Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CABundleRotation ¶
type CABundleRotation struct {
Namespace string
Name string
Lister corev1listers.ConfigMapLister
Client corev1client.ConfigMapsGetter
EventRecorder events.Recorder
}
CABundleRotation maintains a CA bundle config map, but adding new CA certs and removing expired old ones.
func (CABundleRotation) EnsureConfigMapCABundle ¶
func (c CABundleRotation) EnsureConfigMapCABundle(ctx context.Context, signingCertKeyPair *crypto.CA) ([]*x509.Certificate, error)
type SigningRotation ¶
type SigningRotation struct {
Namespace string
Name string
SignerNamePrefix string
Validity time.Duration
Lister corev1listers.SecretLister
Client corev1client.SecretsGetter
EventRecorder events.Recorder
}
SigningRotation rotates a self-signed signing CA stored in a secret. It creates a new one when 80% of the lifetime of the old CA has passed.
func (SigningRotation) EnsureSigningCertKeyPair ¶
type TargetRotation ¶
type TargetRotation struct {
Namespace string
Name string
Validity time.Duration
HostNames []string
Lister corev1listers.SecretLister
Client corev1client.SecretsGetter
EventRecorder events.Recorder
}
TargetRotation rotates a key and cert signed by a CA. It creates a new one when 80% of the lifetime of the old cert has passed, or the CA used to signed the old cert is gone from the CA bundle.
func (TargetRotation) EnsureTargetCertKeyPair ¶
func (c TargetRotation) EnsureTargetCertKeyPair(ctx context.Context, signingCertKeyPair *crypto.CA, caBundleCerts []*x509.Certificate) error
func (TargetRotation) NewCertificate ¶
func (c TargetRotation) NewCertificate(signer *crypto.CA, validity time.Duration) (*crypto.TLSCertificateConfig, error)
Source Files
Click to show internal directories.
Click to hide internal directories.