tlshelpers

package
v0.0.0-alpha.0....-eeef803 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 14, 2024 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	EtcdJiraComponentName                  = "etcd"
	EtcdSignerCertSecretName               = "etcd-signer"
	EtcdSignerCaBundleConfigMapName        = "etcd-ca-bundle"
	EtcdMetricsSignerCertSecretName        = "etcd-metric-signer"
	EtcdMetricsSignerCaBundleConfigMapName = "etcd-metrics-ca-bundle"
	EtcdAllCertsSecretName                 = "etcd-all-certs"
	EtcdClientCertSecretName               = "etcd-client"
	EtcdMetricsClientCertSecretName        = "etcd-metric-client"
)

Variables

This section is empty.

Functions

func CreateBootstrapMetricsSignerCert 

func CreateBootstrapMetricsSignerCert(
	secretInformer corev1informers.SecretInformer,
	secretLister corev1listers.SecretLister,
	secretGetter corev1client.SecretsGetter,
	recorder events.Recorder) certrotation.RotatedSigningCASecret

CreateBootstrapMetricsSignerCert is a CreateMetricsSignerCert in the openshift-config namespace

func CreateBootstrapSignerCert 

func CreateBootstrapSignerCert(
	secretInformer corev1informers.SecretInformer,
	secretLister corev1listers.SecretLister,
	secretGetter corev1client.SecretsGetter,
	recorder events.Recorder) certrotation.RotatedSigningCASecret

CreateBootstrapSignerCert is a CreateSignerCert in the openshift-config namespace

func CreateEtcdClientCert 

func CreateEtcdClientCert(
	secretInformer corev1informers.SecretInformer,
	secretLister corev1listers.SecretLister,
	secretGetter corev1client.SecretsGetter,
	recorder events.Recorder) certrotation.RotatedSelfSignedCertKeySecret

func CreateMetricsClientCert 

func CreateMetricsClientCert(
	secretInformer corev1informers.SecretInformer,
	secretLister corev1listers.SecretLister,
	secretGetter corev1client.SecretsGetter,
	recorder events.Recorder) certrotation.RotatedSelfSignedCertKeySecret

func CreateMetricsServingCertificate 

func CreateMetricsServingCertificate(node *corev1.Node,
	secretInformer corev1informers.SecretInformer,
	secretLister corev1listers.SecretLister,
	secretGetter corev1client.SecretsGetter,
	recorder events.Recorder) (*certrotation.RotatedSelfSignedCertKeySecret, error)

func CreateMetricsSignerCert 

func CreateMetricsSignerCert(
	secretInformer corev1informers.SecretInformer,
	secretLister corev1listers.SecretLister,
	secretGetter corev1client.SecretsGetter,
	recorder events.Recorder) certrotation.RotatedSigningCASecret

func CreateMetricsSignerCertRotationBundleConfigMap 

func CreateMetricsSignerCertRotationBundleConfigMap(
	cmInformer corev1informers.ConfigMapInformer,
	cmLister corev1listers.ConfigMapLister,
	cmGetter corev1client.ConfigMapsGetter,
	recorder events.Recorder) certrotation.CABundleConfigMap

func CreatePeerCertificate 

func CreatePeerCertificate(node *corev1.Node,
	secretInformer corev1informers.SecretInformer,
	secretLister corev1listers.SecretLister,
	secretGetter corev1client.SecretsGetter,
	recorder events.Recorder) (*certrotation.RotatedSelfSignedCertKeySecret, error)

func CreateServingCertificate 

func CreateServingCertificate(node *corev1.Node,
	secretInformer corev1informers.SecretInformer,
	secretLister corev1listers.SecretLister,
	secretGetter corev1client.SecretsGetter,
	recorder events.Recorder) (*certrotation.RotatedSelfSignedCertKeySecret, error)

func CreateSignerCert 

func CreateSignerCert(
	secretInformer corev1informers.SecretInformer,
	secretLister corev1listers.SecretLister,
	secretGetter corev1client.SecretsGetter,
	recorder events.Recorder) certrotation.RotatedSigningCASecret

func CreateSignerCertRotationBundleConfigMap 

func CreateSignerCertRotationBundleConfigMap(
	cmInformer corev1informers.ConfigMapInformer,
	cmLister corev1listers.ConfigMapLister,
	cmGetter corev1client.ConfigMapsGetter,
	recorder events.Recorder) certrotation.CABundleConfigMap

func GetPeerClientSecretNameForNode 

func GetPeerClientSecretNameForNode(nodeName string) string

func GetServingMetricsSecretNameForNode 

func GetServingMetricsSecretNameForNode(nodeName string) string

func GetServingSecretNameForNode 

func GetServingSecretNameForNode(nodeName string) string

func ReadConfigMetricsSignerCert 

func ReadConfigMetricsSignerCert(ctx context.Context, secretClient corev1client.SecretsGetter) (*crypto.CA, error)

func ReadConfigSignerCert 

func ReadConfigSignerCert(ctx context.Context, secretClient corev1client.SecretsGetter) (*crypto.CA, error)

func SupportedEtcdCiphers 

func SupportedEtcdCiphers(cipherSuites []string) []string

Types

type CARotatingTargetCertCreator 

type CARotatingTargetCertCreator struct {
	certrotation.TargetCertCreator
}

CARotatingTargetCertCreator ensures we also rotate leaf certificates when we detect a change in signer. The certrotation.TargetCertCreator only assumes the bundle to change on a CA rotation, whereas we have to keep the bundle around for some time for a proper static pod rollout.

func (*CARotatingTargetCertCreator) NeedNewTargetCertKeyPair 

func (c *CARotatingTargetCertCreator) NeedNewTargetCertKeyPair(
	secret *corev1.Secret,
	signer *crypto.CA,
	caBundleCerts []*x509.Certificate,
	refresh time.Duration,
	refreshOnlyWhenExpired bool) string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.