Version: v1.3.1 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Apr 13, 2021 License: Apache-2.0 Imports: 27 Imported by: 1




This section is empty.


This section is empty.


This section is empty.


type DynamicAuthority

type DynamicAuthority struct {
	// Namespace and Name of the Secret resource used to store the authority.
	SecretNamespace, SecretName string

	// RESTConfig used to connect to the apiserver.
	RESTConfig *rest.Config

	// The amount of time the root CA certificate will be valid for.
	// This must be greater than LeafDuration.
	// Defaults to 365d.
	CADuration time.Duration

	// The amount of time leaf certificates signed by this authority will be
	// valid for.
	// This must be less than CADuration.
	// Defaults to 7d.
	LeafDuration time.Duration

	// Logger to write messages to.
	Log logr.Logger
	// contains filtered or unexported fields

DynamicAuthority manages a certificate authority stored in a Secret resource and provides methods to obtain signed leaf certificates. The private key and certificate will be automatically generated, and when nearing expiry, the private key and root certificate will be rotated.

func (*DynamicAuthority) Run

func (d *DynamicAuthority) Run(stopCh <-chan struct{}) error

func (*DynamicAuthority) Sign

func (d *DynamicAuthority) Sign(template *x509.Certificate) (*x509.Certificate, error)

Sign will sign the given certificate template using the current version of the managed CA. It will automatically set the NotBefore and NotAfter times appropriately.

func (*DynamicAuthority) WatchRotation

func (d *DynamicAuthority) WatchRotation(stopCh <-chan struct{}) <-chan struct{}

WatchRotation will returns a channel that fires notifications if the CA certificate is rotated/updated. This can be used to automatically trigger rotation of leaf certificates when the root CA changes.

type SignFunc

type SignFunc func(template *x509.Certificate) (*x509.Certificate, error)

Source Files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to