mtls

package
v0.16.0-rc.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 3, 2023 License: MPL-2.0 Imports: 32 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AddRotator

func AddRotator(_ context.Context, mgr manager.Manager, cr *CertRotator) error

AddRotator adds the CertRotator and ReconcileWH to the manager.

func GetGRPCClientCredentials

func GetGRPCClientCredentials(secret *corev1.Secret) (credentials.TransportCredentials, error)

GetGRPCClientCredentials returns transport credentials for a client connection

func GetGRPCServerCredentials

func GetGRPCServerCredentials(secret *corev1.Secret) (credentials.TransportCredentials, error)

GetGRPCServerCredentials returns transport credentials for a server

func RunnerServe

func RunnerServe(namespace, addr string, tlsSecretName string, sigterm chan os.Signal, maxMessageSizeInMiB int) error

func StartGRPCServerForTesting

func StartGRPCServerForTesting(server *runner.TerraformRunnerServer, namespace string, addr string, mgr controllerruntime.Manager, rotator *CertRotator) error

StartGRPCServerForTesting should be used only for testing

func ValidCert

func ValidCert(caCert, cert, key []byte, dnsName string, keyUsages *[]x509.ExtKeyUsage, at time.Time) (bool, error)

Types

type CertRotator

type CertRotator struct {
	Ready chan struct{}

	CAName             string
	CAOrganization     string
	DNSName            string
	CAValidityDuration time.Duration
	// CertValidityDuration   time.Duration
	RotationCheckFrequency time.Duration
	LookaheadInterval      time.Duration

	TriggerCARotation             chan Trigger // trigger the CA rotation
	TriggerNamespaceTLSGeneration chan Trigger // trigger namespace TLS generation

	ClusterDomain string
	// contains filtered or unexported fields
}

CertRotator contains cert artifacts and a channel to close when the certs are ready.

func (*CertRotator) GetKnownNamespaceTLS added in v0.14.2

func (cr *CertRotator) GetKnownNamespaceTLS(namespace string) (*TriggerResult, bool)

GetKnownNamespaceTLS returns the TriggerResult for the given namespace.

func (*CertRotator) GetKnownNamespaces added in v0.14.2

func (cr *CertRotator) GetKnownNamespaces() []string

GetKnownNamespaces returns all the keys (namespaces) in knownNamespaceTLSMap.

func (*CertRotator) GetRunnerTLSSecretName added in v0.10.0

func (cr *CertRotator) GetRunnerTLSSecretName() (string, error)

GetRunnerTLSSecretName returns the name of the TLS Secret. It is used by the controller to tell the runner the name of TLS.

func (*CertRotator) IsCAValid added in v0.10.0

func (cr *CertRotator) IsCAValid() (bool, error)

IsCAValid checks that the CA[n-1] is valid.

func (*CertRotator) ResetCACache added in v0.10.0

func (cr *CertRotator) ResetCACache()

func (*CertRotator) SetKnownNamespaceTLS added in v0.14.2

func (cr *CertRotator) SetKnownNamespaceTLS(namespace string, result *TriggerResult)

SetKnownNamespaceTLS sets the TriggerResult for the given namespace.

func (*CertRotator) Start

func (cr *CertRotator) Start(ctx context.Context) error

Start starts the CertRotator runnable to rotate certs and ensure the certs are ready.

type KeyPairArtifacts

type KeyPairArtifacts struct {
	Cert    *x509.Certificate
	Key     *rsa.PrivateKey
	CertPEM []byte
	KeyPEM  []byte
	// contains filtered or unexported fields
}

KeyPairArtifacts stores cert artifacts.

type PartialManager added in v0.10.0

type PartialManager interface {
	GetConfig() *rest.Config
	GetScheme() *runtime.Scheme
	GetRESTMapper() meta.RESTMapper
	Elected() <-chan struct{}
}

PartialManager is a subset of the manager.Manager interface that is used by the CertRotator.

type Trigger added in v0.10.0

type Trigger struct {
	Namespace string
	Ready     chan *TriggerResult
}

type TriggerResult added in v0.10.0

type TriggerResult struct {
	Secret *corev1.Secret
	Err    error
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL