rotator

package
Version: v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 20, 2021 License: Apache-2.0 Imports: 30 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AddRotator

func AddRotator(mgr manager.Manager, cr *CertRotator) error

AddRotator adds the CertRotator and ReconcileWH to the manager.

func ValidCert

func ValidCert(caCert, cert, key []byte, dnsName string, at time.Time) (bool, error)

Types

type CertRotator

type CertRotator struct {
	SecretKey              types.NamespacedName
	CertDir                string
	CAName                 string
	CAOrganization         string
	DNSName                string
	IsReady                chan struct{}
	Webhooks               []WebhookInfo
	RestartOnSecretRefresh bool
	// contains filtered or unexported fields
}

CertRotator contains cert artifacts and a channel to close when the certs are ready.

func (*CertRotator) CreateCACert

func (cr *CertRotator) CreateCACert(begin, end time.Time) (*KeyPairArtifacts, error)

CreateCACert creates the self-signed CA cert and private key that will be used to sign the server certificate

func (*CertRotator) CreateCertPEM

func (cr *CertRotator) CreateCertPEM(ca *KeyPairArtifacts, begin, end time.Time) ([]byte, []byte, error)

CreateCertPEM takes the results of CreateCACert and uses it to create the PEM-encoded public certificate and private key, respectively

func (*CertRotator) Start

func (cr *CertRotator) Start(ctx context.Context) error

Start starts the CertRotator runnable to rotate certs and ensure the certs are ready.

type KeyPairArtifacts

type KeyPairArtifacts struct {
	Cert    *x509.Certificate
	Key     *rsa.PrivateKey
	CertPEM []byte
	KeyPEM  []byte
}

KeyPairArtifacts stores cert artifacts.

type ReconcileWH

type ReconcileWH struct {
	// contains filtered or unexported fields
}

ReconcileWH reconciles a validatingwebhookconfiguration, making sure it has the appropriate CA cert

func (*ReconcileWH) Reconcile

func (r *ReconcileWH) Reconcile(ctx context.Context, request reconcile.Request) (reconcile.Result, error)

Reconcile reads that state of the cluster for a validatingwebhookconfiguration object and makes sure the most recent CA cert is included

type SyncingReader

type SyncingReader interface {
	client.Reader
	WaitForCacheSync(ctx context.Context) bool
}

SyncingSource is a reader that needs syncing prior to being usable.

type WebhookInfo

type WebhookInfo struct {
	//Name is the name of the webhook for a validating or mutating webhook, or the CRD name in case of a CRD conversion webhook
	Name string
	Type WebhookType
}

WebhookInfo is used by the rotator to receive info about resources to be updated with certificates

type WebhookType

type WebhookType int

WebhookType it the type of webhook, either validating/mutating webhook or a CRD conversion webhook

const (
	//ValidatingWebhook indicates the webhook is a ValidatingWebhook
	Validating WebhookType = iota
	//MutingWebhook indicates the webhook is a MutatingWebhook
	Mutating
	//CRDConversionWebhook indicates the webhook is a conversion webhook
	CRDConversion
)

Source Files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to