Documentation ¶
Index ¶
- func AddRotator(_ context.Context, mgr manager.Manager, cr *CertRotator) error
- func GetGRPCClientCredentials(secret *corev1.Secret) (credentials.TransportCredentials, error)
- func GetGRPCServerCredentials(secret *corev1.Secret) (credentials.TransportCredentials, error)
- func RunnerServe(namespace, addr string, tlsSecretName string, sigterm chan os.Signal, ...) error
- func StartGRPCServerForTesting(server *runner.TerraformRunnerServer, namespace string, addr string, ...) error
- func ValidCert(caCert, cert, key []byte, dnsName string, keyUsages *[]x509.ExtKeyUsage, ...) (bool, error)
- type CertRotator
- func (cr *CertRotator) GetKnownNamespaceTLS(namespace string) (*TriggerResult, bool)
- func (cr *CertRotator) GetKnownNamespaces() []string
- func (cr *CertRotator) GetRunnerTLSSecretName() (string, error)
- func (cr *CertRotator) IsCAValid() (bool, error)
- func (cr *CertRotator) ResetCACache()
- func (cr *CertRotator) SetKnownNamespaceTLS(namespace string, result *TriggerResult)
- func (cr *CertRotator) Start(ctx context.Context) error
- type KeyPairArtifacts
- type PartialManager
- type Trigger
- type TriggerResult
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AddRotator ¶
AddRotator adds the CertRotator and ReconcileWH to the manager.
func GetGRPCClientCredentials ¶
func GetGRPCClientCredentials(secret *corev1.Secret) (credentials.TransportCredentials, error)
GetGRPCClientCredentials returns transport credentials for a client connection
func GetGRPCServerCredentials ¶
func GetGRPCServerCredentials(secret *corev1.Secret) (credentials.TransportCredentials, error)
GetGRPCServerCredentials returns transport credentials for a server
func RunnerServe ¶
func StartGRPCServerForTesting ¶
func StartGRPCServerForTesting(server *runner.TerraformRunnerServer, namespace string, addr string, mgr controllerruntime.Manager, rotator *CertRotator) error
StartGRPCServerForTesting should be used only for testing
Types ¶
type CertRotator ¶
type CertRotator struct { Ready chan struct{} CAName string CAOrganization string DNSName string CAValidityDuration time.Duration // CertValidityDuration time.Duration RotationCheckFrequency time.Duration LookaheadInterval time.Duration TriggerCARotation chan Trigger // trigger the CA rotation TriggerNamespaceTLSGeneration chan Trigger // trigger namespace TLS generation ClusterDomain string // contains filtered or unexported fields }
CertRotator contains cert artifacts and a channel to close when the certs are ready.
func (*CertRotator) GetKnownNamespaceTLS ¶ added in v0.14.2
func (cr *CertRotator) GetKnownNamespaceTLS(namespace string) (*TriggerResult, bool)
GetKnownNamespaceTLS returns the TriggerResult for the given namespace.
func (*CertRotator) GetKnownNamespaces ¶ added in v0.14.2
func (cr *CertRotator) GetKnownNamespaces() []string
GetKnownNamespaces returns all the keys (namespaces) in knownNamespaceTLSMap.
func (*CertRotator) GetRunnerTLSSecretName ¶ added in v0.10.0
func (cr *CertRotator) GetRunnerTLSSecretName() (string, error)
GetRunnerTLSSecretName returns the name of the TLS Secret. It is used by the controller to tell the runner the name of TLS.
func (*CertRotator) IsCAValid ¶ added in v0.10.0
func (cr *CertRotator) IsCAValid() (bool, error)
IsCAValid checks that the CA[n-1] is valid.
func (*CertRotator) ResetCACache ¶ added in v0.10.0
func (cr *CertRotator) ResetCACache()
func (*CertRotator) SetKnownNamespaceTLS ¶ added in v0.14.2
func (cr *CertRotator) SetKnownNamespaceTLS(namespace string, result *TriggerResult)
SetKnownNamespaceTLS sets the TriggerResult for the given namespace.
type KeyPairArtifacts ¶
type KeyPairArtifacts struct { Cert *x509.Certificate Key *rsa.PrivateKey CertPEM []byte KeyPEM []byte // contains filtered or unexported fields }
KeyPairArtifacts stores cert artifacts.
type PartialManager ¶ added in v0.10.0
type PartialManager interface { GetConfig() *rest.Config GetScheme() *runtime.Scheme GetRESTMapper() meta.RESTMapper Elected() <-chan struct{} }
PartialManager is a subset of the manager.Manager interface that is used by the CertRotator.
type Trigger ¶ added in v0.10.0
type Trigger struct { Namespace string Ready chan *TriggerResult }