issuer

package
v0.4.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 10, 2018 License: Apache-2.0 Imports: 10 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// IssuerACME is the name of the ACME issuer
	IssuerACME string = "acme"
	// IssuerCA is the name of the simple issuer
	IssuerCA string = "ca"
	// IssuerVault is the name of the Vault issuer
	IssuerVault string = "vault"
	// IssuerSelfSigned is a self signing issuer
	IssuerSelfSigned string = "selfsigned"
)

Variables

This section is empty.

Functions

func Register

func Register(name string, c Constructor)

Register will register an issuer constructor so it can be used within the application. 'name' should be unique, and should be used to identify this issuer. TODO: move this method to be on Factory, and invent a way to obtain a SharedFactory. This will make testing easier.

Types

type Constructor

type Constructor func(v1alpha1.GenericIssuer, *Context) (Interface, error)

Constructor constructs an issuer given an Issuer resource and a Context. An error will be returned if the appropriate issuer is not registered.

type Context

type Context struct {
	// Client is a Kubernetes clientset
	Client kubernetes.Interface
	// CMClient is a cert-manager clientset
	CMClient clientset.Interface
	// Recorder is an EventRecorder to log events to
	Recorder record.EventRecorder

	// KubeSharedInformerFactory can be used to obtain shared
	// SharedIndexInformer instances for Kubernetes types
	KubeSharedInformerFactory kubeinformers.SharedInformerFactory
	// SharedInformerFactory can be used to obtain shared SharedIndexInformer
	// instances
	SharedInformerFactory informers.SharedInformerFactory

	// ClusterResourceNamespace is the namespace to store resources created by
	// non-namespaced resources (e.g. ClusterIssuer) in.
	ClusterResourceNamespace string
	// ACMEHTTP01SolverImage is the image to use for solving ACME HTTP01
	// challenges
	ACMEHTTP01SolverImage string

	// ClusterIssuerAmbientCredentials controls whether a cluster issuer should
	// pick up ambient credentials, such as those from metadata services, to
	// construct clients.
	ClusterIssuerAmbientCredentials bool

	// IssuerAmbientCredentials controls whether an issuer should pick up ambient
	// credentials, such as those from metadata services, to construct clients.
	IssuerAmbientCredentials bool

	DNS01Nameservers []string

	// RenewBeforeExpiryDuration is the default 'renew before expiry' time for Certificates.
	// Once a certificate is within this duration until expiry, a new Certificate
	// will be attempted to be issued.
	RenewBeforeExpiryDuration time.Duration
}

Context contains various types that are used by Issuer implementations. We purposely don't have specific informers/listers here, and instead keep a reference to a SharedInformerFactory so that issuer constructors can choose themselves which listers are required.

type Factory

type Factory interface {
	IssuerFor(v1alpha1.GenericIssuer) (Interface, error)
}

Factory is an interface that can be used to obtain Issuer implementations. It determines which issuer implementation to use by introspecting the given Issuer resource.

func NewFactory

func NewFactory(ctx *Context) Factory

NewFactory returns a new issuer factory with the given issuer context. The context will be injected into each Issuer upon creation.

type Interface

type Interface interface {
	// Setup initialises the issuer. This may include registering accounts with
	// a service, creating a CA and storing it somewhere, or verifying
	// credentials and authorization with a remote server.
	Setup(ctx context.Context) error
	// Prepare
	Prepare(context.Context, *v1alpha1.Certificate) error
	// Issue attempts to issue a certificate as described by the certificate
	// resource given
	Issue(context.Context, *v1alpha1.Certificate) ([]byte, []byte, error)
	// Renew attempts to renew the certificate describe by the certificate
	// resource given. If no certificate exists, an error is returned.
	Renew(context.Context, *v1alpha1.Certificate) ([]byte, []byte, error)
}

Directories

Path Synopsis
dns
dns/akamai
Package akamai implements a DNS provider for solving the DNS-01 challenge using Akamai FastDNS.
Package akamai implements a DNS provider for solving the DNS-01 challenge using Akamai FastDNS.
dns/azuredns
Package azuredns implements a DNS provider for solving the DNS-01 challenge using Azure DNS.
Package azuredns implements a DNS provider for solving the DNS-01 challenge using Azure DNS.
dns/clouddns
Package clouddns implements a DNS provider for solving the DNS-01 challenge using Google Cloud DNS.
Package clouddns implements a DNS provider for solving the DNS-01 challenge using Google Cloud DNS.
dns/cloudflare
Package cloudflare implements a DNS provider for solving the DNS-01 challenge using cloudflare DNS.
Package cloudflare implements a DNS provider for solving the DNS-01 challenge using cloudflare DNS.
dns/route53
Package route53 implements a DNS provider for solving the DNS-01 challenge using AWS Route 53 DNS.
Package route53 implements a DNS provider for solving the DNS-01 challenge using AWS Route 53 DNS.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL