Documentation ¶
Index ¶
- Constants
- func EncodeCertPEM(cert *x509.Certificate) []byte
- func GeneratePrivateKey(keyType x509.PublicKeyAlgorithm) (crypto.Signer, error)
- func NewSignedCert(cc *CertConfig, key crypto.Signer, caCert *x509.Certificate, ...) (*x509.Certificate, error)
- func ParsePrivateKeyPEM(keyData []byte) (crypto.Signer, error)
- func RemoveDuplicateAltNames(altNames *certutil.AltNames)
- func SplitToPairName(name string) string
- type AltNamesMutatorConfig
- type CertConfig
- func GetDefaultCertList(karmada *operatorv1alpha1.Karmada) []*CertConfig
- func KarmadaCertAdmin() *CertConfig
- func KarmadaCertApiserver() *CertConfig
- func KarmadaCertClient() *CertConfig
- func KarmadaCertEtcdCA() *CertConfig
- func KarmadaCertEtcdClient() *CertConfig
- func KarmadaCertEtcdServer() *CertConfig
- func KarmadaCertFrontProxyCA() *CertConfig
- func KarmadaCertFrontProxyClient() *CertConfig
- func KarmadaCertRootCA() *CertConfig
- type CertStore
- type KarmadaCert
- type KarmadaCertStore
Constants ¶
const (
// CertificateBlockType is a possible value for pem.Block.Type.
CertificateBlockType = "CERTIFICATE"
)
Variables ¶
This section is empty.
Functions ¶
func EncodeCertPEM ¶
func EncodeCertPEM(cert *x509.Certificate) []byte
EncodeCertPEM returns PEM-encoded certificate data
func GeneratePrivateKey ¶
func GeneratePrivateKey(keyType x509.PublicKeyAlgorithm) (crypto.Signer, error)
GeneratePrivateKey generates a certificate key. It supports both ECDSA (using the P-256 elliptic curve) and RSA algorithms. For RSA, the key is generated with a size of 3072 bits. If the keyType is x509.UnknownPublicKeyAlgorithm, the function defaults to generating an RSA key.
func NewSignedCert ¶
func NewSignedCert(cc *CertConfig, key crypto.Signer, caCert *x509.Certificate, caKey crypto.Signer, isCA bool) (*x509.Certificate, error)
NewSignedCert creates a signed certificate using the given CA certificate and key
func ParsePrivateKeyPEM ¶
ParsePrivateKeyPEM parses crypto.Signer from byte array. the key must be encryption by ECDSA and RAS.
func RemoveDuplicateAltNames ¶
RemoveDuplicateAltNames removes duplicate items in altNames.
func SplitToPairName ¶
SplitToPairName is default function to split cert pair name from a secret data key. It only works in this format: karmada.crt, karmada.key.
Types ¶
type AltNamesMutatorConfig ¶
type AltNamesMutatorConfig struct { Name string Namespace string ControlplaneAddress string Components *operatorv1alpha1.KarmadaComponents }
AltNamesMutatorConfig is a config to AltNamesMutator. It includes necessary configs to AltNamesMutator.
type CertConfig ¶
type CertConfig struct { Name string CAName string NotAfter *time.Time PublicKeyAlgorithm x509.PublicKeyAlgorithm // TODO: All public key of karmada cert use the RSA algorithm by default Config certutil.Config AltNamesMutatorFunc altNamesMutatorFunc }
CertConfig represents a config to generate certificate by karmada.
func GetDefaultCertList ¶
func GetDefaultCertList(karmada *operatorv1alpha1.Karmada) []*CertConfig
GetDefaultCertList returns all of karmada certConfigs, it include karmada, front and etcd.
func KarmadaCertAdmin ¶
func KarmadaCertAdmin() *CertConfig
KarmadaCertAdmin returns karmada client cert config.
func KarmadaCertApiserver ¶
func KarmadaCertApiserver() *CertConfig
KarmadaCertApiserver returns karmada apiserver cert config.
func KarmadaCertClient ¶
func KarmadaCertClient() *CertConfig
KarmadaCertClient returns karmada client cert config.
