Documentation ¶
Index ¶
- Constants
- Variables
- func CertificateIsExpired(clock clock.Clock, cert []byte, renewalWindow time.Duration) (bool, error)
- func ControlPlaneSecretDataKeyCertificatePEM(name string) string
- func ControlPlaneSecretDataKeyPrivateKey(name string) string
- func GenerateCertificateAuthorities(ctx context.Context, c client.Client, ...) (map[string]*corev1.Secret, map[string]*Certificate, error)
- func GenerateClusterSecrets(ctx context.Context, c client.Client, ...) (map[string]*corev1.Secret, error)
- func GenerateClusterSecretsWithFunc(ctx context.Context, k8sClusterClient client.Client, ...) (map[string]*corev1.Secret, error)
- func GenerateKubeconfig(secret *ControlPlaneSecretConfig, certificate *Certificate) ([]byte, error)
- func NewBasicAuthInfoData(password string) infodata.InfoData
- func SelfGenerateTLSServerCertificate(name string, dnsNames []string, ips []net.IP) (cert *Certificate, ca *Certificate, dir string, rErr error)
- func UnmarshalBasicAuth(bytes []byte) (infodata.InfoData, error)
- func UnmarshalCert(bytes []byte) (infodata.InfoData, error)
- func UnmarshalPrivateKey(bytes []byte) (infodata.InfoData, error)
- func UnmarshalStaticToken(bytes []byte) (infodata.InfoData, error)
- type BasicAuth
- type BasicAuthInfoData
- type BasicAuthJSONData
- type BasicAuthSecretConfig
- func (s *BasicAuthSecretConfig) Generate() (DataInterface, error)
- func (s *BasicAuthSecretConfig) GenerateBasicAuth() (*BasicAuth, error)
- func (s *BasicAuthSecretConfig) GenerateFromInfoData(infoData infodata.InfoData) (DataInterface, error)
- func (s *BasicAuthSecretConfig) GenerateInfoData() (infodata.InfoData, error)
- func (s *BasicAuthSecretConfig) GetName() string
- func (s *BasicAuthSecretConfig) LoadFromSecretData(secretData map[string][]byte) (infodata.InfoData, error)
- type CertType
- type Certificate
- type CertificateBundle
- type CertificateBundleSecretConfig
- func (s *CertificateBundleSecretConfig) Generate() (DataInterface, error)
- func (s *CertificateBundleSecretConfig) GenerateFromInfoData(_ infodata.InfoData) (DataInterface, error)
- func (s *CertificateBundleSecretConfig) GenerateInfoData() (infodata.InfoData, error)
- func (s *CertificateBundleSecretConfig) GetName() string
- func (s *CertificateBundleSecretConfig) LoadFromSecretData(_ map[string][]byte) (infodata.InfoData, error)
- type CertificateInfoData
- type CertificateJSONData
- type CertificateSecretConfig
- func (s *CertificateSecretConfig) Generate() (DataInterface, error)
- func (s *CertificateSecretConfig) GenerateCertificate() (*Certificate, error)
- func (s *CertificateSecretConfig) GenerateFromInfoData(infoData infodata.InfoData) (DataInterface, error)
- func (s *CertificateSecretConfig) GenerateInfoData() (infodata.InfoData, error)
- func (s *CertificateSecretConfig) GetName() string
- func (s *CertificateSecretConfig) LoadFromSecretData(secretData map[string][]byte) (infodata.InfoData, error)
- type ConfigInterface
- type ControlPlane
- type ControlPlaneSecretConfig
- func (s *ControlPlaneSecretConfig) Generate() (DataInterface, error)
- func (s *ControlPlaneSecretConfig) GenerateControlPlane() (*ControlPlane, error)
- func (s *ControlPlaneSecretConfig) GenerateFromInfoData(infoData infodata.InfoData) (DataInterface, error)
- func (s *ControlPlaneSecretConfig) GenerateInfoData() (infodata.InfoData, error)
- func (s *ControlPlaneSecretConfig) GetName() string
- func (s *ControlPlaneSecretConfig) LoadFromSecretData(secretData map[string][]byte) (infodata.InfoData, error)
- type DataInterface
- type Interface
- type KubeConfigRequest
- type Kubeconfig
- type KubeconfigSecretConfig
- func (s *KubeconfigSecretConfig) Generate() (DataInterface, error)
- func (s *KubeconfigSecretConfig) GenerateFromInfoData(_ infodata.InfoData) (DataInterface, error)
- func (s *KubeconfigSecretConfig) GenerateInfoData() (infodata.InfoData, error)
- func (s *KubeconfigSecretConfig) GetName() string
- func (s *KubeconfigSecretConfig) LoadFromSecretData(_ map[string][]byte) (infodata.InfoData, error)
- type PrivateKeyInfoData
- type PrivateKeyJSONData
- type RSAKeys
- type RSASecretConfig
- func (s *RSASecretConfig) Generate() (DataInterface, error)
- func (s *RSASecretConfig) GenerateFromInfoData(infoData infodata.InfoData) (DataInterface, error)
- func (s *RSASecretConfig) GenerateInfoData() (infodata.InfoData, error)
- func (s *RSASecretConfig) GenerateRSAKeys() (*RSAKeys, error)
- func (s *RSASecretConfig) GetName() string
