pki

package
v0.11.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 22, 2020 License: Apache-2.0 Imports: 10 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// BrokerSelfSignerTemplate is the template used for self-signer resources
	BrokerSelfSignerTemplate = "%s-self-signer"
	// BrokerCACertTemplate is the template used for CA certificate resources
	BrokerCACertTemplate = "%s-ca-certificate"
	// BrokerServerCertTemplate is the template used for broker certificate resources
	BrokerServerCertTemplate = "%s-server-certificate"
	// BrokerIssuerTemplate is the template used for broker issuer resources
	BrokerIssuerTemplate = "%s-issuer"
	// BrokerControllerTemplate is the template used for operator certificate resources
	BrokerControllerTemplate = "%s-controller"
	// BrokerControllerFQDNTemplate is combined with the above and cluster namespace
	// to create a 'fake' full-name for the controller user
	BrokerControllerFQDNTemplate = "%s.%s.mgt.cluster.local"
	// CAIntermediateTemplate is the template used for intermediate CA resources
	CAIntermediateTemplate = "%s-intermediate.%s.cluster.local"
	// CAFQDNTemplate is the template used for the FQDN of a CA
	CAFQDNTemplate = "%s-ca.%s.cluster.local"
)

Variables

This section is empty.

Functions

func BrokerUserForCluster

func BrokerUserForCluster(cluster *v1beta1.KafkaCluster, additionalHostnames []string) *v1alpha1.KafkaUser

BrokerUserForCluster returns a KafkaUser CR for the broker certificates in a KafkaCluster

func ControllerUserForCluster

func ControllerUserForCluster(cluster *v1beta1.KafkaCluster) *v1alpha1.KafkaUser

ControllerUserForCluster returns a KafkaUser CR for the controller/cc certificates in a KafkaCluster

func GetCommonName

func GetCommonName(cluster *v1beta1.KafkaCluster) string

GetCommonName returns the full FQDN for the internal Kafka listener

func GetInternalDNSNames

func GetInternalDNSNames(cluster *v1beta1.KafkaCluster) (dnsNames []string)

GetInternalDNSNames returns all potential DNS names for a kafka cluster - including brokers

func LabelsForKafkaPKI

func LabelsForKafkaPKI(name string) map[string]string

LabelsForKafkaPKI returns kubernetes labels for a PKI object

Types

type Manager

type Manager interface {
	// ReconcilePKI ensures a PKI for a kafka cluster - should be idempotent.
	// This method should at least setup any issuer needed for user certificates
	// as well as broker/cruise-control secrets
	ReconcilePKI(ctx context.Context, logger logr.Logger, scheme *runtime.Scheme, externalHostnames []string) error

	// FinalizePKI performs any cleanup steps necessary for a PKI backend
	FinalizePKI(ctx context.Context, logger logr.Logger) error

	// ReconcileUserCertificate ensures and returns a user certificate - should be idempotent
	ReconcileUserCertificate(ctx context.Context, user *v1alpha1.KafkaUser, scheme *runtime.Scheme) (*UserCertificate, error)

	// FinalizeUserCertificate removes/revokes a user certificate
	FinalizeUserCertificate(ctx context.Context, user *v1alpha1.KafkaUser) error

	// GetControllerTLSConfig retrieves a TLS configuration for a controller kafka client
	GetControllerTLSConfig() (*tls.Config, error)
}

Manager is the main interface for objects performing PKI operations

type UserCertificate

type UserCertificate struct {
	CA          []byte
	Certificate []byte
	Key         []byte

	// Serial is used by vault backend for certificate revocations
	Serial string
	// jks and password are used by vault backend for passing jks info between itself
	// the cert-manager backend passes it through the k8s secret
	JKS      []byte
	Password []byte
}

UserCertificate is a struct representing the key components of a user TLS certificate for use across operations from other packages and internally.

func (*UserCertificate) DN

func (u *UserCertificate) DN() string

DN returns the Distinguished Name of a TLS certificate

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL