Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CABundleRotation ¶
type CABundleRotation struct { Namespace string Name string Lister corev1listers.ConfigMapLister Client corev1client.ConfigMapsGetter }
CABundleRotation maintains a CA bundle config map, but adding new CA certs and removing expired old ones.
func (CABundleRotation) EnsureConfigMapCABundle ¶
func (c CABundleRotation) EnsureConfigMapCABundle(signingCertKeyPair *crypto.CA) ([]*x509.Certificate, error)
type SigningRotation ¶
type SigningRotation struct { Namespace string Name string SignerNamePrefix string Validity time.Duration Lister corev1listers.SecretLister Client corev1client.SecretsGetter }
SigningRotation rotates a self-signed signing CA stored in a secret. It creates a new one when 80% of the lifetime of the old CA has passed.
func (SigningRotation) EnsureSigningCertKeyPair ¶
func (c SigningRotation) EnsureSigningCertKeyPair() (*crypto.CA, error)
type TargetRotation ¶
type TargetRotation struct { Namespace string Name string LoadDir string // load the secret to the local dir if LoadDir is not empty. Validity time.Duration HostNames []string Lister corev1listers.SecretLister Client corev1client.SecretsGetter }
TargetRotation rotates a key and cert signed by a CA. It creates a new one when 80% of the lifetime of the old cert has passed, or the CA used to signed the old cert is gone from the CA bundle.
func (TargetRotation) EnsureTargetCertKeyPair ¶
func (c TargetRotation) EnsureTargetCertKeyPair(signingCertKeyPair *crypto.CA, caBundleCerts []*x509.Certificate, fns ...crypto.CertificateExtensionFunc) error
func (TargetRotation) NewCertificate ¶
func (c TargetRotation) NewCertificate(signer *crypto.CA, validity time.Duration, fns ...crypto.CertificateExtensionFunc) (*crypto.TLSCertificateConfig, error)
Click to show internal directories.
Click to hide internal directories.