tls

package

v0.0.0-...-f7e4497 Latest Latest Go to latest Published: Apr 22, 2024 License: EPL-2.0 Imports: 31 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/eclipse-che/che-operator

Documentation ¶

Index ¶

Constants
func CreateTLSSecret(ctx *chetypes.DeployContext, name string) (err error)
func GetAdditionalCACertsConfigMapVersion(ctx *chetypes.DeployContext) string
func GetCACertsConfigMaps(client k8sclient.Client, namespace string) ([]corev1.ConfigMap, error)
func GetTLSCrtBytes(ctx *chetypes.DeployContext) (certificates []byte, err error)
func GetTLSCrtChain(ctx *chetypes.DeployContext) ([]*x509.Certificate, error)
func IsSelfSignedCASecretExists(ctx *chetypes.DeployContext) (bool, error)
func IsSelfSignedCertificateUsed(ctx *chetypes.DeployContext) (bool, error)
func K8sHandleCheTLSSecrets(ctx *chetypes.DeployContext) (reconcile.Result, error)
func SyncTLSRoleToCluster(ctx *chetypes.DeployContext) (bool, error)
type CertificatesReconciler
- func NewCertificatesReconciler() *CertificatesReconciler
- func (c *CertificatesReconciler) Finalize(ctx *chetypes.DeployContext) bool
- func (c *CertificatesReconciler) Reconcile(ctx *chetypes.DeployContext) (reconcile.Result, bool, error)
type TlsSecretReconciler
- func NewTlsSecretReconciler() *TlsSecretReconciler
- func (t *TlsSecretReconciler) Finalize(ctx *chetypes.DeployContext) bool
- func (t *TlsSecretReconciler) Reconcile(ctx *chetypes.DeployContext) (reconcile.Result, bool, error)

Constants ¶

View Source

const (

	// CheCACertsConfigMapLabelKey is the label value which marks config map with additional CA certificates
	CheCACertsConfigMapLabelValue = "ca-bundle"
	// CheAllCACertsConfigMapName is the name of config map which contains all additional trusted by Che TLS CA certificates
	CheAllCACertsConfigMapName = "ca-certs-merged"
	// CheMergedCAConfigMapRevisionsAnnotationKey is annotation name which holds versions of included config maps in format: cm-name1=ver1,cm-name2=ver2
	CheMergedCAConfigMapRevisionsAnnotationKey = "che.eclipse.org/included-configmaps"

	KubernetesRootCertificateConfigMapName = "kube-root-ca.crt"
)

View Source

const (
	CheTLSJobServiceAccountName = "che-tls-job-service-account"
	CheTLSJobRoleName           = "che-tls-job-role"
	CheTLSJobRoleBindingName    = "che-tls-job-role-binding"
	CheTLSJobName               = "che-tls-job"
	CheTLSJobComponentName      = "che-create-tls-secret-job"
)

TLS related constants

Variables ¶

This section is empty.

Functions ¶

func CreateTLSSecret ¶

func CreateTLSSecret(ctx *chetypes.DeployContext, name string) (err error)

CreateTLSSecret creates TLS secret with given name. Does nothing if secret with given name already exists.

func GetAdditionalCACertsConfigMapVersion ¶

func GetAdditionalCACertsConfigMapVersion(ctx *chetypes.DeployContext) string

GetAdditionalCACertsConfigMapVersion returns revision of merged additional CA certs config map

func GetCACertsConfigMaps ¶

func GetCACertsConfigMaps(client k8sclient.Client, namespace string) ([]corev1.ConfigMap, error)

GetCACertsConfigMaps returns list of config maps with additional CA certificates that should be trusted by Che The selection is based on the specific label

func GetTLSCrtBytes ¶

func GetTLSCrtBytes(ctx *chetypes.DeployContext) (certificates []byte, err error)

GetTLSCrtBytes extracts certificate chain of trust from the test route/ingress.

func GetTLSCrtChain ¶

func GetTLSCrtChain(ctx *chetypes.DeployContext) ([]*x509.Certificate, error)

GetTLSCrtChain retrieves TLS certificates chain from a test route/ingress.

func IsSelfSignedCASecretExists ¶

func IsSelfSignedCASecretExists(ctx *chetypes.DeployContext) (bool, error)

IsSelfSignedCASecretExists checks if CheTLSSelfSignedCertificateSecretName exists so depending components can mount it

func IsSelfSignedCertificateUsed ¶

func IsSelfSignedCertificateUsed(ctx *chetypes.DeployContext) (bool, error)

IsSelfSignedCertificateUsed detects whether endpoints are/should be secured by self-signed certificate.

func K8sHandleCheTLSSecrets ¶

func K8sHandleCheTLSSecrets(ctx *chetypes.DeployContext) (reconcile.Result, error)

K8sHandleCheTLSSecrets handles TLS secrets required for Che deployment on Kubernetes infrastructure.

func SyncTLSRoleToCluster ¶

func SyncTLSRoleToCluster(ctx *chetypes.DeployContext) (bool, error)

Types ¶

type CertificatesReconciler ¶

type CertificatesReconciler struct {
	deploy.Reconcilable
}

func NewCertificatesReconciler ¶

func NewCertificatesReconciler() *CertificatesReconciler

func (*CertificatesReconciler) Finalize ¶

func (c *CertificatesReconciler) Finalize(ctx *chetypes.DeployContext) bool

func (*CertificatesReconciler) Reconcile ¶

func (c *CertificatesReconciler) Reconcile(ctx *chetypes.DeployContext) (reconcile.Result, bool, error)

type TlsSecretReconciler ¶

type TlsSecretReconciler struct {
	deploy.Reconcilable
}

func NewTlsSecretReconciler ¶

func NewTlsSecretReconciler() *TlsSecretReconciler

func (*TlsSecretReconciler) Finalize ¶

func (t *TlsSecretReconciler) Finalize(ctx *chetypes.DeployContext) bool

func (*TlsSecretReconciler) Reconcile ¶

func (t *TlsSecretReconciler) Reconcile(ctx *chetypes.DeployContext) (reconcile.Result, bool, error)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL