Documentation
¶
Index ¶
- Constants
- func ApplyDefaultSettings(opts *Options, cfg configv1.BuiltInCertManagement) error
- func BuildAll(opts Options) ([]client.Object, error)
- func CABundleName(stackName string) string
- func CertificatesExpired(opts Options) error
- func ComponentCertSecretNames(stackName string) []string
- func SigningCAExpired(opts Options) error
- func SigningCASecretName(stackName string) string
- type CertExpiredError
- type ComponentCertificates
- type Options
- type Rotation
- type SelfSignedCertKey
- type SigningCA
Constants ¶
const (
// CertificateNotBeforeAnnotation contains the certificate expiration date in RFC3339 format.
CertificateNotBeforeAnnotation = "loki.grafana.com/certificate-not-before"
// CertificateNotAfterAnnotation contains the certificate expiration date in RFC3339 format.
CertificateNotAfterAnnotation = "loki.grafana.com/certificate-not-after"
// CertificateIssuer contains the common name of the certificate that signed another certificate.
CertificateIssuer = "loki.grafana.com/certificate-issuer"
// CertificateHostnames contains the hostnames used by a signer.
CertificateHostnames = "loki.grafana.com/certificate-hostnames"
)
const (
// CAFile is the file name of the certificate authority file
CAFile = "service-ca.crt"
)
Variables ¶
This section is empty.
Functions ¶
func ApplyDefaultSettings ¶
func ApplyDefaultSettings(opts *Options, cfg configv1.BuiltInCertManagement) error
ApplyDefaultSettings merges the default options with the ones we give.
func BuildAll ¶
func BuildAll(opts Options) ([]client.Object, error)
BuildAll builds all secrets and configmaps containing CA certificates, CA bundles and client certificates for a LokiStack.
func CABundleName ¶
func CABundleName(stackName string) string
CABundleName returns the lokistack ca bundle configmap name
func CertificatesExpired ¶
func CertificatesExpired(opts Options) error
CertificatesExpired returns an error if any certificates expired and the list of expiry reasons.
func ComponentCertSecretNames ¶
func ComponentCertSecretNames(stackName string) []string
ComponentCertSecretNames retruns a list of all loki component certificate secret names.
func SigningCAExpired ¶
func SigningCAExpired(opts Options) error
SigningCAExpired returns true if the signer certificate expired and the reason of expiry.
func SigningCASecretName ¶
func SigningCASecretName(stackName string) string
SigningCASecretName returns the lokistack signing CA secret name
Types ¶
type CertExpiredError ¶
type CertExpiredError struct {
Message string
Reasons []string
}
CertExpiredError contains information if a certificate expired and the reasons of expiry.
type ComponentCertificates ¶
type ComponentCertificates map[string]SelfSignedCertKey
ComponentCertificates is a map of lokistack component names to TLS certificates
type Options ¶
type Options struct {
StackName string
StackNamespace string
Rotation Rotation
Signer SigningCA
CABundle *corev1.ConfigMap
RawCACerts []*x509.Certificate
Certificates ComponentCertificates
}
Options is a set of configuration values to use when building manifests for LokiStack certificates.
type Rotation ¶
type Rotation struct {
CACertValidity time.Duration
CACertRefresh time.Duration
TargetCertValidity time.Duration
TargetCertRefresh time.Duration
}
Rotation define the validity/refresh pairs for certificates
func ParseRotation ¶
func ParseRotation(cfg configv1.BuiltInCertManagement) (Rotation, error)
ParseRotation builds a new RotationOptions struct from the feature gate string values.
type SelfSignedCertKey ¶
type SelfSignedCertKey struct {
Secret *corev1.Secret
Rotation certificateRotation
}
SelfSignedCertKey rotates a key and cert signed by a signing CA and stores it in a secret.
It creates a new one when - refresh duration is over - or 80% of validity is over - or the cert is expired. - or the signing CA changes.
Source Files