Documentation
¶
Index ¶
Constants ¶
View Source
const ( // Debug enables debug messages. Debug = "debug" // CiliumNamespace is the Kubernetes namespace in which Cilium is // installed. CiliumNamespace = "cilium-namespace" // K8sKubeConfigPath is the path to the kubeconfig If empty, the in-cluster // configuration is used. K8sKubeConfigPath = "k8s-kubeconfig-path" // K8sRequestTimeout specifies the timeout for K8s API requests. K8sRequestTimeout = "k8s-request-timeout" // CACertFile is the path to the Cilium CA cert PEM (if CAGenerate is // false). CACertFile = "ca-cert-file" // CAKeyFile is the path to the Cilium CA key PEM (if CAGenerate is false). CAKeyFile = "ca-key-file" // CAGenerate can be set to true to generate a new Cilium CA secret. // If CAReuseSecret is true, then a new CA secret only is created if // existing one is not found. CAGenerate = "ca-generate" // CAReuseSecret can be set to true to store and load the Cilium CA from // the secret if it exists. Setting to false will delete the old Secret and // force regeneration. CAReuseSecret = "ca-reuse-secret" //#nosec // CACommonName is the Cilium CA x509 certificate CN value. CACommonName = "ca-common-name" // CAValidityDuration represent how much time the Cilium CA certificate // generated by certgen is valid. CAValidityDuration = "ca-validity-duration" // CASecretName is the Kubernetes Secret in which the Cilium CA certificate // is read from and/or written to. CASecretName = "ca-secret-name" // CASecretNamespace is the Kubernetes Namespace in which the Cilium CA // Secret will be stored. CASecretNamespace = "ca-secret-namespace" // HubbleServerCertGenerate can be set to true to generate and store a // Hubble server TLS certificate. HubbleServerCertGenerate = "hubble-server-cert-generate" // HubbleServerCertCommonName is the Hubble server x509 certificate CN // value (also used as DNS SAN). HubbleServerCertCommonName = "hubble-server-cert-common-name" // HubbleServerCertValidityDuration represent how much time the Hubble // server certificate generated by certgen is valid. HubbleServerCertValidityDuration = "hubble-server-cert-validity-duration" // HubbleServerCertSecretName is the Kubernetes Secret in which the Hubble // server certificate is written to. HubbleServerCertSecretName = "hubble-server-cert-secret-name" //#nosec // HubbleServerCertSecretNamespace is the Kubernetes Namespace in which the // Hubble server certificate Secret will be stored. HubbleServerCertSecretNamespace = "hubble-server-cert-secret-namespace" //#nosec // HubbleRelayServerCertGenerate can be set to true to generate and store a // Hubble Relay server TLS certificate. HubbleRelayServerCertGenerate = "hubble-relay-server-cert-generate" // HubbleRelayServerCertCommonName is the Hubble Relay server x509 // certificate CN value (also used as DNS SAN). HubbleRelayServerCertCommonName = "hubble-relay-server-cert-common-name" // HubbleRelayServerCertValidityDuration represent how much time the Hubble // Relay server certificate generated by certgen is valid. HubbleRelayServerCertValidityDuration = "hubble-relay-server-cert-validity-duration" // HubbleRelayServerCertSecretName is the Kubernetes Secret in which the // Hubble Relay server certificate is written to. HubbleRelayServerCertSecretName = "hubble-relay-server-cert-secret-name" //#nosec // HubbleRelayServerCertSecretNamespace is the Kubernetes Namespace in // which the Hubble Relay server certificate Secret will be stored. HubbleRelayServerCertSecretNamespace = "hubble-relay-server-cert-secret-namespace" //#nosec // HubbleRelayClientCertGenerate can be set to true to generate and store a // Hubble Relay client TLS certificate (used for the mTLS handshake with // the Hubble servers). HubbleRelayClientCertGenerate = "hubble-relay-client-cert-generate" // HubbleRelayClientCertCommonName is the Hubble Relay client x509 // certificate CN value. HubbleRelayClientCertCommonName = "hubble-relay-client-cert-common-name" // HubbleRelayClientCertValidityDuration represent how much time the Hubble // Relay client certificate generated by certgen is valid. HubbleRelayClientCertValidityDuration = "hubble-relay-client-cert-validity-duration" // HubbleRelayClientCertSecretName is the Kubernetes Secret in which the // Hubble Relay client certificate