cert-manager: github.com/jetstack/cert-manager/pkg/webhook/authority Index | Files

package authority

import "github.com/jetstack/cert-manager/pkg/webhook/authority"


Package Files


type DynamicAuthority Uses

type DynamicAuthority struct {
    // Namespace and Name of the Secret resource used to store the authority.
    SecretNamespace, SecretName string

    // RESTConfig used to connect to the apiserver.
    RESTConfig *rest.Config

    // The amount of time the root CA certificate will be valid for.
    // This must be greater than LeafDuration.
    // Defaults to 365d.
    CADuration time.Duration

    // The amount of time leaf certificates signed by ths authority will be
    // valid for.
    // This must be less than CADuration.
    // Defaults to 7d.
    LeafDuration time.Duration

    // Logger to write messages to.
    Log logr.Logger
    // contains filtered or unexported fields

DynamicAuthority manages a certificate authority stored in a Secret resource and provides methods to obtain signed leaf certificates. The private key and certificate will be automatically generated, and when nearing expiry, the private key and root certificate will be rotated.

func (*DynamicAuthority) Run Uses

func (d *DynamicAuthority) Run(stopCh <-chan struct{}) error

func (*DynamicAuthority) Sign Uses

func (d *DynamicAuthority) Sign(template *x509.Certificate) (*x509.Certificate, error)

Sign will sign the given certificate template using the current version of the managed CA. It will automatically set the NotBefore and NotAfter times appropriately.

func (*DynamicAuthority) WatchRotation Uses

func (d *DynamicAuthority) WatchRotation(stopCh <-chan struct{}) <-chan struct{}

WatchRotation will returns a channel that fires notifications if the CA certificate is rotated/updated. This can be used to automatically trigger rotation of leaf certificates when the root CA changes.

type SignFunc Uses

type SignFunc func(template *x509.Certificate) (*x509.Certificate, error)

Package authority imports 27 packages (graph) and is imported by 2 packages. Updated 2020-08-12. Refresh now. Tools for package owners.