apicerts

package
v0.19.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 26, 2022 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Overview

Package apicerts contains controllers that work together to provide rotating API certs.

Index

Constants

View Source
const (
	CACertificateSecretKey           = "caCertificate"
	CACertificatePrivateKeySecretKey = "caCertificatePrivateKey"

	TLSCertificateChainSecretKey = "tlsCertificateChain"
)

Variables

This section is empty.

Functions

func NewAPIServiceUpdaterController

func NewAPIServiceUpdaterController(
	namespace string,
	certsSecretResourceName string,
	apiServiceName string,
	aggregatorClient aggregatorclient.Interface,
	secretInformer corev1informers.SecretInformer,
	withInformer pinnipedcontroller.WithInformerOptionFunc,
) controllerlib.Controller

func NewCertsExpirerController

func NewCertsExpirerController(
	namespace string,
	certsSecretResourceName string,
	k8sClient kubernetes.Interface,
	secretInformer corev1informers.SecretInformer,
	withInformer pinnipedcontroller.WithInformerOptionFunc,
	renewBefore time.Duration,
	secretKey string,
	logger plog.Logger,
) controllerlib.Controller

NewCertsExpirerController returns a controllerlib.Controller that will delete a certificate secret once it gets within some threshold of its expiration time. The deletion forces rotation of the secret with the help of other controllers.

func NewCertsManagerController

func NewCertsManagerController(
	namespace string,
	certsSecretResourceName string,
	certsSecretLabels map[string]string,
	k8sClient kubernetes.Interface,
	secretInformer corev1informers.SecretInformer,
	withInformer pinnipedcontroller.WithInformerOptionFunc,
	withInitialEvent pinnipedcontroller.WithInitialEventOptionFunc,
	certDuration time.Duration,
	generatedCACommonName string,
	serviceNameForGeneratedCertCommonName string,
) controllerlib.Controller

func NewCertsObserverController

func NewCertsObserverController(
	namespace string,
	certsSecretResourceName string,
	dynamicCertProvider dynamiccert.Private,
	secretInformer corev1informers.SecretInformer,
	withInformer pinnipedcontroller.WithInformerOptionFunc,
) controllerlib.Controller

func UpdateAPIService

func UpdateAPIService(ctx context.Context, aggregatorClient aggregatorclient.Interface, apiServiceName, serviceNamespace string, aggregatedAPIServerCA []byte) error

UpdateAPIService updates the APIService's CA bundle.

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL