// UpdateTransport instruments a restconfig with a transport that dynamically uses // certificates provided by the manager for TLS client auth. // // The config must not already provide an explicit transport. // // The returned function allows forcefully closing all active connections. // // The returned transport periodically checks the manager to determine if the // certificate has changed. If it has, the transport shuts down all existing client // connections, forcing the client to re-handshake with the server and use the // new certificate. // // The exitAfter duration, if set, will terminate the current process if a certificate // is not available from the store (because it has been deleted on disk or is corrupt) // or if the certificate has expired and the server is responsive. This allows the // process parent or the bootstrap credentials an opportunity to retrieve a new initial // certificate. // // stopCh should be used to indicate when the transport is unused and doesn't need // to continue checking the manager. func UpdateTransport(stopCh <-chan struct{ … } // updateTransport is an internal method that exposes how often this method checks that the // client cert has changed. func updateTransport(stopCh <-chan struct{ … } func addCertRotation(stopCh <-chan struct{ … }
Codebase Browser
kubernetes