- func (s *RSASecretConfig) LoadFromSecretData(secretData map[string][]byte) (infodata.InfoData, error)
- type Secrets
- type StaticToken
- type StaticTokenInfoData
- type StaticTokenJSONData
- type StaticTokenSecretConfig
- func (s *StaticTokenSecretConfig) Generate() (DataInterface, error)
- func (s *StaticTokenSecretConfig) GenerateFromInfoData(infoData infodata.InfoData) (DataInterface, error)
- func (s *StaticTokenSecretConfig) GenerateInfoData() (infodata.InfoData, error)
- func (s *StaticTokenSecretConfig) GenerateStaticToken() (*StaticToken, error)
- func (s *StaticTokenSecretConfig) GetName() string
- func (s *StaticTokenSecretConfig) LoadFromSecretData(secretData map[string][]byte) (infodata.InfoData, error)
- type Token
- type TokenConfig
- type VPNTLSAuth
- type VPNTLSAuthConfig
- func (s *VPNTLSAuthConfig) Generate() (DataInterface, error)
- func (s *VPNTLSAuthConfig) GenerateFromInfoData(infoData infodata.InfoData) (DataInterface, error)
- func (s *VPNTLSAuthConfig) GenerateInfoData() (infodata.InfoData, error)
- func (s *VPNTLSAuthConfig) GetName() string
- func (s *VPNTLSAuthConfig) LoadFromSecretData(secretData map[string][]byte) (infodata.InfoData, error)
Constants ¶
const ( // BasicAuthFormatNormal indicates that the data map should be rendered the normal way (dedicated keys for // username and password. BasicAuthFormatNormal formatType = "normal" // BasicAuthFormatCSV indicates that the data map should be rendered in the CSV-format. BasicAuthFormatCSV formatType = "csv" // DataKeyCSV is the key in a secret data holding the CSV format of a secret. DataKeyCSV = "basic_auth.csv" // DataKeyUserName is the key in a secret data holding the username. DataKeyUserName = "username" // DataKeyPassword is the key in a secret data holding the password. DataKeyPassword = "password" )
const ( // CACert indicates that the certificate should be a certificate authority. CACert CertType = "ca" // ServerCert indicates that the certificate should have the ExtKeyUsageServerAuth usage. ServerCert CertType = "server" // ClientCert indicates that the certificate should have the ExtKeyUsageClientAuth usage. ClientCert CertType = "client" // ServerClientCert indicates that the certificate should have both the ExtKeyUsageServerAuth and ExtKeyUsageClientAuth usage. ServerClientCert CertType = "both" // DataKeyCertificate is the key in a secret data holding the certificate. DataKeyCertificate = "tls.crt" // DataKeyPrivateKey is the key in a secret data holding the private key. DataKeyPrivateKey = "tls.key" // DataKeyCertificateCA is the key in a secret data holding the CA certificate. DataKeyCertificateCA = "ca.crt" // DataKeyPrivateKeyCA is the key in a secret data holding the CA private key. DataKeyPrivateKeyCA = "ca.key" )
const ( // PKCS1 certificate format PKCS1 = iota // PKCS8 certificate format PKCS8 )
const ( // DataKeyRSAPrivateKey is the key in a secret data holding the RSA private key. DataKeyRSAPrivateKey = "id_rsa" // DataKeySSHAuthorizedKeys is the key in a secret data holding the OpenSSH authorized keys. DataKeySSHAuthorizedKeys = "id_rsa.pub" )
const ( // DataKeyStaticTokenCSV is the key in a secret data holding the CSV format of a secret. DataKeyStaticTokenCSV = "static_tokens.csv" // DataKeyToken is the key in a secret data holding the token. DataKeyToken = "token" )
const BasicAuthDataType = infodata.TypeVersion("basicAuth")
BasicAuthDataType is the type used to denote an BasicAuthJSONData structure in the ShootState
const CertificateDataType = infodata.TypeVersion("certificate")
CertificateDataType is the type used to denote an CertificateJSONData structure in the ShootState
const DataKeyCertificateBundle = "bundle.crt"
DataKeyCertificateBundle is the key in the data map for the certificate bundle.
const DataKeyKubeconfig = "kubeconfig"
DataKeyKubeconfig is the key in a secret data holding the kubeconfig.
const DataKeyVPNTLSAuth = "vpn.tlsauth"
DataKeyVPNTLSAuth is the key in a secret data holding the vpn tlsauth key.
const PrivateKeyDataType = infodata.TypeVersion("privateKey")
PrivateKeyDataType is the type used to denote an PrivateKeyJSONData structure in the ShootState
const StaticTokenDataType = infodata.TypeVersion("staticToken")
StaticTokenDataType is the type used to denote an StaticTokenJSONData structure in the ShootState
const TemporaryDirectoryForSelfGeneratedTLSCertificatesPattern = "self-generated-server-certificates-"
TemporaryDirectoryForSelfGeneratedTLSCertificatesPattern is a constant for the pattern used when creating a temporary directory for self-generated certificates.
