CertificateTypeFromObject returns the CertificateType based on the annotations of the object.

GetCertRotationScale The normal scale is based on a day.

LabelAsManagedConfigMap add label indicating the given config map contains certificates that are managed.

LabelAsManagedConfigMap add label indicating the given secret contains certificates that are managed.

CertificateHostnames contains the hostnames used by a signer.

CertificateIssuer contains the common name of the certificate that signed another certificate.

CertificateNotAfterAnnotation contains the certificate expiration date in RFC3339 format.

CertificateNotBeforeAnnotation contains the certificate expiration date in RFC3339 format.

ManagedCertificateTypeLabelName marks config map or secret as object that contains managed certificates.

RunOnceContextKey is a context value key that can be used to call the controller Sync() and make it only run the syncWorker once and report error.

CABundleConfigMap maintains a CA bundle config map, by adding new CA certs coming from RotatedSigningCASecret, and by removing expired old ones.

CertRotationController does: 1) continuously create a self-signed signing CA (via RotatedSigningCASecret) and store it in a secret.

RotatedSelfSignedCertKeySecret rotates a key and cert signed by a signing CA and stores it in a secret.

RotatedSigningCASecret rotates a self-signed signing CA stored in a secret.

StatusReporter knows how to report the status of cert rotation.

TargetCertRechecker is an optional interface to be implemented by the TargetCertCreator to enforce a controller run.