Documentation
¶
Overview ¶
An example implementation of a CSR Controller.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CertificateAuthority ¶
type CertificateAuthority struct {
// Chain including the signing CA (as leaf), up to the roots
// tls.crt
Chain []byte
// Roots contains the ca.crt
Roots []byte
Key []byte
Certificate *x509.Certificate
PrivateKey crypto.Signer
}
CertificateAuthority implements a certificate authority that supports policy based signing. It's used by the signing controller.
func (*CertificateAuthority) Init ¶
func (ca *CertificateAuthority) Init() (err error)
func (*CertificateAuthority) Sign ¶
func (ca *CertificateAuthority) Sign(crDER []byte) ([]byte, error)
Sign signs a certificate request, applying a SigningPolicy and returns a DER encoded x509 certificate.
func (*CertificateAuthority) SignCSR ¶
func (s *CertificateAuthority) SignCSR(x509cr *x509.CertificateRequest) ([]byte, error)
SingCSR signs the certificate and returns a full chain.
type K8SSigner ¶
type K8SSigner struct {
K8SClient *kubernetes.Clientset
Name string
Signer *CertificateAuthority
// contains filtered or unexported fields
}
func NewK8SSigner ¶
func NewK8SSigner(cl *kubernetes.Clientset, s string, factory informers.SharedInformerFactory, signers *CertificateAuthority) *K8SSigner
Source Files
Click to show internal directories.
Click to hide internal directories.