Variables ¶
var ( // GenerateRandomString is an alias for utils.GenerateRandomString. Exposed for testing. GenerateRandomString = utils.GenerateRandomString // FakeGenerateRandomString is a fake for GenerateRandomString. FakeGenerateRandomString = func(n int) (string, error) { return strings.Repeat("_", n), nil } // GenerateKey is an alias for rsa.GenerateKey. Exposed for testing. GenerateKey = rsa.GenerateKey // FakeGenerateKey is a fake for GenerateKey. FakeGenerateKey = func(_ io.Reader, _ int) (*rsa.PrivateKey, error) { return utils.DecodePrivateKey([]byte(`-----BEGIN RSA PRIVATE KEY----- MIIEogIBAAKCAQEAyV6ZuR4gSzCF/zO06xEv6RGmDUnXOHAZVck4pVhY/Id8j2zj rVlBZp1klARK/Mt1BPOmRKQtg753UCewYjpRdThyzsicKz4Flg4m72p57bWs/wi+ j2N5Rc0eF98Ry//FY6Gbs5VJViz7WSfEoXaSFEYIkv+CKKAQ9J0kkiYztiyz+p/u SD7sIOAVksj4M5/D+4GVtqJV+4aSdUotoueehJ1fwmc/ZTsczMXAnLcV6BP9N0GX 5bUBW+s/HSMLndEy+GSye1KdgLZilzAodmtetQdLYCOXZsivfdCeF8lsLjLV/ouA M+FwwM5QbU1i+iYRqVk8Apyzs9WMvuAp8mq5UQIDAQABAoH/O8fZ2xsWezvsi9bN 3vs7PfX/VfKV8itVWiJirrOLt2yBjhLFhLD6uXwAX/DmUiYUl2O9+KLE4FerFCC0 PHUTubkIXFsyAaRoBCQvauQxTmCg+xWdfPQLDK3YQT34CpfkAa/4iVfIbczs0Yr8 1PJea6Ze5UT1Xxol7ni4Yqr0ryAPbJBn+18OifcSxh2H+d7+AEFo/Vg2LVFTiuhW kpg2xvkmSFjOcIWGUYOlwwnaOjlhiAmCntCAXbz2Ly44rfJlBLzfAAB5CqGzDs2B Z0YGZoFPQurxkzNGh2d9sV0aHcyf4ZwSbvcsd4gvBhpSp2/Q/mvfdl4av5cKnsli WJWxAoGBAOqdWcE42I/botGEIfqxssHKyxqQld8RiXjAypPlhx8uRH949sToevZs BVCgLId8mPJxuTSvbgbdHyZ14dzc+cIcDSNnW8anUTW98lmwTWIJN/awOTSlgpV2 4wBdVCLxlutsE6fEQTIJRkQ+XeVV0n8hOiz4GJQWLV1pp1rzYy73AoGBANu5fKR7 8FXWAfC5zmJAkisK02l7FeRQoHUfgACLE74Vt3BEZhLJHpYTJZrYi9r/buMsi52g +Rgz4pItgy85ibe21+5G6yQtQP68mjnecMEjSZIa8G6RoY13Ki4+UOysGWul48rR Lwq75Cv+0AHUS0A9NxYrY+X2Q9cLsg6Mm5/3AoGBAOe38WX9lya+btkv/79ysnLk sCTUmLFwyK4S/AGGuSX6tHySJGfmlUu89KLlEBXg4c7Ss3FtsuXkj1eVJjbVqXgl 7HQDKYnSx0qlCC+9CTDCmhtzgYyVy5uDiEBb7TV2FvD+FYulMh8ROe09C8/uK7CU SLkRcHUSUkvohfo2WMeRAoGAa0hK2okFVPPUKLSgV4rNk6SKiyMlEkBnyCgkOJ+v eQ1jbraG3D9E5uPcZZm716cGfndeiA1z8mRLCTKdre47Fu94yQfpgdVyua5e40h/ 512Sa3spz+LdbZQ0jTWyD40MMGpkKcAvZt9MzkpxR6NfRrNc9T8kXMD8aMB2JPJ0 fgsCgYEAzBjM5L4kKcyF5mC1v6NyEaQB8Cve3gfFatLfFrjNwHbvdY5PEa/x0NqS 4qJs/0Ieluo9jRo5pPd0O1u9hDVeSh2sSs9fzOtjHzbnZ7o8pTY3dzMBhO7fxPBU i/WyG5dokMowEJSvpCBwHbAYMLlNK7oMUpXlqcRoYo24U6Mwj68= -----END RSA PRIVATE KEY-----`)) } )
Functions ¶
func CertificateIsExpired ¶ added in v1.34.0
func CertificateIsExpired(clock clock.Clock, cert []byte, renewalWindow time.Duration) (bool, error)
CertificateIsExpired returns `true` if the given certificate is expired. The given `renewalWindow` lets the certificate expire earlier.
func ControlPlaneSecretDataKeyCertificatePEM ¶ added in v1.10.0
ControlPlaneSecretDataKeyCertificatePEM returns the data key inside a Secret of type ControlPlane whose value contains the certificate PEM.
