Documentation ¶
Overview ¶
Package certmanager provides the cert manager for mesh controller.
Index ¶
- type CertManager
- type CertProvider
- type MeshCertProvider
- func (mp *MeshCertProvider) GetAppCertAndKey(serviceName, host, ip string) (cert *spec.Certificate, err error)
- func (mp *MeshCertProvider) GetRootCertAndKey() (cert *spec.Certificate, err error)
- func (mp *MeshCertProvider) ReleaseAppCertAndKey(serviceName, host, ip string) error
- func (mp *MeshCertProvider) ReleaseRootCertAndKey() error
- func (mp *MeshCertProvider) SetAppCertAndKey(serviceName, host, ip string, cert *spec.Certificate) error
- func (mp *MeshCertProvider) SetRootCertAndKey(cert *spec.Certificate) error
- func (mp *MeshCertProvider) SignAppCertAndKey(serviceName, host, ip string, ttl time.Duration) (cert *spec.Certificate, err error)
- func (mp *MeshCertProvider) SignRootCertAndKey(ttl time.Duration) (cert *spec.Certificate, err error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CertManager ¶
type CertManager struct { Provider CertProvider // contains filtered or unexported fields }
CertManager manages the mesh-wide mTLS cert/keys's refreshing, storing into local Etcd.
func NewCertManager ¶
func NewCertManager(superSpec *supervisor.Spec, service *service.Service, certProviderType string, appCertTTL, rootCertTTL time.Duration, store storage.Storage) *CertManager
NewCertManager creates a certmanager.
func (*CertManager) ForceSignAllServices ¶
func (cm *CertManager) ForceSignAllServices()
ForceSignAllServices resigns all services inside mesh regradless it's expired or not.
func (*CertManager) SignIngressController ¶
func (cm *CertManager) SignIngressController() error
SignIngressController signs ingress controller's cert.
func (*CertManager) SignRootCert ¶
func (cm *CertManager) SignRootCert() error
SignRootCert signs the root cert, once the root cert had been resigned it will cause the whole system's application certs to be resigned.
func (*CertManager) SignServiceInstances ¶
func (cm *CertManager) SignServiceInstances(instanceSpecs []*spec.ServiceInstanceSpec) error
SignServiceInstances signs services' instances cert by instanceSpecs parameter.
type CertProvider ¶
type CertProvider interface { // SignAppCertAndKey signs a cert, key pair for one service's instance SignAppCertAndKey(serviceName string, host, ip string, ttl time.Duration) (cert *spec.Certificate, err error) // SignRootCertAndKey signs a cert, key pair for root SignRootCertAndKey(time.Duration) (cert *spec.Certificate, err error) // GetAppCertAndKey gets cert and key for one service's instance GetAppCertAndKey(serviceName, host, ip string) (cert *spec.Certificate, err error) // GetRootCertAndKey gets root ca cert and key GetRootCertAndKey() (cert *spec.Certificate, err error) // ReleaseAppCertAndKey releases one service instance's cert and key ReleaseAppCertAndKey(serviceName, host, ip string) error // ReleaseRootCertAndKey releases root CA cert and key ReleaseRootCertAndKey() error // SetRootCertAndKey sets existing app cert SetAppCertAndKey(serviceName, host, ip string, cert *spec.Certificate) error // SetRootCertAndKey sets exists root cert into provider SetRootCertAndKey(cert *spec.Certificate) error }
CertProvider is the interface declaring the methods for the Certificate provider, such as easemesh-self-sign, Valt, and so on.
type MeshCertProvider ¶
type MeshCertProvider struct { RootCert *spec.Certificate ServiceCerts map[string]*spec.Certificate // contains filtered or unexported fields }
MeshCertProvider is the EaseMesh in-memory, Self-Sign type cert provider.
func NewMeshCertProvider ¶
func NewMeshCertProvider() *MeshCertProvider
NewMeshCertProvider creates a new mesh in-memory, self-sign cert provider
func (*MeshCertProvider) GetAppCertAndKey ¶
func (mp *MeshCertProvider) GetAppCertAndKey(serviceName, host, ip string) (cert *spec.Certificate, err error)
GetAppCertAndKey get cert and key for one service
func (*MeshCertProvider) GetRootCertAndKey ¶
func (mp *MeshCertProvider) GetRootCertAndKey() (cert *spec.Certificate, err error)
GetRootCertAndKey get root ca cert and key
func (*MeshCertProvider) ReleaseAppCertAndKey ¶
func (mp *MeshCertProvider) ReleaseAppCertAndKey(serviceName, host, ip string) error
ReleaseAppCertAndKey releases one service's cert and key
func (*MeshCertProvider) ReleaseRootCertAndKey ¶
func (mp *MeshCertProvider) ReleaseRootCertAndKey() error
ReleaseRootCertAndKey releases root CA cert and key
func (*MeshCertProvider) SetAppCertAndKey ¶
func (mp *MeshCertProvider) SetAppCertAndKey(serviceName, host, ip string, cert *spec.Certificate) error
SetAppCertAndKey sets service cert into local memory
func (*MeshCertProvider) SetRootCertAndKey ¶
func (mp *MeshCertProvider) SetRootCertAndKey(cert *spec.Certificate) error
SetRootCertAndKey sets root cert into local memory
func (*MeshCertProvider) SignAppCertAndKey ¶
func (mp *MeshCertProvider) SignAppCertAndKey(serviceName, host, ip string, ttl time.Duration) (cert *spec.Certificate, err error)
SignAppCertAndKey Signs a cert, key pair for one service
func (*MeshCertProvider) SignRootCertAndKey ¶
func (mp *MeshCertProvider) SignRootCertAndKey(ttl time.Duration) (cert *spec.Certificate, err error)
SignRootCertAndKey signs a cert, key pair for root.