is written to. HubbleRelayClientCertSecretName = "hubble-relay-client-cert-secret-name" //#nosec // HubbleRelayClientCertSecretNamespace is the Kubernetes Namespace in // which the Hubble Relay client certificate Secret will be stored. HubbleRelayClientCertSecretNamespace = "hubble-relay-client-cert-secret-namespace" //#nosec // ClustermeshApiserverServerCertGenerate can be set to true to generate // and store a new Clustermesh API server TLS certificate. ClustermeshApiserverServerCertGenerate = "clustermesh-apiserver-server-cert-generate" // ClustermeshApiserverServerCertCommonName is the Clustermesh API server // x509 certificate CN value (also used as DNS SAN). ClustermeshApiserverServerCertCommonName = "clustermesh-apiserver-server-cert-common-name" // ClustermeshApiserverServerCertValidityDuration represent how much time // Clustermesh API server certificate generated by certgen is valid. ClustermeshApiserverServerCertValidityDuration = "clustermesh-apiserver-server-cert-validity-duration" // ClustermeshApiserverServerCertSecretName is the Kubernetes Secret in // which the Clustermesh API server certificate is written to. ClustermeshApiserverServerCertSecretName = "clustermesh-apiserver-server-cert-secret-name" // ClustermeshApiserverServerCertSANs is the list of SANs to add to the // Clustermesh API server certificate. ClustermeshApiserverServerCertSANs = "clustermesh-apiserver-server-cert-sans" // ClustermeshApiserverAdminCertGenerate can be set to true to generate and // store a new Clustermesh API admin TLS certificate. ClustermeshApiserverAdminCertGenerate = "clustermesh-apiserver-admin-cert-generate" // ClustermeshApiserverAdminCertCommonName is the Clustermesh API admin // x509 certificate CN value. ClustermeshApiserverAdminCertCommonName = "clustermesh-apiserver-admin-cert-common-name" // ClustermeshApiserverAdminCertValidityDuration represent how much time // Clustermesh API admin certificate generated by certgen is valid. ClustermeshApiserverAdminCertValidityDuration = "clustermesh-apiserver-admin-cert-validity-duration" // ClustermeshApiserverAdminCertSecretName is the Kubernetes Secret in // which the Clustermesh API admin certificate is written to. ClustermeshApiserverAdminCertSecretName = "clustermesh-apiserver-admin-cert-secret-name" // ClustermeshApiserverClientCertGenerate can be set to true to generate and // store a new Clustermesh API client TLS certificate. ClustermeshApiserverClientCertGenerate = "clustermesh-apiserver-client-cert-generate" // ClustermeshApiserverClientCertCommonName is the Clustermesh API client // x509 certificate CN value. ClustermeshApiserverClientCertCommonName = "clustermesh-apiserver-client-cert-common-name" // ClustermeshApiserverClientCertValidityDuration represent how much time // Clustermesh API client certificate generated by certgen is valid. ClustermeshApiserverClientCertValidityDuration = "clustermesh-apiserver-client-cert-validity-duration" // ClustermeshApiserverClientCertSecretName is the Kubernetes Secret in // which the Clustermesh API client certificate is written to. ClustermeshApiserverClientCertSecretName = "clustermesh-apiserver-client-cert-secret-name" // ClustermeshApiserverRemoteCertGenerate can be set to true to generate // and store a new ClustermeshApiserver remote secret. If true then any // existing secret is overwritten with a new one. ClustermeshApiserverRemoteCertGenerate = "clustermesh-apiserver-remote-cert-generate" // ClustermeshApiserverRemoteCertCommonName is the Clustermesh API remote // x509 certificate CN value. ClustermeshApiserverRemoteCertCommonName = "clustermesh-apiserver-remote-cert-common-name" // ClustermeshApiserverRemoteCertValidityDuration represent how much time // Clustermesh API remote certificate generated by certgen is valid. ClustermeshApiserverRemoteCertValidityDuration = "clustermesh-apiserver-remote-cert-validity-duration" // ClustermeshApiserverRemoteCertSecretName is the Kubernetes Secret in // which the Clustermesh API remote certificate is written to. ClustermeshApiserverRemoteCertSecretName = "clustermesh-apiserver-remote-cert-secret-name" )
Variables ¶
View Source
var Config = &CertGenConfig{}
Config is the main configuration as obtained from command-line arguments, environment variables and config files.
Functions ¶
This section is empty.
Types ¶
type CertGenConfig ¶
type CertGenConfig struct {
// Debug enables debug messages.
Debug bool
// CiliumNamespace is the Kubernetes namespace in which Cilium is
// installed.
CiliumNamespace string
// K8sKubeConfigPath is the path to the kubeconfig If empty, the in-cluster
// configuration is used.
K8sKubeConfigPath string
// K8sRequestTimeout specifies the timeout for K8s API requests
K8sRequestTimeout time.Duration
// CACertFile is the path to the Cilium CA cert PEM (if CAGenerate is
// false).
CACertFile string
// CAKeyFile is the path to the Cilium CA key PEM (if CAGenerate is false).
CAKeyFile string
// CAGenerate can be set to true to generate a new Cilium CA secret. If
// CAReuseSecret is true, then a new CA secret only is created if existing
// one is not found.
CAGenerate bool
// CAReuseSecret can be set to true to store and load the Cilium CA from
// the secret if it exists. Setting to false will delete the old Secret and
// force regeneration.
CAReuseSecret bool
// CACommonName is the Cilium CA x509 certificate CN value.
CACommonName string
// CAValidityDuration represent how much time the Cilium CA certificate
// generated by certgen is valid.
CAValidityDuration time.Duration
// CASecretName is the Kubernetes Secret in which the Cilium CA certificate
// is read from and/or written to.
CASecretName string
// CASecretNamespace is the Kubernetes Namespace in which the Cilium CA
// Secret will be stored.
CASecretNamespace string
// HubbleRelayClientCertGenerate can be set to true to generate and store a
// Hubble Relay client TLS certificate (used for the mTLS handshake with
// the Hubble servers).
HubbleRelayClientCertGenerate bool
// HubbleRelayClientCertCommonName is the Hubble Relay client x509
// certificate CN value.
HubbleRelayClientCertCommonName string
// HubbleRelayClientCertValidityDuration represent how much time the Hubble
// Relay client certificate generated by certgen is valid.
HubbleRelayClientCertValidityDuration time.Duration
// HubbleRelayClientCertSecretName is the Kubernetes Secret in which the
// Hubble Relay client certificate is written to.
HubbleRelayClientCertSecretName string
// HubbleRelayClientCertSecretNamespace is the Kubernetes Namespace in
// which the Hubble Relay client certificate Secret will be stored.
HubbleRelayClientCertSecretNamespace string
// HubbleRelayServerCertGenerate can be set to true to generate and store a
// Hubble Relay server TLS certificate.
HubbleRelayServerCertGenerate bool
// HubbleRelayServerCertCommonName is the Hubble Relay server x509
// certificate CN value (also used as DNS SAN).
HubbleRelayServerCertCommonName string
// HubbleRelayServerCertValidityDuration represent how much time the Hubble
// Relay server certificate generated by certgen is valid.
HubbleRelayServerCertValidityDuration time.Duration
// HubbleRelayServerCertSecretName is the Kubernetes Secret in which the
// Hubble Relay server certificate is written to.
HubbleRelayServerCertSecretName string
// HubbleRelayServerCertSecretNamespace where the Hubble Relay server cert
// and key will be stored.
HubbleRelayServerCertSecretNamespace string
// HubbleServerCertGenerate can be set to true to generate and store a
// Hubble server TLS certificate.
HubbleServerCertGenerate bool
// HubbleServerCertCommonName is the Hubble server x509 certificate CN
// value (also used as DNS SAN).
HubbleServerCertCommonName string
// HubbleServerCertValidityDuration represent how much time the Hubble
// server certificate generated by certgen is valid.
HubbleServerCertValidityDuration time.Duration
// HubbleServerCertSecretName is the Kubernetes Secret in which the Hubble
// server certificate is written to.
HubbleServerCertSecretName string
// HubbleServerCertSecretNamespace is the Kubernetes Namespace in which the
// Hubble server certificate Secret will be stored.
HubbleServerCertSecretNamespace string
// ClustermeshApiserverServerCertGenerate can be set to true to generate
// and store a new Clustermesh API server TLS certificate.
ClustermeshApiserverServerCertGenerate bool
// ClustermeshApiserverServerCertCommonName is the Clustermesh API server
// x509 certificate CN value (also used as DNS SAN).
ClustermeshApiserverServerCertCommonName string
// ClustermeshApiserverServerCertValidityDuration represent how much time
// Clustermesh API server certificate generated by certgen is valid.
ClustermeshApiserverServerCertValidityDuration time.Duration
// ClustermeshApiserverServerCertSecretName is the Kubernetes Secret in
// which the Clustermesh API server certificate is written to.
ClustermeshApiserverServerCertSecretName string
// ClustermeshApiserverServerCertSANs is the list of SANs to add to the
// Clustermesh API server certificate.
ClustermeshApiserverServerCertSANs []string
// ClustermeshApiserverAdminCertGenerate can be set to true to generate and
// store a new Clustermesh API admin TLS certificate.
ClustermeshApiserverAdminCertGenerate bool
// ClustermeshApiserverAdminCertCommonName is the Clustermesh API admin
// x509 certificate CN value.
ClustermeshApiserverAdminCertCommonName string
// ClustermeshApiserverAdminCertValidityDuration represent how much time
// Clustermesh API admin certificate generated by certgen is valid.
ClustermeshApiserverAdminCertValidityDuration time.Duration
// ClustermeshApiserverAdminCertSecretName is the Kubernetes Secret in
// which the Clustermesh API admin certificate is written to.
ClustermeshApiserverAdminCertSecretName string
// ClustermeshApiserverClientCertGenerate can be set to true to generate and
// store a new Clustermesh API client TLS certificate.
ClustermeshApiserverClientCertGenerate bool
// ClustermeshApiserverClientCertCommonName is the Clustermesh API client
// x509 certificate CN value.
ClustermeshApiserverClientCertCommonName string
// ClustermeshApiserverClientCertValidityDuration represent how much time
// Clustermesh API client certificate generated by certgen is valid.
ClustermeshApiserverClientCertValidityDuration time.Duration
// ClustermeshApiserverClientCertSecretName is the Kubernetes Secret in
// which the Clustermesh API client certificate is written to.
ClustermeshApiserverClientCertSecretName string
// ClustermeshApiserverRemoteCertGenerate can be set to true to generate and
// store a new Clustermesh API remote TLS certificate.
ClustermeshApiserverRemoteCertGenerate bool
// ClustermeshApiserverRemoteCertCommonName is the Clustermesh API remote
// x509 certificate CN value.
ClustermeshApiserverRemoteCertCommonName string
// ClustermeshApiserverRemoteCertValidityDuration represent how much time
// Clustermesh API remote certificate generated by certgen is valid.
ClustermeshApiserverRemoteCertValidityDuration time.Duration
// ClustermeshApiserverRemoteCertSecretName is the Kubernetes Secret in
// which the Clustermesh API remote certificate is written to.
ClustermeshApiserverRemoteCertSecretName string
}
CertGenConfig contains the main configuration options
func (*CertGenConfig) PopulateFrom ¶
func (c *CertGenConfig) PopulateFrom(vp *viper.Viper)
PopulateFrom populates the config struct with the values provided by vp
Source Files
Click to show internal directories.
Click to hide internal directories.