Documentation ¶
Index ¶
- func AnnotationsForCertificate(certificate *x509.Certificate) (map[string]string, error)
- func Apply(ctx context.Context, cl cmclient.Interface, fieldManager string, ...) error
- func ApplyStatus(ctx context.Context, cl cmclient.Interface, fieldManager string, ...) error
- func CertificateOwnsSecret(ctx context.Context, certificateLister cmlisters.CertificateLister, ...) (bool, []string, error)
- func OutputFormatCombinedPEM(privateKey, certificate []byte) []byte
- func OutputFormatDER(privateKey []byte) []byte
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AnnotationsForCertificate ¶
func AnnotationsForCertificate(certificate *x509.Certificate) (map[string]string, error)
AnnotationsForCertificate returns a map which is set on all Certificate Secret's Annotations when issued. These annotations contain information about the Certificate. If the X.509 certificate is nil, an empty map will be returned.
func Apply ¶
func Apply(ctx context.Context, cl cmclient.Interface, fieldManager string, crt *cmapi.Certificate) error
Apply will make an Apply API call with the given client to the certificates resource endpoint. All data in the given Certificate's status field is dropped. The given fieldManager is will be used as the FieldManager in the Apply call. Always sets Force Apply to true.
func ApplyStatus ¶
func ApplyStatus(ctx context.Context, cl cmclient.Interface, fieldManager string, crt *cmapi.Certificate) error
ApplyStatus will make a Patch API call with the given client to the certificates status sub-resource endpoint. All data in the given Certificate object is dropped; expect for the name, namespace, and status object. The given fieldManager is will be used as the FieldManager in the Patch call. Always sets Force Patch to true.
func CertificateOwnsSecret ¶
func CertificateOwnsSecret( ctx context.Context, certificateLister cmlisters.CertificateLister, secretLister internalinformers.SecretLister, crt *cmapi.Certificate, ) (bool, []string, error)
We determine whether a Certificate owns its Secret in order to prevent a CertificateRequest creation runaway. We use an annotation on the Secret to determine whether it is owned by a Certificate. We do not use the ownerReferences field on the Secret because the owner reference will not be set if the `--enable-certificate-owner-ref` flag is not set.
We determine if the passed Certificate owns its Secret as follows:
- If the target Secret exists and it is annotated with the name of this Certificate, then this Certificate is the owner.
- If the target Secret exists and it is annotated with the name of another Certificate that has the Secret as its secretRef, then that Certificate is the owner instead.
- If the target Secret exists and it is not annotated with the name of any Certificate, or it is annotated with the name of a Certificate that does not exist, or does not have the Secret as its secretRef, then the oldest Certificate which references it will be assumed to be the future owner.
func OutputFormatCombinedPEM ¶
OutputFormatCombinedPEM returns the byte slice of the PEM encoded private key and signed certificate chain, concatenated. To be used for Certificate's Additional Output Format Combined PEM.
func OutputFormatDER ¶
OutputFormatDER returns the byte slice of the private key in DER format. To be used for Certificate's Additional Output Format DER.
Types ¶
This section is empty.