certificate

package

v0.8.0 Latest Latest Go to latest Published: Oct 27, 2023 License: Apache-2.0 Imports: 18 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/antrea-io/theia

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func GetCAConfigMapNamespace() string
func GetTheiaServerNames(serviceName string) []string
type CACertController
- func ApplyServerCert(selfSignedCert bool, client kubernetes.Interface, ...) (*CACertController, error)
type CAConfig

Constants ¶

View Source

const (
	// The names of the files that should contain the CA certificate and the TLS key pair.
	CACertFile  = "ca.crt"
	TLSCertFile = "tls.crt"
	TLSKeyFile  = "tls.key"
)

View Source

const (
	TheiaCAConfigMapName = "theia-ca"
	TheiaServiceName     = "theia-manager"
)

View Source

const (
	CAConfigMapKey = "ca.crt"
)

Variables ¶

This section is empty.

Functions ¶

func GetCAConfigMapNamespace ¶

func GetCAConfigMapNamespace() string

func GetTheiaServerNames ¶

func GetTheiaServerNames(serviceName string) []string

GetTheiaServerNames returns the DNS names that the TLS certificate will be signed with.

Types ¶

type CACertController ¶

type CACertController struct {
	// contains filtered or unexported fields
}

CACertController is responsible for taking the CA certificate from the caContentProvider and publishing it to the ConfigMap and the APIServices.

func ApplyServerCert ¶

func ApplyServerCert(selfSignedCert bool,
	client kubernetes.Interface,
	secureServing *options.SecureServingOptionsWithLoopback,
	caConfig *CAConfig) (*CACertController, error)

func (*CACertController) Enqueue ¶

func (c *CACertController) Enqueue()

Enqueue will be called after CACertController is registered as a listener of CA cert change.

func (*CACertController) Run ¶

func (c *CACertController) Run(ctx context.Context, workers int)

Run starts the CACertController and blocks until the context is canceled.

func (*CACertController) RunOnce ¶

func (c *CACertController) RunOnce(ctx context.Context) error

RunOnce runs a single sync step to ensure that we have a valid starting configuration.

func (*CACertController) UpdateCertificate ¶

func (c *CACertController) UpdateCertificate(ctx context.Context) error

type CAConfig ¶

type CAConfig struct {
	// Name of the ConfigMap that will hold the CA certificate that signs the TLS
	// certificate of theia manager.
	CAConfigMapName string

	// CertDir is the directory that the TLS Secret should be mounted to. Declaring it as a variable for testing.
	CertDir string

	// SelfSignedCertDir is the dir self-signed certificates are created in.
	SelfSignedCertDir string

	// CertReadyTimeout is the timeout we will wait for the TLS Secret being ready. Declaring it as a variable for testing.
	CertReadyTimeout time.Duration

	// MaxRotateDuration is the max duration for rotating self-signed certificate generated.
	// In most cases we will rotate the certificate when we reach half the expiration time of the certificate (see nextRotationDuration).
	// MaxRotateDuration ensures that if a self-signed certificate has a really long expiration (N years), we still attempt to rotate it
	// within a reasonable time, in this case one year. maxRotateDuration is also used to force certificate rotation in unit tests.
	MaxRotateDuration time.Duration
	ServiceName       string
	PairName          string
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL