forked from github/dynamiclistener
fork to support Chinese encryption set
9b92d13bcb
Updates to the secret that occurred before the controller was done syncing were not being written to Kubernetes. Subsequent updates to the secret would eventually get it written, but Rancher requires that the cert be written immediately. This was probably an unnecessary optimization anyway, so back it out in favor of just checking to see if the secrets controller is available. Also fixed improper handling of multiple goroutines attempting to create the Kubernetes secret at the same time; this was also handled eventually but caused an unnecessary round of extra writes to the secret. Signed-off-by: Brad Davidson <brad.davidson@rancher.com> |
||
|---|---|---|
| cert | ||
| factory | ||
| server | ||
| storage | ||
| filter.go | ||
| go.mod | ||
| go.sum | ||
| LICENSE | ||
| listener.go | ||
| README.md | ||
| redirect.go | ||
| tcp.go | ||
dynamiclistener
This README is a work in progress; aimed towards providing information for navigating the contents of this repository.
Changing the Expiration Days for Newly Signed Certificates
By default, a newly signed certificate is set to expire 365 days (1 year) after its creation time and date.
You can use the CATTLE_NEW_SIGNED_CERT_EXPIRATION_DAYS environment variable to change this value.
Please note: the value for the aforementioned variable must be a string representing an unsigned integer corresponding to the number of days until expiration (i.e. X509 "NotAfter" value).