagerFromMRC
func NewCertificateManagerFromMRC ¶
func NewCertificateManagerFromMRC(ctx context.Context, kubeClient kubernetes.Interface, kubeConfig *rest.Config, providerNamespace string, option Options, computeClient compute.Interface, checkInterval time.Duration) (*certificate.Manager, error)
NewCertificateManagerFromMRC returns a new certificate manager.
Types ¶
type CertManagerOptions ¶
CertManagerOptions is a type that specifies 'cert-manager.io' certificate provider options
func (CertManagerOptions) AsProviderSpec ¶
func (options CertManagerOptions) AsProviderSpec() v1alpha2.ProviderSpec
AsProviderSpec returns the provider spec generated from the CertManager options
func (CertManagerOptions) Validate ¶
func (options CertManagerOptions) Validate() error
Validate validates the options for cert-manager.io certificate provider
type Kind ¶
type Kind string
Kind specifies the certificate provider kind
const ( // TresorKind represents Tresor, an internal package which leverages Kubernetes secrets and signs certs on the OSM pod TresorKind Kind = "tresor" // VaultKind represents Hashi Vault; OSM is pointed to an external Vault; signing of certs happens on Vault VaultKind Kind = "vault" // CertManagerKind represents cert-manager.io; certificates are requested using cert-manager CertManagerKind Kind = "cert-manager" )
type MRCCompatClient ¶
type MRCCompatClient struct { MRCProviderGenerator // contains filtered or unexported fields }
MRCCompatClient is a backwards compatible client to convert old certificate options into an MRC. Its intent is to match the custom interface that will wrap the MRC k8s informer. TODO(#4502): Remove this entirely once we are fully onboarded to MRC informers.
func (*MRCCompatClient) ListMeshRootCertificates ¶
func (c *MRCCompatClient) ListMeshRootCertificates() ([]*v1alpha2.MeshRootCertificate, error)
ListMeshRootCertificates returns the single, pre-generated MRC. It is intended to implement the certificate.MRCClient interface.
func (*MRCCompatClient) UpdateMeshRootCertificate ¶
func (c *MRCCompatClient) UpdateMeshRootCertificate(mrc *v1alpha2.MeshRootCertificate) error
UpdateMeshRootCertificate is not implemented on the compat client and always returns an error
func (*MRCCompatClient) Watch ¶
func (c *MRCCompatClient) Watch(ctx context.Context) (<-chan certificate.MRCEvent, error)
Watch is a basic Watch implementation for the MRC attached to the compat client
type MRCComposer ¶
type MRCComposer struct { compute.Interface MRCProviderGenerator }
MRCComposer is a composer object that allows consumers to observe MRCs (via List() and Watch()) as well as generate `certificate.Provider`s from those MRCs
func (*MRCComposer) UpdateMeshRootCertificate ¶
func (m *MRCComposer) UpdateMeshRootCertificate(mrc *v1alpha2.MeshRootCertificate) error
UpdateMeshRootCertificate updates the given mesh root certificate.
func (*MRCComposer) Watch ¶
func (m *MRCComposer) Watch(ctx context.Context) (<-chan certificate.MRCEvent, error)
Watch returns a channel that receives events whenever MRCs are added, updated, and deleted from the informerCollection's MRC store. Channels returned from multiple invocations of Watch() are unique and have no coordination with each other. Events are guaranteed to be ordered for any particular resources, but NOT across different resources.
type MRCProviderGenerator ¶
type MRCProviderGenerator struct { // TODO(#4711): move these to the compat client once we have added these fields to the MRC. KeyBitSize int // TODO(#4745): Remove after deprecating the osm.vault.token option. DefaultVaultToken string // contains filtered or unexported fields }
MRCProviderGenerator knows how to convert a given MRC to its appropriate provider.
func (*MRCProviderGenerator) GetCertIssuerForMRC ¶
func (c *MRCProviderGenerator) GetCertIssuerForMRC(mrc *v1alpha2.MeshRootCertificate) (certificate.Issuer, pem.RootCertificate, error)
GetCertIssuerForMRC returns a certificate.Issuer generated from the provided MRC.
type Options ¶
type Options interface { Validate() error AsProviderSpec() v1alpha2.ProviderSpec }
Options is an interface that contains required fields to convert the old style options to the new style MRC for each provider type. TODO(#4502): Remove this interface, and all of the options below.
type TresorOptions ¶
type TresorOptions struct { // No options at the moment SecretName string }
TresorOptions is a type that specifies 'Tresor' certificate provider options
func (TresorOptions) AsProviderSpec ¶
func (options TresorOptions) AsProviderSpec() v1alpha2.ProviderSpec
AsProviderSpec returns the provider spec generated from the tresor options
func (TresorOptions) Validate ¶
func (options TresorOptions) Validate() error
Validate validates the options for Tresor certificate provider
type VaultOptions ¶
type VaultOptions struct { VaultProtocol string VaultHost string VaultToken string // TODO(#4745): Remove after deprecating the osm.vault.token option. Replace with VaultTokenSecretName VaultRole string VaultPort int VaultTokenSecretNamespace string VaultTokenSecretName string VaultTokenSecretKey string }
VaultOptions is a type that specifies 'Hashicorp Vault' certificate provider options
func (VaultOptions) AsProviderSpec ¶
func (options VaultOptions) AsProviderSpec() v1alpha2.ProviderSpec
AsProviderSpec returns the provider spec generated from the vault options
func (VaultOptions) Validate ¶
func (options VaultOptions) Validate() error
Validate validates the options for Hashi Vault certificate provider
Directories ¶
Path | Synopsis |
---|---|
Package certmanager implements the certificate.Manager interface for cert-manager.io as the certificate provider.
|
Package certmanager implements the certificate.Manager interface for cert-manager.io as the certificate provider. |
Package tresor implements the certificate.Manager interface for Tresor, a custom certificate provider in OSM.
|
Package tresor implements the certificate.Manager interface for Tresor, a custom certificate provider in OSM. |
fake
Package fake moves fakes to their own sub-package
|
Package fake moves fakes to their own sub-package |
Package vault implements the certificate.Manager interface for Hashicorp Vault as the certificate provider.
|
Package vault implements the certificate.Manager interface for Hashicorp Vault as the certificate provider. |