Documentation ¶
Index ¶
- Constants
- func Default(rootCAs *x509.CertPool) *tls.Config
- func DefaultLDAP(rootCAs *x509.CertPool) *tls.Config
- func Legacy(rootCAs *x509.CertPool) *tls.Config
- func Merge(tlsConfigFunc ConfigFunc, tlsConfig *tls.Config)
- func Secure(rootCAs *x509.CertPool) *tls.Config
- type ConfigFunc
- type PrepareServerConfigFunc
- type RestConfigFunc
Constants ¶
const SecureTLSConfigMinTLSVersion = tls.VersionTLS13
SecureTLSConfigMinTLSVersion is the minimum tls version in the format expected by tls.Config.
Variables ¶
This section is empty.
Functions ¶
func Merge ¶
func Merge(tlsConfigFunc ConfigFunc, tlsConfig *tls.Config)
Types ¶
type PrepareServerConfigFunc ¶ added in v0.29.0
type PrepareServerConfigFunc func(c *genericapiserver.RecommendedConfig)
PrepareServerConfigFunc is a function that can prepare a RecommendedConfig before the use of RecommendedOptions.ApplyTo().
func DefaultRecommendedOptions ¶
func DefaultRecommendedOptions(opts *options.RecommendedOptions, f RestConfigFunc) (PrepareServerConfigFunc, error)
DefaultRecommendedOptions configures the RecommendedOptions for a server to use the appropriate cipher suites, min TLS version, and client configuration options for servers that need to accept incoming connections from arbitrary clients (like the impersonation proxy). It returns a PrepareServerConfigFunc which must be used on a RecommendedConfig before passing it to RecommendedOptions.ApplyTo().
func SecureRecommendedOptions ¶
func SecureRecommendedOptions(opts *options.RecommendedOptions, f RestConfigFunc) (PrepareServerConfigFunc, error)
SecureRecommendedOptions configures the RecommendedOptions for a server to use the appropriate cipher suites, min TLS version, and client configuration options for servers that only need to accept incoming connections from certain well known clients which we expect will always use modern TLS settings (like the Kube API server). It returns a PrepareServerConfigFunc which must be used on a RecommendedConfig before passing it to RecommendedOptions.ApplyTo().
type RestConfigFunc ¶
RestConfigFunc allows this package to not depend on the kubeclient package.