Documentation
¶
Overview ¶
Package shared contains shared types for the cert-manager configuration API
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type DynamicServingConfig ¶
type DynamicServingConfig struct {
// Namespace of the Kubernetes Secret resource containing the TLS certificate
// used as a CA to sign dynamic serving certificates.
SecretNamespace string
// Secret resource name containing the TLS certificate
// used as a CA to sign dynamic serving certificates.
SecretName string
// DNSNames that must be present on serving certificates signed by the CA.
DNSNames []string
// LeafDuration is a customizable duration on serving certificates signed by the CA.
LeafDuration time.Duration
}
DynamicServingConfig makes the controller generate a CA and persist it into Secret resources. This CA will be used by all instances of the controller for signing serving certificates.
func (*DynamicServingConfig) DeepCopy ¶
func (in *DynamicServingConfig) DeepCopy() *DynamicServingConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DynamicServingConfig.
func (*DynamicServingConfig) DeepCopyInto ¶
func (in *DynamicServingConfig) DeepCopyInto(out *DynamicServingConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FilesystemServingConfig ¶
type FilesystemServingConfig struct {
// Path to a file containing TLS certificate & chain to serve with
CertFile string
// Path to a file containing a TLS private key to serve with
KeyFile string
}
FilesystemServingConfig enables using a certificate and private key found on the local filesystem. These files will be periodically polled in case they have changed, and dynamically reloaded.
func (*FilesystemServingConfig) DeepCopy ¶
func (in *FilesystemServingConfig) DeepCopy() *FilesystemServingConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FilesystemServingConfig.
func (*FilesystemServingConfig) DeepCopyInto ¶
func (in *FilesystemServingConfig) DeepCopyInto(out *FilesystemServingConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type LeaderElectionConfig ¶
type LeaderElectionConfig struct {
// If true, cert-manager will perform leader election between instances to
// ensure no more than one instance of cert-manager operates at a time
Enabled bool
// Namespace used to perform leader election. Only used if leader election is enabled
Namespace string
// The duration that non-leader candidates will wait after observing a leadership
// renewal until attempting to acquire leadership of a led but unrenewed leader
// slot. This is effectively the maximum duration that a leader can be stopped
// before it is replaced by another candidate. This is only applicable if leader
// election is enabled.
LeaseDuration time.Duration
// The interval between attempts by the acting master to renew a leadership slot
// before it stops leading. This must be less than or equal to the lease duration.
// This is only applicable if leader election is enabled.
RenewDeadline time.Duration
// The duration the clients should wait between attempting acquisition and renewal
// of a leadership. This is only applicable if leader election is enabled.
RetryPeriod time.Duration
}
func (*LeaderElectionConfig) DeepCopy ¶
func (in *LeaderElectionConfig) DeepCopy() *LeaderElectionConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LeaderElectionConfig.
func (*LeaderElectionConfig) DeepCopyInto ¶
func (in *LeaderElectionConfig) DeepCopyInto(out *LeaderElectionConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TLSConfig ¶
type TLSConfig struct {
// cipherSuites is the list of allowed cipher suites for the server.
// Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants).
// If not specified, the default for the Go version will be used and may change over time.
CipherSuites []string
// minTLSVersion is the minimum TLS version supported.
// Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants).
// If not specified, the default for the Go version will be used and may change over time.
MinTLSVersion string
// Filesystem enables using a certificate and private key found on the local filesystem.
// These files will be periodically polled in case they have changed, and dynamically reloaded.
Filesystem FilesystemServingConfig
// When Dynamic serving is enabled, the controller will generate a CA used to sign
// certificates and persist it into a Kubernetes Secret resource (for other replicas of the
// controller to consume).
// It will then generate a certificate in-memory for itself using this CA to serve with.
Dynamic DynamicServingConfig
}
TLSConfig configures how TLS certificates are sourced for serving. Only one of 'filesystem' or 'dynamic' may be specified.
func (*TLSConfig) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSConfig.
func (*TLSConfig) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
Source Files
Directories