func ControlPlaneSecretDataKeyPrivateKey ¶ added in v1.10.0
ControlPlaneSecretDataKeyPrivateKey returns the data key inside a Secret of type ControlPlane whose value contains the private key PEM.
func GenerateCertificateAuthorities ¶
func GenerateCertificateAuthorities(ctx context.Context, c client.Client, existingSecretsMap map[string]*corev1.Secret, wantedCertificateAuthorities map[string]*CertificateSecretConfig, namespace string) (map[string]*corev1.Secret, map[string]*Certificate, error)
GenerateCertificateAuthorities get a map of wanted certificates and check If they exist in the existingSecretsMap based on the keys in the map. If they exist it get only the certificate from the corresponding existing secret and makes a certificate DataInterface from the existing secret. If there is no existing secret contaning the wanted certificate, we make one certificate and with it we deploy in K8s cluster a secret with that certificate and then return the newly existing secret. The function returns a map of secrets contaning the wanted CA, a map with the wanted CA certificate and an error.
func GenerateClusterSecrets ¶
func GenerateClusterSecrets(ctx context.Context, c client.Client, existingSecretsMap map[string]*corev1.Secret, wantedSecretsList []ConfigInterface, namespace string) (map[string]*corev1.Secret, error)
GenerateClusterSecrets try to deploy in the k8s cluster each secret in the wantedSecretsList. If the secret already exist it jumps to the next one. The function returns a map with all of the successfully deployed wanted secrets plus those already deployed (only from the wantedSecretsList).
func GenerateClusterSecretsWithFunc ¶ added in v1.7.0
func GenerateClusterSecretsWithFunc(ctx context.Context, k8sClusterClient client.Client, existingSecretsMap map[string]*corev1.Secret, wantedSecretsList []ConfigInterface, namespace string, SecretsGeneratorFunc func(s ConfigInterface) (DataInterface, error)) (map[string]*corev1.Secret, error)
GenerateClusterSecretsWithFunc will try to deploy in the k8s cluster each secret in the wantedSecretsList. If the secret already exist it jumps to the next one. The function will used the SecretsGeneratorFunc to create the secret DataInterface from the wantedSecret configs.
func GenerateKubeconfig ¶ added in v1.36.0
func GenerateKubeconfig(secret *ControlPlaneSecretConfig, certificate *Certificate) ([]byte, error)
GenerateKubeconfig generates a Kubernetes Kubeconfig for communicating with the kube-apiserver by using a client certificate. If <basicAuthUser> and <basicAuthPass> are non-empty string, a second user object containing the Basic Authentication credentials is added to the Kubeconfig.
func NewBasicAuthInfoData ¶ added in v1.7.0
NewBasicAuthInfoData creates a new BasicAuthInfoData struct with the given password.
func SelfGenerateTLSServerCertificate ¶ added in v1.5.0
func SelfGenerateTLSServerCertificate(name string, dnsNames []string, ips []net.IP) (cert *Certificate, ca *Certificate, dir string, rErr error)
SelfGenerateTLSServerCertificate generates a new CA certificate and signs a server certificate with it. It'll store the generated CA + server certificate bytes into a temporary directory with the default filenames, e.g. `DataKeyCertificateCA`. The function will return the *Certificate object as well as the path of the temporary directory where the certificates are stored.
func UnmarshalBasicAuth ¶ added in v1.7.0
UnmarshalBasicAuth unmarshals an BasicAuthJSONData into a BasicAuthInfoData struct.
func UnmarshalCert ¶ added in v1.7.0
UnmarshalCert unmarshals an CertificateJSONData into a CertificateInfoData.
func UnmarshalPrivateKey ¶ added in v1.7.0
UnmarshalPrivateKey unmarshals an PrivateKeyJSONData into an PrivateKeyInfoData.
Types ¶
type BasicAuth ¶
BasicAuth contains the username, the password, optionally hash of the password and the format for serializing the basic authentication
func LoadBasicAuthFromCSV ¶
LoadBasicAuthFromCSV loads the basic auth username and the password from the given CSV-formatted <data>.
func (*BasicAuth) SecretData ¶
SecretData computes the data map which can be used in a Kubernetes secret.
type BasicAuthInfoData ¶ added in v1.7.0
type BasicAuthInfoData struct {
Password string
}
BasicAuthInfoData holds the password used for basic authentication.
func (*BasicAuthInfoData) Marshal ¶ added in v1.7.0
func (b *BasicAuthInfoData) Marshal() ([]byte, error)
Marshal implements InfoData
func (*BasicAuthInfoData) TypeVersion ¶ added in v1.7.0
func (b *BasicAuthInfoData) TypeVersion() infodata.TypeVersion
TypeVersion implements InfoData
type BasicAuthJSONData ¶ added in v1.7.0
type BasicAuthJSONData struct {
Password string `json:"password"`
}
BasicAuthJSONData is the json representation of BasicAuthInfoData used to store BasicAuth metadata in the ShootState
type BasicAuthSecretConfig ¶
type BasicAuthSecretConfig struct { Name string Format formatType Username string PasswordLength int }
BasicAuthSecretConfig contains the specification for a to-be-generated basic authentication secret.
