certrotation

package
v0.15.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 14, 2024 License: Apache-2.0 Imports: 20 Imported by: 3

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type CABundleRotation

type CABundleRotation struct {
	Namespace string
	Name      string
	Lister    corev1listers.ConfigMapLister
	Client    corev1client.ConfigMapsGetter
}

CABundleRotation maintains a CA bundle config map, but adding new CA certs and removing expired old ones.

func (CABundleRotation) EnsureConfigMapCABundle

func (c CABundleRotation) EnsureConfigMapCABundle(signingCertKeyPair *crypto.CA) ([]*x509.Certificate, error)

type SigningRotation

type SigningRotation struct {
	Namespace        string
	Name             string
	SignerNamePrefix string
	Validity         time.Duration
	Lister           corev1listers.SecretLister
	Client           corev1client.SecretsGetter
}

SigningRotation rotates a self-signed signing CA stored in a secret. It creates a new one when 80% of the lifetime of the old CA has passed.

func (SigningRotation) EnsureSigningCertKeyPair

func (c SigningRotation) EnsureSigningCertKeyPair() (*crypto.CA, error)

type TargetRotation

type TargetRotation struct {
	Namespace string
	Name      string
	LoadDir   string // load the secret to the local dir if LoadDir is not empty.
	Validity  time.Duration
	HostNames []string
	Lister    corev1listers.SecretLister
	Client    corev1client.SecretsGetter
}

TargetRotation rotates a key and cert signed by a CA. It creates a new one when 80% of the lifetime of the old cert has passed, or the CA used to signed the old cert is gone from the CA bundle.

func (TargetRotation) EnsureTargetCertKeyPair

func (c TargetRotation) EnsureTargetCertKeyPair(signingCertKeyPair *crypto.CA, caBundleCerts []*x509.Certificate,
	fns ...crypto.CertificateExtensionFunc) error

func (TargetRotation) NewCertificate

func (c TargetRotation) NewCertificate(signer *crypto.CA, validity time.Duration,
	fns ...crypto.CertificateExtensionFunc) (*crypto.TLSCertificateConfig, error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL