Documentation ¶
Index ¶
- Constants
- func ApplyDefaultSettings(opts *Options, cfg configv1alpha1.BuiltInCertManagement) error
- func BuildAll(opts Options) ([]client.Object, error)
- func CABundleName(stackName string) string
- func CertificatesExpired(opts Options) error
- func ComponentCertSecretNames(stackName string) map[string]string
- func SigningCAExpired(opts Options) error
- func SigningCASecretName(stackName string) string
- type CertExpiredError
- type ComponentCertificates
- type Options
- type Rotation
- type SelfSignedCertKey
- type SigningCA
Constants ¶
const ( // CertificateNotBeforeAnnotation contains the certificate expiration date in RFC3339 format. CertificateNotBeforeAnnotation = "tempo.grafana.com/certificate-not-before" // CertificateNotAfterAnnotation contains the certificate expiration date in RFC3339 format. CertificateNotAfterAnnotation = "tempo.grafana.com/certificate-not-after" // CertificateIssuer contains the common name of the certificate that signed another certificate. CertificateIssuer = "tempo.grafana.com/certificate-issuer" // CertificateHostnames contains the hostnames used by a signer. CertificateHostnames = "tempo.grafana.com/certificate-hostnames" )
const (
// CAFile is the file name of the certificate authority file.
CAFile = "service-ca.crt"
)
Variables ¶
This section is empty.
Functions ¶
func ApplyDefaultSettings ¶
func ApplyDefaultSettings(opts *Options, cfg configv1alpha1.BuiltInCertManagement) error
ApplyDefaultSettings merges the default options with the ones we give.
func BuildAll ¶
BuildAll builds all secrets and configmaps containing CA certificates, CA bundles and client certificates for a TempoStack.
func CABundleName ¶
CABundleName returns the tempostacks ca bundle configmap name.
func CertificatesExpired ¶
CertificatesExpired returns an error if any certificates expired and the list of expiry reasons.
func ComponentCertSecretNames ¶
ComponentCertSecretNames returns a map, with the key as the service name, and the value the secret name.
func SigningCAExpired ¶
SigningCAExpired returns true if the signer certificate expired and the reason of expiry.
func SigningCASecretName ¶
SigningCASecretName returns the tempostacks signing CA secret name.
Types ¶
type CertExpiredError ¶
CertExpiredError contains information if a certificate expired and the reasons of expiry.
func (*CertExpiredError) Error ¶
func (e *CertExpiredError) Error() string
type ComponentCertificates ¶
type ComponentCertificates map[string]SelfSignedCertKey
ComponentCertificates is a map of TempoStack component names to TLS certificates.
type Options ¶
type Options struct { Certificates ComponentCertificates CABundle *corev1.ConfigMap Signer SigningCA StackName string StackNamespace string RawCACerts []*x509.Certificate Rotation Rotation }
Options is a set of configuration values to use when building manifests for TempoStack certificates.
type Rotation ¶
type Rotation struct { CACertValidity time.Duration CACertRefresh time.Duration TargetCertValidity time.Duration TargetCertRefresh time.Duration }
Rotation define the validity/refresh pairs for certificates.
func ParseRotation ¶
func ParseRotation(cfg configv1alpha1.BuiltInCertManagement) (Rotation, error)
ParseRotation builds a new RotationOptions struct from the feature gate string values.
type SelfSignedCertKey ¶
SelfSignedCertKey rotates a key and cert signed by a signing CA and stores it in a secret.
It creates a new one when - refresh duration is over - or 80% of validity is over - or the cert is expired. - or the signing CA changes.