kube

package

v1.18.0-beta9 Latest Latest Go to latest Published: Jul 19, 2024 License: Apache-2.0 Imports: 14 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/solo-io/gloo

Documentation ¶

Index ¶

func CreateTlsSecret(ctx context.Context, kube kubernetes.Interface, secretCfg TlsSecret) (*corev1.Secret, error)
func GetExistingValidTlsSecret(ctx context.Context, kube kubernetes.Interface, secretName string, ...) (*corev1.Secret, bool, error)
func RotateCerts(ctx context.Context, kubeClient kubernetes.Interface, ...) (*corev1.Secret, error)
func UpdateValidatingWebhookConfigurationCaBundle(ctx context.Context, kube kubernetes.Interface, vwcName string, ...) error
type TlsSecret
type WebhookTlsConfig

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func CreateTlsSecret ¶

func CreateTlsSecret(ctx context.Context, kube kubernetes.Interface, secretCfg TlsSecret) (*corev1.Secret, error)

Returns the created or updated secret

func GetExistingValidTlsSecret ¶ added in v1.9.25

func GetExistingValidTlsSecret(ctx context.Context, kube kubernetes.Interface, secretName string, secretNamespace string,
	svcName string, svcNamespace string, renewBeforeDuration time.Duration) (*corev1.Secret, bool, error)

If there is a currently valid TLS secret with the given name and namespace, that is valid for the given service name/namespace, then return it. Otherwise return nil. The second return value is a bool indicating whether the secret is expiring soon (i.e. within the renewBeforeDuration).

func RotateCerts ¶ added in v1.15.13

func RotateCerts(ctx context.Context,
	kubeClient kubernetes.Interface,
	currentTlsSecret TlsSecret,
	nextCerts *certutils.Certificates,
	gracePeriod time.Duration) (*corev1.Secret, error)

RotateCerts rotates certs in a few steps.

We start with:

The current secret (currentTlsSecret) which will be rotated out. It initially contains the current server cert/key and ca bundle.
The newly generated certs (nextCerts) which we will switch over to.

The update is done in the following order:

Set current secret's ca bundle to the current + next ca bundle (so both CAs are accepted temporarily)
Wait for the change to propagate
Set the current secret's server cert and private key to those of the newly generated certs
Wait for the change to propagate
Set the current secret's ca bundle to the next ca bundle. Now it contains only the next server cert and next ca bundle and the old ones are no longer supported.

func UpdateValidatingWebhookConfigurationCaBundle ¶

func UpdateValidatingWebhookConfigurationCaBundle(ctx context.Context, kube kubernetes.Interface, vwcName string, cfg WebhookTlsConfig) error

Types ¶

type TlsSecret ¶

type TlsSecret struct {
	SecretName, SecretNamespace                        string
	PrivateKeyFileName, CertFileName, CaBundleFileName string
	PrivateKey, Cert, CaBundle                         []byte
}

type WebhookTlsConfig ¶

type WebhookTlsConfig struct {
	ServiceName, ServiceNamespace string
	CaBundle                      []byte
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL