dynamiclistener

Author	SHA1	Message	Date
Brad Davidson	8ebd77f8a4	Raise default ExpirationDaysCheck to 90 and extend into cert factory Most of our products actually renew at 90 days, so make that the default. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-07-21 14:08:16 -07:00
Brad Davidson	fdf983a935	Don't merge expired certs over the top of an unexpired cert Fixes an issue where an expired Kubernetes secret would replace the renewed locally-cached cert after cluster startup. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-07-21 14:08:16 -07:00
Brad Davidson	a30741bb53	Send complete certificate chain, not just the leaf cert Also, print a warning when signing may change the issuer. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-05-20 12:21:30 -07:00
Brad Davidson	b1d65efb6f	Move Kubernetes Secrets storage update to goroutine Fixes issue where apiserver outages can block dynamiclistener from accepting new connections. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-05-02 18:48:48 -07:00
Brad Davidson	43f9c3ae0a	Fix handling of IPv6 addresses and long hostnames Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2021-11-23 23:38:49 -08:00
Brad Davidson	284cc004e8	Fix listenAndServe certificate expiration by preloading certs Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2021-11-23 23:38:49 -08:00
Nick Gerace	f147aa4166	Fix defaultNewSignedCertExpirationDays const This a quick fix for `2644a6ed16`	2021-11-19 12:31:47 -05:00
Kinara Shah	63157c59ce	Merge pull request #46 from nickgerace/days Allow for default expiration days to be loaded from env	2021-11-19 08:59:57 -08:00
Nick Gerace	2644a6ed16	Allow for default expiration days to be loaded from env	2021-11-18 12:38:35 -05:00
Brian Downs	27f4642299	Add ability to force cert regeneration (#43 ) * add ability to force cert regeneration	2021-11-15 13:50:26 -07:00
Darren Shepherd	ff22834bde	Avoid panic when secret is nil	2021-06-15 22:42:42 -07:00
Sjoerd Simons	dc7452dbb8	Accept IPv6 address as CN names Expand the cnRegexp to also accept ipv6 addresses such as: * ::1 * 2a00:1450:400e:80e:: * 2a00:1450:400e:80e::200e Fixes: #37 Signed-off-by: Sjoerd Simons <sjoerd@collabora.com>	2021-06-14 11:07:13 -07:00
Dan Ramich	f373fc1c7c	Update IsStatic to check for nil annotations	2021-04-23 14:56:14 -06:00
Darren Shepherd	a60200ab9e	Merge tag 'v0.2.3'	2021-04-12 15:00:05 -07:00
Darren Shepherd	85f32491cb	Add dumb hook to set the organization in the client cert	2020-09-10 13:32:14 -07:00
Brad Davidson	53f6b38760	Allow forcing cert reissuance (#28 ) Refreshing the cert should force renewal as opposed to returning early if the SANs aren't changing. This is currently breaking refresh of expired certs as per: https://github.com/rancher/k3s/issues/1621#issuecomment-669464318 Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2020-08-10 17:12:39 -07:00
Darren Shepherd	479ab335d6	Add LoadOrGenClient to handle client cert generation	2020-08-10 17:12:39 -07:00
Darren Shepherd	ebebb82b9b	Add LoadOrGenClient to handle client cert generation	2020-08-01 23:37:51 -07:00
Darren Shepherd	c992ce309c	Reject bad CNs that will prevent the secret from being saved.	2020-04-02 22:07:45 -07:00
Darren Shepherd	05d7922a86	Add ability to limit the maximum number of SANs	2020-03-18 23:16:38 -07:00
Darren Shepherd	bc68bf5499	Fix merging of the k8s secret to reduce the number of writes	2020-02-04 12:48:38 -07:00
Darren Shepherd	a75e84bc81	Add more helpers	2020-01-30 22:41:19 -07:00
Darren Shepherd	f1484a07b3	Add static storage and listener opts	2019-12-04 11:32:00 -07:00
Darren Shepherd	3c2990b7c5	Support old or imported RSA keys	2019-11-15 23:45:14 +00:00
Darren Shepherd	02b97e01f1	Attempt to minimize additional cert gens	2019-11-13 14:46:32 +00:00
Darren Shepherd	af04867843	Refactor to not include a server by default	2019-10-30 19:14:34 -07:00

26 Commits

No results found.