func (*BasicAuthSecretConfig) Generate ¶
func (s *BasicAuthSecretConfig) Generate() (DataInterface, error)
Generate implements ConfigInterface.
func (*BasicAuthSecretConfig) GenerateBasicAuth ¶
func (s *BasicAuthSecretConfig) GenerateBasicAuth() (*BasicAuth, error)
GenerateBasicAuth computes a username,password and the hash of the password keypair. It uses "admin" as username and generates a random password of length 32.
func (*BasicAuthSecretConfig) GenerateFromInfoData ¶ added in v1.7.0
func (s *BasicAuthSecretConfig) GenerateFromInfoData(infoData infodata.InfoData) (DataInterface, error)
GenerateFromInfoData implements ConfigInteface
func (*BasicAuthSecretConfig) GenerateInfoData ¶ added in v1.7.0
func (s *BasicAuthSecretConfig) GenerateInfoData() (infodata.InfoData, error)
GenerateInfoData implements ConfigInterface.
func (*BasicAuthSecretConfig) GetName ¶
func (s *BasicAuthSecretConfig) GetName() string
GetName returns the name of the secret.
func (*BasicAuthSecretConfig) LoadFromSecretData ¶ added in v1.7.0
func (s *BasicAuthSecretConfig) LoadFromSecretData(secretData map[string][]byte) (infodata.InfoData, error)
LoadFromSecretData implements infodata.Loader
type CertType ¶ added in v1.32.0
type CertType string
CertType is a string alias for certificate types.
type Certificate ¶
type Certificate struct { Name string CA *Certificate SkipPublishingCACertificate bool PrivateKey *rsa.PrivateKey PrivateKeyPEM []byte Certificate *x509.Certificate CertificatePEM []byte }
Certificate contains the private key, and the certificate. It does also contain the CA certificate in case it is no CA. Otherwise, the <CA> field is nil.
func LoadCAFromSecret ¶
func LoadCAFromSecret(ctx context.Context, k8sClient client.Client, namespace, name string) (*corev1.Secret, *Certificate, error)
LoadCAFromSecret loads a CA certificate from an existing Kubernetes secret object. It returns the secret, the Certificate and an error.
func LoadCertificate ¶
func LoadCertificate(name string, privateKeyPEM, certificatePEM []byte) (*Certificate, error)
LoadCertificate takes a byte slice representation of a certificate and the corresponding private key, and returns its de-serialized private key, certificate template and PEM certificate which can be used to sign other x509 certificates.
func (*Certificate) SecretData ¶
func (c *Certificate) SecretData() map[string][]byte
SecretData computes the data map which can be used in a Kubernetes secret.
type CertificateBundle ¶ added in v1.43.0
CertificateBundle contains the name and the generated certificate bundle.
func (*CertificateBundle) SecretData ¶ added in v1.43.0
func (v *CertificateBundle) SecretData() map[string][]byte
SecretData computes the data map which can be used in a Kubernetes secret.
type CertificateBundleSecretConfig ¶ added in v1.43.0
CertificateBundleSecretConfig is configuration for certificate bundles.
func (*CertificateBundleSecretConfig) Generate ¶ added in v1.43.0
func (s *CertificateBundleSecretConfig) Generate() (DataInterface, error)
Generate implements ConfigInterface.
func (*CertificateBundleSecretConfig) GenerateFromInfoData ¶ added in v1.43.0
func (s *CertificateBundleSecretConfig) GenerateFromInfoData(_ infodata.InfoData) (DataInterface, error)
GenerateFromInfoData implements ConfigInterface.
func (*CertificateBundleSecretConfig) GenerateInfoData ¶ added in v1.43.0
func (s *CertificateBundleSecretConfig) GenerateInfoData() (infodata.InfoData, error)
GenerateInfoData implements ConfigInterface.
func (*CertificateBundleSecretConfig) GetName ¶ added in v1.43.0
func (s *CertificateBundleSecretConfig) GetName() string
GetName returns the name of the secret.
func (*CertificateBundleSecretConfig) LoadFromSecretData ¶ added in v1.43.0
func (s *CertificateBundleSecretConfig) LoadFromSecretData(_ map[string][]byte) (infodata.InfoData, error)
LoadFromSecretData implements infodata.Loader.
type CertificateInfoData ¶ added in v1.7.0
CertificateInfoData holds a certificate's private key data and certificate data.
func NewCertificateInfoData ¶ added in v1.7.0
func NewCertificateInfoData(privateKey, certificate []byte) *CertificateInfoData
NewCertificateInfoData creates a new CertificateInfoData struct
func (*CertificateInfoData) Marshal ¶ added in v1.7.0
func (c *CertificateInfoData) Marshal() ([]byte, error)
Marshal implements InfoData
func (*CertificateInfoData) TypeVersion ¶ added in v1.7.0
func (c *CertificateInfoData) TypeVersion() infodata.TypeVersion
TypeVersion implements InfoData
type CertificateJSONData ¶ added in v1.7.0
type CertificateJSONData struct { PrivateKey []byte `json:"privateKey"` Certificate []byte `json:"certificate"` }
CertificateJSONData is the json representation of CertificateInfoData used to store Certificate metadata in the ShootState
type CertificateSecretConfig ¶
type CertificateSecretConfig struct { Name string CommonName string Organization []string DNSNames []string IPAddresses []net.IP CertType CertType SigningCA *Certificate PKCS int Validity *time.Duration SkipPublishingCACertificate bool Clock clock.Clock }
CertificateSecretConfig contains the specification a to-be-generated CA, server, or client certificate. It always contains a 2048-bit RSA private key.
