certmanager

package
v2.6.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 16, 2023 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Overview

Package certmanager provides the cert manager for mesh controller.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type CertManager

type CertManager struct {
	Provider CertProvider
	// contains filtered or unexported fields
}

CertManager manages the mesh-wide mTLS cert/keys's refreshing, storing into local Etcd.

func NewCertManager

func NewCertManager(superSpec *supervisor.Spec, service *service.Service, certProviderType string, appCertTTL, rootCertTTL time.Duration, store storage.Storage) *CertManager

NewCertManager creates a certmanager.

func (*CertManager) Close

func (cm *CertManager) Close()

Close closes the certmanager

func (*CertManager) ForceSignAllServices

func (cm *CertManager) ForceSignAllServices()

ForceSignAllServices resigns all services inside mesh regradless it's expired or not.

func (*CertManager) SignIngressController

func (cm *CertManager) SignIngressController() error

SignIngressController signs ingress controller's cert.

func (*CertManager) SignRootCert

func (cm *CertManager) SignRootCert() error

SignRootCert signs the root cert, once the root cert had been resigned it will cause the whole system's application certs to be resigned.

func (*CertManager) SignServiceInstances

func (cm *CertManager) SignServiceInstances(instanceSpecs []*spec.ServiceInstanceSpec) error

SignServiceInstances signs services' instances cert by instanceSpecs parameter.

type CertProvider

type CertProvider interface {
	// SignAppCertAndKey signs a cert, key pair for one service's instance
	SignAppCertAndKey(serviceName string, host, ip string, ttl time.Duration) (cert *spec.Certificate, err error)

	// SignRootCertAndKey signs a cert, key pair for root
	SignRootCertAndKey(time.Duration) (cert *spec.Certificate, err error)

	// GetAppCertAndKey gets cert and key for one service's instance
	GetAppCertAndKey(serviceName, host, ip string) (cert *spec.Certificate, err error)

	// GetRootCertAndKey gets root ca cert and key
	GetRootCertAndKey() (cert *spec.Certificate, err error)

	// ReleaseAppCertAndKey releases one service instance's cert and key
	ReleaseAppCertAndKey(serviceName, host, ip string) error

	// ReleaseRootCertAndKey releases root CA cert and key
	ReleaseRootCertAndKey() error

	// SetRootCertAndKey sets existing app cert
	SetAppCertAndKey(serviceName, host, ip string, cert *spec.Certificate) error

	// SetRootCertAndKey sets exists root cert into provider
	SetRootCertAndKey(cert *spec.Certificate) error
}

CertProvider is the interface declaring the methods for the Certificate provider, such as easemesh-self-sign, Valt, and so on.

type MeshCertProvider

type MeshCertProvider struct {
	RootCert     *spec.Certificate
	ServiceCerts map[string]*spec.Certificate
	// contains filtered or unexported fields
}

MeshCertProvider is the EaseMesh in-memory, Self-Sign type cert provider.

func NewMeshCertProvider

func NewMeshCertProvider() *MeshCertProvider

NewMeshCertProvider creates a new mesh in-memory, self-sign cert provider

func (*MeshCertProvider) GetAppCertAndKey

func (mp *MeshCertProvider) GetAppCertAndKey(serviceName, host, ip string) (cert *spec.Certificate, err error)

GetAppCertAndKey get cert and key for one service

func (*MeshCertProvider) GetRootCertAndKey

func (mp *MeshCertProvider) GetRootCertAndKey() (cert *spec.Certificate, err error)

GetRootCertAndKey get root ca cert and key

func (*MeshCertProvider) ReleaseAppCertAndKey

func (mp *MeshCertProvider) ReleaseAppCertAndKey(serviceName, host, ip string) error

ReleaseAppCertAndKey releases one service's cert and key

func (*MeshCertProvider) ReleaseRootCertAndKey

func (mp *MeshCertProvider) ReleaseRootCertAndKey() error

ReleaseRootCertAndKey releases root CA cert and key

func (*MeshCertProvider) SetAppCertAndKey

func (mp *MeshCertProvider) SetAppCertAndKey(serviceName, host, ip string, cert *spec.Certificate) error

SetAppCertAndKey sets service cert into local memory

func (*MeshCertProvider) SetRootCertAndKey

func (mp *MeshCertProvider) SetRootCertAndKey(cert *spec.Certificate) error

SetRootCertAndKey sets root cert into local memory

func (*MeshCertProvider) SignAppCertAndKey

func (mp *MeshCertProvider) SignAppCertAndKey(serviceName, host, ip string, ttl time.Duration) (cert *spec.Certificate, err error)

SignAppCertAndKey Signs a cert, key pair for one service

func (*MeshCertProvider) SignRootCertAndKey

func (mp *MeshCertProvider) SignRootCertAndKey(ttl time.Duration) (cert *spec.Certificate, err error)

SignRootCertAndKey signs a cert, key pair for root.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL