kubernetes/staging/src/k8s.io/client-go/util/certificate/certificate_manager.go

var certificateWaitTimeout

var kubeletServingUsagesWithEncipherment

var kubeletServingUsagesNoEncipherment

var DefaultKubeletServingGetUsages

var kubeletClientUsagesWithEncipherment

var kubeletClientUsagesNoEncipherment

var DefaultKubeletClientGetUsages

type Manager

type Config

type Store

type Gauge

type Histogram

type Counter

type NoCertKeyError

type ClientsetFunc

func (e *NoCertKeyError) Error() string {}

type manager

// NewManager returns a new certificate manager. A certificate manager is
// responsible for being the authoritative source of certificates in the
// Kubelet and handling updates due to rotation.
func NewManager(config *Config) (Manager, error) {}

// Current returns the currently selected certificate from the certificate
// manager. This can be nil if the manager was initialized without a
// certificate and has not yet received one from the
// CertificateSigningRequestClient, or if the current cert has expired.
func (m *manager) Current() *tls.Certificate {}

// ServerHealthy returns true if the cert manager believes the server
// is currently alive.
func (m *manager) ServerHealthy() bool {}

// Stop terminates the manager.
func (m *manager) Stop() {}

// Start will start the background work of rotating the certificates.
func (m *manager) Start() {}

func getCurrentCertificateOrBootstrap(
	store Store,
	bootstrapCertificatePEM []byte,
	bootstrapKeyPEM []byte) (cert *tls.Certificate, shouldRotate bool, errResult error) {}

func (m *manager) getClientset() (clientset.Interface, error) {}

// RotateCerts is exposed for testing only and is not a part of the public interface.
// Returns true if it changed the cert, false otherwise. Error is only returned in
// exceptional cases.
func (m *manager) RotateCerts() (bool, error) {}

// rotateCerts attempts to request a client cert from the server, wait a reasonable
// period of time for it to be signed, and then update the cert on disk. If it cannot
// retrieve a cert, it will return false. It will only return error in exceptional cases.
// This method also keeps track of "server health" by interpreting the responses it gets
// from the server on the various calls it makes.
// TODO: return errors, have callers handle and log them correctly
func (m *manager) rotateCerts() (bool, error) {}

// Check that the current certificate on disk satisfies the requests from the
// current template.
//
// Note that extra items in the certificate's SAN or orgs that don't exist in
// the template will not trigger a renewal.
//
// Requires certAccessLock to be locked.
func (m *manager) certSatisfiesTemplateLocked() bool {}

func (m *manager) certSatisfiesTemplate() bool {}

// nextRotationDeadline returns a value for the threshold at which the
// current certificate should be rotated, 80%+/-10% of the expiration of the
// certificate.
func (m *manager) nextRotationDeadline() time.Time {}

var jitteryDuration

// updateCached sets the most recent retrieved cert and returns the old cert.
// It also sets the server as assumed healthy.
func (m *manager) updateCached(cert *tls.Certificate) *tls.Certificate {}

// updateServerError takes an error returned by the server and infers
// the health of the server based on the error. It will return nil if
// the error does not require immediate termination of any wait loops,
// and otherwise it will return the error.
func (m *manager) updateServerError(err error) error {}

func (m *manager) generateCSR() (template *x509.CertificateRequest, csrPEM []byte, keyPEM []byte, key interface{}

func (m *manager) getLastRequest() (context.CancelFunc, *x509.CertificateRequest) {}

func (m *manager) setLastRequest(cancel context.CancelFunc, r *x509.CertificateRequest) {}

func hasKeyUsage(usages []certificates.KeyUsage, usage certificates.KeyUsage) bool {}