func (*CertificateSecretConfig) Generate ¶
func (s *CertificateSecretConfig) Generate() (DataInterface, error)
Generate implements ConfigInterface.
func (*CertificateSecretConfig) GenerateCertificate ¶
func (s *CertificateSecretConfig) GenerateCertificate() (*Certificate, error)
GenerateCertificate computes a CA, server, or client certificate based on the configuration.
func (*CertificateSecretConfig) GenerateFromInfoData ¶ added in v1.7.0
func (s *CertificateSecretConfig) GenerateFromInfoData(infoData infodata.InfoData) (DataInterface, error)
GenerateFromInfoData implements ConfigInterface
func (*CertificateSecretConfig) GenerateInfoData ¶ added in v1.7.0
func (s *CertificateSecretConfig) GenerateInfoData() (infodata.InfoData, error)
GenerateInfoData implements ConfigInterface
func (*CertificateSecretConfig) GetName ¶
func (s *CertificateSecretConfig) GetName() string
GetName returns the name of the secret.
func (*CertificateSecretConfig) LoadFromSecretData ¶ added in v1.7.0
func (s *CertificateSecretConfig) LoadFromSecretData(secretData map[string][]byte) (infodata.InfoData, error)
LoadFromSecretData implements infodata.Loader
type ConfigInterface ¶
type ConfigInterface interface { // GetName returns the name of the configuration. GetName() string // Generate generates a secret interface Generate() (DataInterface, error) // GenerateInfoData generates only the InfoData (metadata) which can later be used to generate a secret. GenerateInfoData() (infodata.InfoData, error) // GenerateFromInfoData combines the configuration and the provided InfoData (metadata) and generates a secret. GenerateFromInfoData(infoData infodata.InfoData) (DataInterface, error) }
ConfigInterface define functions needed for generating a specific secret.
type ControlPlane ¶
type ControlPlane struct { Name string Certificate *Certificate BasicAuth *BasicAuth Token *Token Kubeconfig []byte }
ControlPlane contains the certificate, and optionally the basic auth. information as well as a Kubeconfig.
func (*ControlPlane) SecretData ¶
func (c *ControlPlane) SecretData() map[string][]byte
SecretData computes the data map which can be used in a Kubernetes secret.
type ControlPlaneSecretConfig ¶
type ControlPlaneSecretConfig struct { Name string CertificateSecretConfig *CertificateSecretConfig BasicAuth *BasicAuth Token *Token KubeConfigRequests []KubeConfigRequest }
ControlPlaneSecretConfig is a struct which inherits from CertificateSecretConfig and is extended with a couple of additional properties. A control plane secret will always contain a server/client certificate and optionally a kubeconfig.
func (*ControlPlaneSecretConfig) Generate ¶
func (s *ControlPlaneSecretConfig) Generate() (DataInterface, error)
Generate implements ConfigInterface.
func (*ControlPlaneSecretConfig) GenerateControlPlane ¶
func (s *ControlPlaneSecretConfig) GenerateControlPlane() (*ControlPlane, error)
GenerateControlPlane computes a secret for a control plane component of the clusters managed by Gardener. It may include a Kubeconfig.
func (*ControlPlaneSecretConfig) GenerateFromInfoData ¶ added in v1.7.0
func (s *ControlPlaneSecretConfig) GenerateFromInfoData(infoData infodata.InfoData) (DataInterface, error)
GenerateFromInfoData implements ConfigInterface
func (*ControlPlaneSecretConfig) GenerateInfoData ¶ added in v1.7.0
func (s *ControlPlaneSecretConfig) GenerateInfoData() (infodata.InfoData, error)
GenerateInfoData implements ConfigInterface
func (*ControlPlaneSecretConfig) GetName ¶
func (s *ControlPlaneSecretConfig) GetName() string
GetName returns the name of the secret.
func (*ControlPlaneSecretConfig) LoadFromSecretData ¶ added in v1.7.0
func (s *ControlPlaneSecretConfig) LoadFromSecretData(secretData map[string][]byte) (infodata.InfoData, error)
LoadFromSecretData implements infodata.Loader
type DataInterface ¶ added in v1.8.0
type DataInterface interface { // SecretData computes the data map which can be used in a Kubernetes secret. SecretData() map[string][]byte }
DataInterface defines functions needed for defining the data map of a Kubernetes secret.
type Interface ¶
type Interface interface { // Deploy generates and deploys the secrets into the given namespace, taking into account existing secrets. Deploy(context.Context, kubernetes.Interface, gardenerkubernetes.Interface, string) (map[string]*corev1.Secret, error) // Delete deletes the secrets from the given namespace. Delete(context.Context, kubernetes.Interface, string) error }
Interface represents a set of secrets that can be deployed and deleted.
