Version: v0.2.0 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Apr 20, 2021 License: Apache-2.0 Imports: 30 Imported by: 1




This section is empty.


This section is empty.


func AddRotator

func AddRotator(mgr manager.Manager, cr *CertRotator) error

AddRotator adds the CertRotator and ReconcileWH to the manager.

func ValidCert

func ValidCert(caCert, cert, key []byte, dnsName string, at time.Time) (bool, error)


type CertRotator

type CertRotator struct {
	SecretKey              types.NamespacedName
	CertDir                string
	CAName                 string
	CAOrganization         string
	DNSName                string
	IsReady                chan struct{}
	Webhooks               []WebhookInfo
	RestartOnSecretRefresh bool
	// contains filtered or unexported fields

CertRotator contains cert artifacts and a channel to close when the certs are ready.

func (*CertRotator) CreateCACert

func (cr *CertRotator) CreateCACert(begin, end time.Time) (*KeyPairArtifacts, error)

CreateCACert creates the self-signed CA cert and private key that will be used to sign the server certificate

func (*CertRotator) CreateCertPEM

func (cr *CertRotator) CreateCertPEM(ca *KeyPairArtifacts, begin, end time.Time) ([]byte, []byte, error)

CreateCertPEM takes the results of CreateCACert and uses it to create the PEM-encoded public certificate and private key, respectively

func (*CertRotator) Start

func (cr *CertRotator) Start(ctx context.Context) error

Start starts the CertRotator runnable to rotate certs and ensure the certs are ready.

type KeyPairArtifacts

type KeyPairArtifacts struct {
	Cert    *x509.Certificate
	Key     *rsa.PrivateKey
	CertPEM []byte
	KeyPEM  []byte

KeyPairArtifacts stores cert artifacts.

type ReconcileWH

type ReconcileWH struct {
	// contains filtered or unexported fields

ReconcileWH reconciles a validatingwebhookconfiguration, making sure it has the appropriate CA cert

func (*ReconcileWH) Reconcile

func (r *ReconcileWH) Reconcile(ctx context.Context, request reconcile.Request) (reconcile.Result, error)

Reconcile reads that state of the cluster for a validatingwebhookconfiguration object and makes sure the most recent CA cert is included

type SyncingReader

type SyncingReader interface {
	WaitForCacheSync(ctx context.Context) bool

SyncingSource is a reader that needs syncing prior to being usable.

type WebhookInfo

type WebhookInfo struct {
	//Name is the name of the webhook for a validating or mutating webhook, or the CRD name in case of a CRD conversion webhook
	Name string
	Type WebhookType

WebhookInfo is used by the rotator to receive info about resources to be updated with certificates

type WebhookType

type WebhookType int

WebhookType it the type of webhook, either validating/mutating webhook or a CRD conversion webhook

const (
	//ValidatingWebhook indicates the webhook is a ValidatingWebhook
	Validating WebhookType = iota
	//MutingWebhook indicates the webhook is a MutatingWebhook
	//CRDConversionWebhook indicates the webhook is a conversion webhook

Source Files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to