package authority

import "k8s.io/kubernetes/pkg/controller/certificates/authority"

Index

Types

type CertificateAuthority 

type CertificateAuthority struct {
	// RawCert is an optional field to determine if signing cert/key pairs have changed
	RawCert []byte
	// RawKey is an optional field to determine if signing cert/key pairs have changed
	RawKey []byte

	Certificate *x509.Certificate
	PrivateKey  crypto.Signer
}

CertificateAuthority implements a certificate authority that supports policy based signing. It's used by the signing controller.

func (*CertificateAuthority) Sign 

func (ca *CertificateAuthority) Sign(crDER []byte, policy SigningPolicy) ([]byte, error)

Sign signs a certificate request, applying a SigningPolicy and returns a DER encoded x509 certificate.

type PermissiveSigningPolicy 

type PermissiveSigningPolicy struct {
	// TTL is used in certificate NotAfter calculation as described above.
	TTL time.Duration

	// Usages are the allowed usages of a certificate.
	Usages []capi.KeyUsage

	// Backdate is used in certificate NotBefore calculation as described above.
	Backdate time.Duration

	// Short is the duration used to determine if the lifetime of a certificate should be considered short.
	Short time.Duration

	// Now defaults to time.Now but can be stubbed for testing
	Now func() time.Time
}

PermissiveSigningPolicy is the signing policy historically used by the local signer.

type SigningPolicy 

type SigningPolicy interface {
	// contains filtered or unexported methods
}

SigningPolicy validates a CertificateRequest before it's signed by the CertificateAuthority. It may default or otherwise mutate a certificate template.

Source Files

authority.go policies.go

Version
v1.33.0 (latest)
Published
Apr 23, 2025
Platform
linux/amd64
Imports
8 packages
Last checked
3 hours ago

Tools for package owners.