type KubeConfigRequest ¶
KubeConfigRequest is a struct which holds information about a Kubeconfig to be generated.
type Kubeconfig ¶ added in v1.43.0
type Kubeconfig struct { Name string Kubeconfig *clientcmdv1.Config // contains filtered or unexported fields }
Kubeconfig contains the name and the generated kubeconfig.
func (*Kubeconfig) SecretData ¶ added in v1.43.0
func (v *Kubeconfig) SecretData() map[string][]byte
SecretData computes the data map which can be used in a Kubernetes secret.
type KubeconfigSecretConfig ¶ added in v1.43.0
type KubeconfigSecretConfig struct { Name string ContextName string Cluster clientcmdv1.Cluster AuthInfo clientcmdv1.AuthInfo }
KubeconfigSecretConfig is configuration for kubeconfig secrets.
func (*KubeconfigSecretConfig) Generate ¶ added in v1.43.0
func (s *KubeconfigSecretConfig) Generate() (DataInterface, error)
Generate implements ConfigInterface.
func (*KubeconfigSecretConfig) GenerateFromInfoData ¶ added in v1.43.0
func (s *KubeconfigSecretConfig) GenerateFromInfoData(_ infodata.InfoData) (DataInterface, error)
GenerateFromInfoData implements ConfigInterface.
func (*KubeconfigSecretConfig) GenerateInfoData ¶ added in v1.43.0
func (s *KubeconfigSecretConfig) GenerateInfoData() (infodata.InfoData, error)
GenerateInfoData implements ConfigInterface.
func (*KubeconfigSecretConfig) GetName ¶ added in v1.43.0
func (s *KubeconfigSecretConfig) GetName() string
GetName returns the name of the secret.
func (*KubeconfigSecretConfig) LoadFromSecretData ¶ added in v1.43.0
LoadFromSecretData implements infodata.Loader.
type PrivateKeyInfoData ¶ added in v1.7.0
type PrivateKeyInfoData struct {
PrivateKey []byte
}
PrivateKeyInfoData holds the data of a private key.
func NewPrivateKeyInfoData ¶ added in v1.7.0
func NewPrivateKeyInfoData(privateKey []byte) *PrivateKeyInfoData
NewPrivateKeyInfoData creates a new PrivateKeyInfoData struct
func (*PrivateKeyInfoData) Marshal ¶ added in v1.7.0
func (r *PrivateKeyInfoData) Marshal() ([]byte, error)
Marshal implements InfoData
func (*PrivateKeyInfoData) TypeVersion ¶ added in v1.7.0
func (r *PrivateKeyInfoData) TypeVersion() infodata.TypeVersion
TypeVersion implements InfoData
type PrivateKeyJSONData ¶ added in v1.7.0
type PrivateKeyJSONData struct {
PrivateKey []byte `json:"privateKey"`
}
PrivateKeyJSONData is the json representation of PrivateKeyInfoData used to store private key in the ShootState
type RSAKeys ¶
type RSAKeys struct { Name string PrivateKey *rsa.PrivateKey PublicKey *rsa.PublicKey OpenSSHAuthorizedKey []byte }
RSAKeys contains the private key, the public key, and optionally the OpenSSH-formatted authorized keys file data.
func (*RSAKeys) SecretData ¶
SecretData computes the data map which can be used in a Kubernetes secret.
type RSASecretConfig ¶
RSASecretConfig containing information about the number of bits which should be used for the to-be-created RSA private key.
func (*RSASecretConfig) Generate ¶
func (s *RSASecretConfig) Generate() (DataInterface, error)
Generate implements ConfigInterface.
func (*RSASecretConfig) GenerateFromInfoData ¶ added in v1.7.0
func (s *RSASecretConfig) GenerateFromInfoData(infoData infodata.InfoData) (DataInterface, error)
GenerateFromInfoData implements ConfigInterface
func (*RSASecretConfig) GenerateInfoData ¶ added in v1.7.0
func (s *RSASecretConfig) GenerateInfoData() (infodata.InfoData, error)
GenerateInfoData implements ConfigInterface.
func (*RSASecretConfig) GenerateRSAKeys ¶
func (s *RSASecretConfig) GenerateRSAKeys() (*RSAKeys, error)
GenerateRSAKeys computes a RSA private key based on the configured number of bits.
func (*RSASecretConfig) GetName ¶
func (s *RSASecretConfig) GetName() string
GetName returns the name of the secret.
func (*RSASecretConfig) LoadFromSecretData ¶ added in v1.7.0
func (s *RSASecretConfig) LoadFromSecretData(secretData map[string][]byte) (infodata.InfoData, error)
LoadFromSecretData implements infodata.Loader
type Secrets ¶
type Secrets struct { CertificateSecretConfigs map[string]*CertificateSecretConfig SecretConfigsFunc func(map[string]*Certificate, string) []ConfigInterface }
Secrets represents a set of secrets that can be deployed and deleted.
type StaticToken ¶
StaticToken contains the username, the password, optionally hash of the password and the format for serializing the static token
func LoadStaticTokenFromCSV ¶
func LoadStaticTokenFromCSV(name string, data []byte) (*StaticToken, error)
LoadStaticTokenFromCSV loads the static token data from the given CSV-formatted <data>.
