Documentation ¶
Index ¶
- Constants
- Variables
- func GetCABundleDataFromConfigMap(cm *corev1.ConfigMap) ([]byte, error)
- func GetCABundleFromConfigMap(cm *corev1.ConfigMap) ([]*x509.Certificate, error)
- func GetCertDataFromSecret(secret *corev1.Secret) ([]byte, error)
- func GetCertFromSecret(secret *corev1.Secret) (*x509.Certificate, error)
- func GetCertKeyDataFromSecret(secret *corev1.Secret) ([]byte, []byte, error)
- func GetCertKeyFromSecret(secret *corev1.Secret) (*x509.Certificate, *rsa.PrivateKey, error)
- func GetCertsFromSecret(secret *corev1.Secret) ([]*x509.Certificate, error)
- func GetCertsKeyFromSecret(secret *corev1.Secret) ([]*x509.Certificate, *rsa.PrivateKey, error)
- func GetKeyDataFromSecret(secret *corev1.Secret) ([]byte, error)
- func GetKeyFromSecret(secret *corev1.Secret) (*rsa.PrivateKey, error)
- type CABundleConfig
- type CAConfig
- type CertChainConfig
- type CertChainConfigs
- type CertificateConfig
- type CertificateManager
- type MetaConfig
- type SigningTLSSecret
- type TLSSecret
- func (s *TLSSecret) GetCert() (*x509.Certificate, error)
- func (s *TLSSecret) GetCertKey() (*x509.Certificate, *rsa.PrivateKey, error)
- func (s *TLSSecret) GetCerts() ([]*x509.Certificate, error)
- func (s *TLSSecret) GetCertsKey() ([]*x509.Certificate, *rsa.PrivateKey, error)
- func (s *TLSSecret) GetKey() (*rsa.PrivateKey, error)
- func (s *TLSSecret) GetSecret() *corev1.Secret
- func (s *TLSSecret) MakeCABundle(name string, controller metav1.Object, controllerGVK schema.GroupVersionKind, ...) (*corev1.ConfigMap, error)
- func (s *TLSSecret) Refresh(updated *corev1.Secret)
- func (s *TLSSecret) SetCache(certs []*x509.Certificate, key *rsa.PrivateKey)
- func (s *TLSSecret) SetCertsCache(certs []*x509.Certificate)
- func (s *TLSSecret) SetKeyCache(key *rsa.PrivateKey)
Constants ¶
View Source
const (
CABundleKey = "ca-bundle.crt"
)
Variables ¶
View Source
var ( CertProjectedAnnotations = map[string]func([]*x509.Certificate) (string, error){ // contains filtered or unexported fields } CertKeyProjectedAnnotations = helpers.MergeMaps( wrapCertProjectionsForCertKey(CertProjectedAnnotations), map[string]func([]*x509.Certificate, *rsa.PrivateKey) (string, error){ certsKeySizeBitsKey: func(certs []*x509.Certificate, key *rsa.PrivateKey) (string, error) { return strconv.Itoa(key.Size() * 8), nil }, }, ) )
Functions ¶
func GetCABundleFromConfigMap ¶
func GetCABundleFromConfigMap(cm *corev1.ConfigMap) ([]*x509.Certificate, error)
func GetCertFromSecret ¶
func GetCertFromSecret(secret *corev1.Secret) (*x509.Certificate, error)
func GetCertKeyFromSecret ¶
func GetCertKeyFromSecret(secret *corev1.Secret) (*x509.Certificate, *rsa.PrivateKey, error)
func GetCertsFromSecret ¶
func GetCertsFromSecret(secret *corev1.Secret) ([]*x509.Certificate, error)
func GetCertsKeyFromSecret ¶
func GetCertsKeyFromSecret(secret *corev1.Secret) ([]*x509.Certificate, *rsa.PrivateKey, error)
func GetKeyFromSecret ¶
func GetKeyFromSecret(secret *corev1.Secret) (*rsa.PrivateKey, error)
Types ¶
type CABundleConfig ¶
type CABundleConfig struct {
MetaConfig
}
func (*CABundleConfig) GetMetaConfigMap ¶ added in v1.9.0
func (c *CABundleConfig) GetMetaConfigMap() *corev1.ConfigMap
type CAConfig ¶
type CAConfig struct { MetaConfig Validity time.Duration Refresh time.Duration }
func (*CAConfig) GetMetaSecret ¶ added in v1.9.0
type CertChainConfig ¶ added in v1.9.0
type CertChainConfig struct { CAConfig *CAConfig CABundleConfig *CABundleConfig CertConfigs []*CertificateConfig }
func (*CertChainConfig) GetMetaConfigMaps ¶ added in v1.9.0
func (c *CertChainConfig) GetMetaConfigMaps() []*corev1.ConfigMap
func (*CertChainConfig) GetMetaSecrets ¶ added in v1.9.0
func (c *CertChainConfig) GetMetaSecrets() []*corev1.Secret
type CertChainConfigs ¶ added in v1.9.0