func KarmadaCertEtcdCA ¶
func KarmadaCertEtcdCA() *CertConfig
KarmadaCertEtcdCA returns karmada front proxy client cert config.
func KarmadaCertEtcdClient ¶
func KarmadaCertEtcdClient() *CertConfig
KarmadaCertEtcdClient returns etcd client cert config.
func KarmadaCertEtcdServer ¶
func KarmadaCertEtcdServer() *CertConfig
KarmadaCertEtcdServer returns etcd server cert config.
func KarmadaCertFrontProxyCA ¶
func KarmadaCertFrontProxyCA() *CertConfig
KarmadaCertFrontProxyCA returns karmada front proxy cert config.
func KarmadaCertFrontProxyClient ¶
func KarmadaCertFrontProxyClient() *CertConfig
KarmadaCertFrontProxyClient returns karmada front proxy client cert config.
func KarmadaCertRootCA ¶
func KarmadaCertRootCA() *CertConfig
KarmadaCertRootCA returns karmada ca cert config.
type CertStore ¶
type CertStore interface { AddCert(cert *KarmadaCert) GetCert(name string) *KarmadaCert CertList() []*KarmadaCert LoadCertFromSecret(secret *corev1.Secret) error }
CertStore is an Interface that define the cert read and store operator to a cache. And we can load a set of certs form a k8s secret.
func NewCertStore ¶
func NewCertStore() CertStore
NewCertStore returns a cert store. It use default SplitToPairName function to get cert pair name form cert file name.
type KarmadaCert ¶
type KarmadaCert struct {
// contains filtered or unexported fields
}
KarmadaCert is karmada certificate, it includes certificate basic message. we can directly get the byte array of certificate key and cert from the object.
func CreateCertAndKeyFilesWithCA ¶
func CreateCertAndKeyFilesWithCA(cc *CertConfig, caCertData, caKeyData []byte) (*KarmadaCert, error)
CreateCertAndKeyFilesWithCA loads the given certificate authority from disk, then generates and writes out the given certificate and key. The certSpec and caCertSpec should both be one of the variables from this package.
func NewCertificateAuthority ¶
func NewCertificateAuthority(cc *CertConfig) (*KarmadaCert, error)
NewCertificateAuthority creates new certificate and private key for the certificate authority
func NewKarmadaCert ¶ added in v1.12.0
func NewKarmadaCert(pairName, caName string, cert, key []byte) *KarmadaCert
NewKarmadaCert is used to create a new Karmada cert
func (*KarmadaCert) CertData ¶
func (cert *KarmadaCert) CertData() []byte
CertData returns certificate cert data.
func (*KarmadaCert) CertName ¶
func (cert *KarmadaCert) CertName() string
CertName returns cert file name. its default suffix is ".crt".
func (*KarmadaCert) KeyData ¶
func (cert *KarmadaCert) KeyData() []byte
KeyData returns certificate key data.
func (*KarmadaCert) KeyName ¶
func (cert *KarmadaCert) KeyName() string
KeyName returns cert key file name. its default suffix is ".key".
type KarmadaCertStore ¶
type KarmadaCertStore struct {
// contains filtered or unexported fields
}
KarmadaCertStore is a cache to store karmada certificate. the key is cert baseName by default.
func (*KarmadaCertStore) AddCert ¶
func (store *KarmadaCertStore) AddCert(cert *KarmadaCert)
AddCert adds a cert to cert store, the cache key is cert pairName by default.
func (*KarmadaCertStore) CertList ¶
func (store *KarmadaCertStore) CertList() []*KarmadaCert
CertList lists all of karmada certs in the cert cache.
func (*KarmadaCertStore) GetCert ¶
func (store *KarmadaCertStore) GetCert(name string) *KarmadaCert
GetCert get cert from store by cert pairName.
func (*KarmadaCertStore) LoadCertFromSecret ¶ added in v1.8.0
func (store *KarmadaCertStore) LoadCertFromSecret(secret *corev1.Secret) error
LoadCertFromSecret loads a set of certs form k8s secret resource. we get cert cache key by calling the pairNameFunc function. if the secret data key suffix is ".crt", it be considered cert data. if the suffix is ".key", it be considered cert key data.