func (*StaticToken) GetTokenForUsername ¶
func (b *StaticToken) GetTokenForUsername(username string) (*Token, error)
GetTokenForUsername returns the token for the given username.
func (*StaticToken) SecretData ¶
func (b *StaticToken) SecretData() map[string][]byte
SecretData computes the data map which can be used in a Kubernetes secret.
type StaticTokenInfoData ¶ added in v1.7.0
StaticTokenInfoData holds an array of TokenInfoData.
func NewStaticTokenInfoData ¶ added in v1.7.0
func NewStaticTokenInfoData(tokens map[string]string) *StaticTokenInfoData
NewStaticTokenInfoData creates a new StaticTokenInfoData with the provided tokens.
func (*StaticTokenInfoData) Append ¶ added in v1.7.0
func (s *StaticTokenInfoData) Append(staticTokenInfoData *StaticTokenInfoData)
Append appends the tokens from the provided StaticTokenInfoData to this StaticTokenInfoData.
func (*StaticTokenInfoData) Marshal ¶ added in v1.7.0
func (s *StaticTokenInfoData) Marshal() ([]byte, error)
Marshal implements InfoData
func (*StaticTokenInfoData) RemoveTokens ¶ added in v1.7.0
func (s *StaticTokenInfoData) RemoveTokens(usernames ...string)
RemoveTokens removes tokens with the provided usernames from this StaticTokenInfoData.
func (*StaticTokenInfoData) TypeVersion ¶ added in v1.7.0
func (s *StaticTokenInfoData) TypeVersion() infodata.TypeVersion
TypeVersion implements InfoData.
type StaticTokenJSONData ¶ added in v1.7.0
StaticTokenJSONData is the json representation of a StaticTokenInfoData
type StaticTokenSecretConfig ¶
type StaticTokenSecretConfig struct { Name string Tokens map[string]TokenConfig }
StaticTokenSecretConfig contains the specification a to-be-generated static token secret.
func (*StaticTokenSecretConfig) Generate ¶
func (s *StaticTokenSecretConfig) Generate() (DataInterface, error)
Generate implements ConfigInterface.
func (*StaticTokenSecretConfig) GenerateFromInfoData ¶ added in v1.7.0
func (s *StaticTokenSecretConfig) GenerateFromInfoData(infoData infodata.InfoData) (DataInterface, error)
GenerateFromInfoData implements ConfigInterface.
func (*StaticTokenSecretConfig) GenerateInfoData ¶ added in v1.7.0
func (s *StaticTokenSecretConfig) GenerateInfoData() (infodata.InfoData, error)
GenerateInfoData implements ConfigInterface.
func (*StaticTokenSecretConfig) GenerateStaticToken ¶
func (s *StaticTokenSecretConfig) GenerateStaticToken() (*StaticToken, error)
GenerateStaticToken computes a random token of length 128.
func (*StaticTokenSecretConfig) GetName ¶
func (s *StaticTokenSecretConfig) GetName() string
GetName returns the name of the secret.
func (*StaticTokenSecretConfig) LoadFromSecretData ¶ added in v1.7.0
func (s *StaticTokenSecretConfig) LoadFromSecretData(secretData map[string][]byte) (infodata.InfoData, error)
LoadFromSecretData implements infodata.Loader.
type TokenConfig ¶
TokenConfig contains configuration for a token.
type VPNTLSAuth ¶ added in v1.7.0
VPNTLSAuth contains the name and the generated vpn tls authentication key.
func (*VPNTLSAuth) SecretData ¶ added in v1.7.0
func (v *VPNTLSAuth) SecretData() map[string][]byte
SecretData computes the data map which can be used in a Kubernetes secret.
type VPNTLSAuthConfig ¶ added in v1.7.0
VPNTLSAuthConfig contains the specification for a to-be-generated vpn tls authentication secret. The key will be generated by the provided VPNTLSAuthKeyGenerator. By default the openvpn command is used to generate the key if no generator function is specified.
func (*VPNTLSAuthConfig) Generate ¶ added in v1.7.0
func (s *VPNTLSAuthConfig) Generate() (DataInterface, error)
Generate implements ConfigInterface.
func (*VPNTLSAuthConfig) GenerateFromInfoData ¶ added in v1.7.0
func (s *VPNTLSAuthConfig) GenerateFromInfoData(infoData infodata.InfoData) (DataInterface, error)
GenerateFromInfoData implements ConfigInteface
func (*VPNTLSAuthConfig) GenerateInfoData ¶ added in v1.7.0
func (s *VPNTLSAuthConfig) GenerateInfoData() (infodata.InfoData, error)
GenerateInfoData implements ConfigInterface.
func (*VPNTLSAuthConfig) GetName ¶ added in v1.7.0
func (s *VPNTLSAuthConfig) GetName() string
GetName returns the name of the secret.
func (*VPNTLSAuthConfig) LoadFromSecretData ¶ added in v1.7.0
func (s *VPNTLSAuthConfig) LoadFromSecretData(secretData map[string][]byte) (infodata.InfoData, error)
LoadFromSecretData implements infodata.Loader