Documentation ¶
Index ¶
- func NewKubeletClientCertificateManager(certDirectory string, nodeName types.NodeName, certData []byte, keyData []byte, ...) (certificate.Manager, error)
- func NewKubeletServerCertificateManager(kubeClient clientset.Interface, kubeCfg *kubeletconfig.KubeletConfiguration, ...) (certificate.Manager, error)
- func UpdateTransport(stopCh <-chan struct{}, clientConfig *restclient.Config, ...) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewKubeletClientCertificateManager ¶
func NewKubeletClientCertificateManager(certDirectory string, nodeName types.NodeName, certData []byte, keyData []byte, certFile string, keyFile string) (certificate.Manager, error)
NewKubeletClientCertificateManager sets up a certificate manager without a client that can be used to sign new certificates (or rotate). It answers with whatever certificate it is initialized with. If a CSR client is set later, it may begin rotating/renewing the client cert
func NewKubeletServerCertificateManager ¶
func NewKubeletServerCertificateManager(kubeClient clientset.Interface, kubeCfg *kubeletconfig.KubeletConfiguration, nodeName types.NodeName, ips []net.IP, hostnames []string, certDirectory string) (certificate.Manager, error)
NewKubeletServerCertificateManager creates a certificate manager for the kubelet when retrieving a server certificate or returns an error.
func UpdateTransport ¶
func UpdateTransport(stopCh <-chan struct{}, clientConfig *restclient.Config, clientCertificateManager certificate.Manager, exitIfExpired bool) error
UpdateTransport instruments a restconfig with a transport that dynamically uses certificates provided by the manager for TLS client auth.
The config must not already provide an explicit transport.
The returned transport periodically checks the manager to determine if the certificate has changed. If it has, the transport shuts down all existing client connections, forcing the client to re-handshake with the server and use the new certificate.
stopCh should be used to indicate when the transport is unused and doesn't need to continue checking the manager.
Types ¶
This section is empty.