Documentation ¶
Index ¶
- func CertOrKeyExist(pkiPath, name string) bool
- func GetAPIServerAltNames(cfg *kubeadmapi.InitConfiguration) (*certutil.AltNames, error)
- func GetEtcdAltNames(cfg *kubeadmapi.InitConfiguration) (*certutil.AltNames, error)
- func GetEtcdPeerAltNames(cfg *kubeadmapi.InitConfiguration) (*certutil.AltNames, error)
- func HasServerAuth(cert *x509.Certificate) bool
- func NewCertAndKey(caCert *x509.Certificate, caKey *rsa.PrivateKey, config *certutil.Config) (*x509.Certificate, *rsa.PrivateKey, error)
- func NewCertificateAuthority(config *certutil.Config) (*x509.Certificate, *rsa.PrivateKey, error)
- func PathsForCertAndKey(pkiPath, name string) (string, string)
- func TryLoadCertAndKeyFromDisk(pkiPath, name string) (*x509.Certificate, *rsa.PrivateKey, error)
- func TryLoadCertFromDisk(pkiPath, name string) (*x509.Certificate, error)
- func TryLoadKeyFromDisk(pkiPath, name string) (*rsa.PrivateKey, error)
- func TryLoadPrivatePublicKeyFromDisk(pkiPath, name string) (*rsa.PrivateKey, *rsa.PublicKey, error)
- func WriteCert(pkiPath, name string, cert *x509.Certificate) error
- func WriteCertAndKey(pkiPath string, name string, cert *x509.Certificate, key *rsa.PrivateKey) error
- func WriteKey(pkiPath, name string, key *rsa.PrivateKey) error
- func WritePublicKey(pkiPath, name string, key *rsa.PublicKey) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CertOrKeyExist ¶
CertOrKeyExist returns a boolean whether the cert or the key exists
func GetAPIServerAltNames ¶
func GetAPIServerAltNames(cfg *kubeadmapi.InitConfiguration) (*certutil.AltNames, error)
GetAPIServerAltNames builds an AltNames object for to be used when generating apiserver certificate
func GetEtcdAltNames ¶
func GetEtcdAltNames(cfg *kubeadmapi.InitConfiguration) (*certutil.AltNames, error)
GetEtcdAltNames builds an AltNames object for generating the etcd server certificate. `localhost` is included in the SAN since this is the interface the etcd static pod listens on. Hostname and `API.AdvertiseAddress` are excluded since etcd does not listen on this interface by default. The user can override the listen address with `Etcd.ExtraArgs` and add SANs with `Etcd.ServerCertSANs`.
func GetEtcdPeerAltNames ¶
func GetEtcdPeerAltNames(cfg *kubeadmapi.InitConfiguration) (*certutil.AltNames, error)
GetEtcdPeerAltNames builds an AltNames object for generating the etcd peer certificate. `localhost` is excluded from the SAN since etcd will not refer to itself as a peer. Hostname and `API.AdvertiseAddress` are included if the user chooses to promote the single node etcd cluster into a multi-node one. The user can override the listen address with `Etcd.ExtraArgs` and add SANs with `Etcd.PeerCertSANs`.
func HasServerAuth ¶
func HasServerAuth(cert *x509.Certificate) bool
HasServerAuth returns true if the given certificate is a ServerAuth
func NewCertAndKey ¶
func NewCertAndKey(caCert *x509.Certificate, caKey *rsa.PrivateKey, config *certutil.Config) (*x509.Certificate, *rsa.PrivateKey, error)
NewCertAndKey creates new certificate and key by passing the certificate authority certificate and key
func NewCertificateAuthority ¶
func NewCertificateAuthority(config *certutil.Config) (*x509.Certificate, *rsa.PrivateKey, error)
NewCertificateAuthority creates new certificate and private key for the certificate authority
func PathsForCertAndKey ¶
PathsForCertAndKey returns the paths for the certificate and key given the path and basename.
func TryLoadCertAndKeyFromDisk ¶
func TryLoadCertAndKeyFromDisk(pkiPath, name string) (*x509.Certificate, *rsa.PrivateKey, error)
TryLoadCertAndKeyFromDisk tries to load a cert and a key from the disk and validates that they are valid
func TryLoadCertFromDisk ¶
func TryLoadCertFromDisk(pkiPath, name string) (*x509.Certificate, error)
TryLoadCertFromDisk tries to load the cert from the disk and validates that it is valid
func TryLoadKeyFromDisk ¶
func TryLoadKeyFromDisk(pkiPath, name string) (*rsa.PrivateKey, error)
TryLoadKeyFromDisk tries to load the key from the disk and validates that it is valid
func TryLoadPrivatePublicKeyFromDisk ¶
TryLoadPrivatePublicKeyFromDisk tries to load the key from the disk and validates that it is valid
func WriteCert ¶
func WriteCert(pkiPath, name string, cert *x509.Certificate) error
WriteCert stores the given certificate at the given location
func WriteCertAndKey ¶
func WriteCertAndKey(pkiPath string, name string, cert *x509.Certificate, key *rsa.PrivateKey) error
WriteCertAndKey stores certificate and key at the specified location
Types ¶
This section is empty.