type CertChainConfigs []*CertChainConfig
func (CertChainConfigs) GetMetaConfigMaps ¶ added in v1.9.0
func (configs CertChainConfigs) GetMetaConfigMaps() []*corev1.ConfigMap
func (CertChainConfigs) GetMetaSecrets ¶ added in v1.9.0
func (configs CertChainConfigs) GetMetaSecrets() []*corev1.Secret
type CertificateConfig ¶
type CertificateConfig struct { MetaConfig Validity time.Duration Refresh time.Duration CertCreator ocrypto.CertCreator }
func (*CertificateConfig) GetMetaSecret ¶ added in v1.9.0
func (c *CertificateConfig) GetMetaSecret() *corev1.Secret
type CertificateManager ¶
type CertificateManager struct {
// contains filtered or unexported fields
}
func NewCertificateManager ¶
func NewCertificateManager(secretsClient corev1client.SecretsGetter, secretLister corev1listers.SecretLister, configMapClient corev1client.ConfigMapsGetter, configMapLister corev1listers.ConfigMapLister, eventRecorder record.EventRecorder, ) *CertificateManager
func (*CertificateManager) ManageCertificateChain ¶ added in v1.9.0
func (cm *CertificateManager) ManageCertificateChain(ctx context.Context, nowFunc func() time.Time, controller *metav1.ObjectMeta, controllerGVK schema.GroupVersionKind, certChainConfig *CertChainConfig, existingSecrets map[string]*corev1.Secret, existingConfigMaps map[string]*corev1.ConfigMap) error
func (*CertificateManager) ManageCertificates ¶
func (cm *CertificateManager) ManageCertificates(ctx context.Context, nowFunc func() time.Time, controller *metav1.ObjectMeta, controllerGVK schema.GroupVersionKind, caConfig *CAConfig, caBundleConfig *CABundleConfig, certConfigs []*CertificateConfig, existingSecrets map[string]*corev1.Secret, existingConfigMaps map[string]*corev1.ConfigMap) error
ManageCertificates creates and manages the lifetime of a certificate chain. All certificates are automatically recreated when their desired config changes. Certificates are automatically refreshed when they reach their refresh interval, or 80% of their lifetime, whichever comes sooner.
type MetaConfig ¶
func (*MetaConfig) GetObjectMeta ¶ added in v1.9.0
func (c *MetaConfig) GetObjectMeta() *metav1.ObjectMeta
type SigningTLSSecret ¶
type SigningTLSSecret struct { TLSSecret // contains filtered or unexported fields }
func MakeSelfSignedCA ¶
func MakeSelfSignedCA(name string, certCreator ocrypto.CertCreator, nowFunc func() time.Time, validity, refresh time.Duration, controller metav1.Object, controllerGVK schema.GroupVersionKind, existingSecret *corev1.Secret) (*SigningTLSSecret, error)
func NewSigningTLSSecret ¶
func NewSigningTLSSecret(tlsSecret *TLSSecret, nowFunc func() time.Time) *SigningTLSSecret
func (*SigningTLSSecret) AsCertificateAuthority ¶
func (s *SigningTLSSecret) AsCertificateAuthority() (*ocrypto.CertificateAuthority, error)
func (*SigningTLSSecret) MakeCertificate ¶
func (s *SigningTLSSecret) MakeCertificate(name string, certCreator ocrypto.CertCreator, controller *metav1.ObjectMeta, controllerGVK schema.GroupVersionKind, existingSecret *corev1.Secret, validity, refresh time.Duration) (*TLSSecret, error)
type TLSSecret ¶
type TLSSecret struct {
// contains filtered or unexported fields
}
func NewTLSSecret ¶
func (*TLSSecret) GetCertKey ¶
func (s *TLSSecret) GetCertKey() (*x509.Certificate, *rsa.PrivateKey, error)
func (*TLSSecret) GetCertsKey ¶
func (s *TLSSecret) GetCertsKey() ([]*x509.Certificate, *rsa.PrivateKey, error)
func (*TLSSecret) MakeCABundle ¶
func (*TLSSecret) SetCache ¶
func (s *TLSSecret) SetCache(certs []*x509.Certificate, key *rsa.PrivateKey)
func (*TLSSecret) SetCertsCache ¶
func (s *TLSSecret) SetCertsCache(certs []*x509.Certificate)
func (*TLSSecret) SetKeyCache ¶
func (s *TLSSecret) SetKeyCache(key *rsa.PrivateKey)
Click to show internal directories.
Click to hide internal directories.