Affected by 
Documentation
¶
Index ¶
- Constants
- Variables
- func GenerateRootCASecretName() string
- func GenerateTLSPairSecretName() string
- func InClusterServiceName() string
- func IsKyvernoInRollingUpdate(deploy *appsv1.Deployment) bool
- func IsSecretManagedByKyverno(secret *corev1.Secret) bool
- func ReadRootCASecret(client kubernetes.Interface, metricsConfig metrics.MetricsConfigManager) ([]byte, error)
- type CertRenewer
Constants ¶
View Source
const ( // CertRenewalInterval is the renewal interval for rootCA CertRenewalInterval time.Duration = 12 * time.Hour // CAValidityDuration is the valid duration for CA certificates CAValidityDuration time.Duration = 365 * 24 * time.Hour // TLSValidityDuration is the valid duration for TLS certificates TLSValidityDuration time.Duration = 150 * 24 * time.Hour // ManagedByLabel is added to Kyverno managed secrets ManagedByLabel string = "cert.kyverno.io/managed-by" RootCAKey string = "rootCA.crt" )
Variables ¶
View Source
var ErrorsNotFound = "root CA certificate not found"
Functions ¶
func GenerateRootCASecretName ¶ added in v1.5.4
func GenerateRootCASecretName() string
func GenerateTLSPairSecretName ¶ added in v1.5.4
func GenerateTLSPairSecretName() string
func InClusterServiceName ¶ added in v1.8.0
func InClusterServiceName() string
InClusterServiceName The generated service name should be the common name for TLS certificate
func IsKyvernoInRollingUpdate ¶ added in v1.4.0
func IsKyvernoInRollingUpdate(deploy *appsv1.Deployment) bool
IsKyvernoInRollingUpdate returns true if Kyverno is in rolling update
func IsSecretManagedByKyverno ¶ added in v1.8.0
func ReadRootCASecret ¶ added in v1.3.5
func ReadRootCASecret(client kubernetes.Interface, metricsConfig metrics.MetricsConfigManager) ([]byte, error)
ReadRootCASecret returns the RootCA from the pre-defined secret
Types ¶
type CertRenewer ¶ added in v1.3.5
type CertRenewer struct {
// contains filtered or unexported fields
}
CertRenewer creates rootCA and pem pair to register webhook configurations and webhook server renews RootCA at the given interval
func NewCertRenewer ¶ added in v1.3.5
func NewCertRenewer(client kubernetes.Interface, clientConfig *rest.Config, certRenewalInterval, caValidityDuration, tlsValidityDuration time.Duration, serverIP string, log logr.Logger) (*CertRenewer, error)
NewCertRenewer returns an instance of CertRenewer
func (*CertRenewer) InitTLSPemPair ¶ added in v1.3.5
func (c *CertRenewer) InitTLSPemPair() error
InitTLSPemPair Loads or creates PEM private key and TLS certificate for webhook server. Created pair is stored in cluster's secret.
func (*CertRenewer) RenewCA ¶ added in v1.8.0
func (c *CertRenewer) RenewCA() error
RenewTLS renews the CA certificate if needed
func (*CertRenewer) RenewTLS ¶ added in v1.8.0
func (c *CertRenewer) RenewTLS() error
RenewTLS renews the TLS certificate if needed
func (*CertRenewer) ValidateCert ¶ added in v1.8.0
func (c *CertRenewer) ValidateCert() (bool, error)
ValidateCert validates the CA Cert
Source Files
Click to show internal directories.
Click to hide internal directories.