certwatcher

package

v0.11.2 Latest Latest Go to latest Published: Mar 30, 2022 License: Apache-2.0 Imports: 5 Imported by: 26

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kubernetes-sigs/controller-runtime

Links

Open Source Insights

Documentation ¶

Overview ¶

Package certwatcher is a helper for reloading Certificates from disk to be used with tls servers. It provides a helper func `GetCertificate` which can be called from `tls.Config` and passed into your tls.Listener. For a detailed example server view pkg/webhook/server.go.

Example ¶

package main

import (
	"context"
	"crypto/tls"
	"net/http"

	ctrl "sigs.k8s.io/controller-runtime"
	"sigs.k8s.io/controller-runtime/pkg/certwatcher"
)

type sampleServer struct {
}

func main() {
	// Setup Context
	ctx := ctrl.SetupSignalHandler()

	// Initialize a new cert watcher with cert/key pair
	watcher, err := certwatcher.New("ssl/tls.crt", "ssl/tls.key")
	if err != nil {
		panic(err)
	}

	// Start goroutine with certwatcher running fsnotify against supplied certdir
	go func() {
		if err := watcher.Start(ctx); err != nil {
			panic(err)
		}
	}()

	// Setup TLS listener using GetCertficate for fetching the cert when changes
	listener, err := tls.Listen("tcp", "localhost:9443", &tls.Config{
		GetCertificate: watcher.GetCertificate,
		MinVersion:     tls.VersionTLS12,
	})
	if err != nil {
		panic(err)
	}

	// Initialize your tls server
	srv := &http.Server{
		Handler: &sampleServer{},
	}

	// Start goroutine for handling server shutdown.
	go func() {
		<-ctx.Done()
		if err := srv.Shutdown(context.Background()); err != nil {
			panic(err)
		}
	}()

	// Serve t
	if err := srv.Serve(listener); err != nil && err != http.ErrServerClosed {
		panic(err)
	}
}

func (s *sampleServer) ServeHTTP(http.ResponseWriter, *http.Request) {
}

Output:

Index ¶

type CertWatcher
- func New(certPath, keyPath string) (*CertWatcher, error)

Examples ¶

Package

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type CertWatcher ¶

type CertWatcher struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

CertWatcher watches certificate and key files for changes. When either file changes, it reads and parses both and calls an optional callback with the new certificate.

func New ¶

func New(certPath, keyPath string) (*CertWatcher, error)

New returns a new CertWatcher watching the given certificate and key.

func (*CertWatcher) GetCertificate ¶

func (cw *CertWatcher) GetCertificate(_ *tls.ClientHelloInfo) (*tls.Certificate, error)

GetCertificate fetches the currently loaded certificate, which may be nil.

func (*CertWatcher) ReadCertificate ¶

func (cw *CertWatcher) ReadCertificate() error

ReadCertificate reads the certificate and key files from disk, parses them, and updates the current certificate on the watcher. If a callback is set, it is invoked with the new certificate.

func (*CertWatcher) Start ¶

func (cw *CertWatcher) Start(ctx context.Context) error

Start starts the watch on the certificate and key files.

func (*CertWatcher) Watch ¶

func (cw *CertWatcher) Watch()

Watch reads events from the watcher's channel and reacts to changes.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL