eventingtls

package
v0.38.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 26, 2023 License: Apache-2.0 Imports: 19 Imported by: 9

Documentation

Index

Constants

View Source
const (
	// TLSKey is the key in the TLS secret for the private key of TLS servers
	TLSKey = "tls.key"
	// TLSCrt is the key in the TLS secret for the public key of TLS servers
	TLSCrt = "tls.crt"
	// DefaultMinTLSVersion is the default minimum TLS version for servers and clients.
	DefaultMinTLSVersion = tls.VersionTLS12
	// SecretCACrt is the name of the CA Cert in the secret
	SecretCACert = "ca.crt"
	// IMCDispatcherServerTLSSecretName is the name of the tls secret for the imc dispatcher server
	IMCDispatcherServerTLSSecretName = "imc-dispatcher-server-tls" //nolint:gosec // This is not a hardcoded credential
	// BrokerFilterServerTLSSecretName is the name of the tls secret for the broker filter server
	BrokerFilterServerTLSSecretName = "mt-broker-filter-server-tls" //nolint:gosec // This is not a hardcoded credential
	// BrokerIngressServerTLSSecretName is the name of the tls secret for the broker ingress server
	BrokerIngressServerTLSSecretName = "mt-broker-ingress-server-tls" //nolint:gosec // This is not a hardcoded credential
)

Variables

This section is empty.

Functions

func GetTLSClientConfig

func GetTLSClientConfig(config ClientConfig) (*tls.Config, error)

GetTLSClientConfig returns tls.Config based on the given ClientConfig.

func GetTLSServerConfig

func GetTLSServerConfig(config ServerConfig) (*tls.Config, error)

func IsHttpsSink

func IsHttpsSink(sink string) bool

IsHttpsSink returns true if the sink has scheme equal to https.

Types

type ClientConfig

type ClientConfig struct {
	// CACerts are Certification Authority (CA) certificates in PEM format
	// according to https://www.rfc-editor.org/rfc/rfc7468.
	CACerts *string
}

func NewDefaultClientConfig

func NewDefaultClientConfig() ClientConfig

NewDefaultClientConfig returns a default ClientConfig.

type GetCertificate

type GetCertificate func(*tls.ClientHelloInfo) (*tls.Certificate, error)

GetCertificate returns a Certificate based on the given ClientHelloInfo. It will only be called if the client supplies SNI information or if Certificates is empty.

If GetCertificate is nil or returns nil, then the certificate is retrieved from NameToCertificate. If NameToCertificate is nil, the best element of Certificates will be used.

func GetCertificateFromSecret

func GetCertificateFromSecret(ctx context.Context, informer coreinformersv1.SecretInformer, kube kubernetes.Interface, secret types.NamespacedName) GetCertificate

GetCertificateFromSecret returns a GetCertificate function that will automatically return the latest certificate that is present in the provided secret.

The secret is expected to have at least 2 keys in data: see TLSKey and TLSCrt constants for knowing the key names.

type Receiver added in v0.38.0

type Receiver interface {
	StartListen(context.Context, http.Handler) error
}

type ServerConfig

type ServerConfig struct {
	// GetCertificate returns a Certificate based on the given
	// ClientHelloInfo. It will only be called if the client supplies SNI
	// information or if Certificates is empty.
	//
	// If GetCertificate is nil or returns nil, then the certificate is
	// retrieved from NameToCertificate. If NameToCertificate is nil, the
	// best element of Certificates will be used.
	GetCertificate func(*tls.ClientHelloInfo) (*tls.Certificate, error)
}

func NewDefaultServerConfig

func NewDefaultServerConfig() ServerConfig

type ServerManager added in v0.38.0

type ServerManager struct {
	// contains filtered or unexported fields
}

ServerManager is intended to be used to manage HTTP and HTTPS servers for a component. It relies on the `transport-encryption` feature flag to determine which server(s) should be accepting requests. If a server shouldn't be accepting requests, ServerManager will update that server's handler to respond with a 404

disabled: only http server permissive: both http and https servers strict: only https server

func NewServerManager added in v0.38.0

func NewServerManager(ctx context.Context, httpReceiver, httpsReceiver Receiver, handler http.Handler, cmw configmap.Watcher) (*ServerManager, error)

func (*ServerManager) StartServers added in v0.38.0

func (s *ServerManager) StartServers(ctx context.Context) error

Blocking call. Starts the 2 servers

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL