tls

package

v1.8.0-rc6 Latest Latest Go to latest Published: Oct 7, 2022 License: Apache-2.0 Imports: 24 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kyverno/kyverno

Documentation ¶

Index ¶

Constants
Variables
func GenerateRootCASecretName() string
func GenerateTLSPairSecretName() string
func InClusterServiceName() string
func IsKyvernoInRollingUpdate(deploy *appsv1.Deployment) bool
func IsSecretManagedByKyverno(secret *corev1.Secret) bool
func ReadRootCASecret(client kubernetes.Interface, metricsConfig metrics.MetricsConfigManager) ([]byte, error)
type CertRenewer
- func NewCertRenewer(client kubernetes.Interface, clientConfig *rest.Config, ...) (*CertRenewer, error)

Constants ¶

View Source

const (
	// CertRenewalInterval is the renewal interval for rootCA
	CertRenewalInterval time.Duration = 12 * time.Hour
	// CAValidityDuration is the valid duration for CA certificates
	CAValidityDuration time.Duration = 365 * 24 * time.Hour
	// TLSValidityDuration is the valid duration for TLS certificates
	TLSValidityDuration time.Duration = 150 * 24 * time.Hour
	// ManagedByLabel is added to Kyverno managed secrets
	ManagedByLabel string = "cert.kyverno.io/managed-by"
	RootCAKey      string = "rootCA.crt"
)

Variables ¶

View Source

var ErrorsNotFound = "root CA certificate not found"

Functions ¶

func GenerateRootCASecretName ¶ added in v1.5.4

func GenerateRootCASecretName() string

func GenerateTLSPairSecretName ¶ added in v1.5.4

func GenerateTLSPairSecretName() string

func InClusterServiceName ¶ added in v1.8.0

func InClusterServiceName() string

InClusterServiceName The generated service name should be the common name for TLS certificate

func IsKyvernoInRollingUpdate ¶ added in v1.4.0

func IsKyvernoInRollingUpdate(deploy *appsv1.Deployment) bool

IsKyvernoInRollingUpdate returns true if Kyverno is in rolling update

func IsSecretManagedByKyverno ¶ added in v1.8.0

func IsSecretManagedByKyverno(secret *corev1.Secret) bool

func ReadRootCASecret ¶ added in v1.3.5

func ReadRootCASecret(client kubernetes.Interface, metricsConfig metrics.MetricsConfigManager) ([]byte, error)

ReadRootCASecret returns the RootCA from the pre-defined secret

Types ¶

type CertRenewer ¶ added in v1.3.5

type CertRenewer struct {
	// contains filtered or unexported fields
}

CertRenewer creates rootCA and pem pair to register webhook configurations and webhook server renews RootCA at the given interval

func NewCertRenewer ¶ added in v1.3.5

func NewCertRenewer(client kubernetes.Interface, clientConfig *rest.Config, certRenewalInterval, caValidityDuration, tlsValidityDuration time.Duration, serverIP string, log logr.Logger) (*CertRenewer, error)

NewCertRenewer returns an instance of CertRenewer

func (*CertRenewer) InitTLSPemPair ¶ added in v1.3.5

func (c *CertRenewer) InitTLSPemPair() error

InitTLSPemPair Loads or creates PEM private key and TLS certificate for webhook server. Created pair is stored in cluster's secret.

func (*CertRenewer) RenewCA ¶ added in v1.8.0

func (c *CertRenewer) RenewCA() error

RenewTLS renews the CA certificate if needed

func (*CertRenewer) RenewTLS ¶ added in v1.8.0

func (c *CertRenewer) RenewTLS() error

RenewTLS renews the TLS certificate if needed

func (*CertRenewer) ValidateCert ¶ added in v1.8.0

func (c *CertRenewer) ValidateCert() (bool, error)

ValidateCert validates the CA Cert

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL