pki

package

v0.0.0-...-566b0a1 Latest Latest Go to latest Published: Oct 31, 2024 License: Apache-2.0 Imports: 13 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/ks-tool/k8s-bootstrapper

Links

Open Source Insights

README ¶

go-pki

Examples

package main

import (
	"crypto/x509"
	"fmt"
	"log"
	"net"
	"os"
	
	"github.com/ks-tool/k8s-bootstrapper/pkg/pki"
)

func main() {
	const pkiDir = "/etc/kubernetes/pki"

	kubeCA := &pki.CertRequest{
		Name:                 "ca",
		CommonName:           "kubernetes",
		PrivateKeyAndCertDir: pkiDir,
	}

	kubeApiServer := &pki.CertRequest{
		Name:       "apiserver",
		CAName:     "ca",
		CommonName: "kube-apiserver",
		Usages:     []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
		AltNames: pki.AltNames{
			DNSNames: []string{
				"master",
				"kubernetes",
				"kubernetes.default",
				"kubernetes.default.svc",
				"kubernetes.default.svc.cluster.local",
			},
			IPs: []net.IP{
				{10, 96, 0, 1},
				{192, 168, 96, 1},
			},
		},
		PrivateKeyAndCertDir: pkiDir,
	}

	kubeSA := &pki.PublicKeyRequest{
		Name:      "sa",
		OutputDir: pkiDir,
	}
	
	if err := createPrivateKeyAndCertificate(kubeCA); err != nil {
		log.Fatal(err)
	}

	if err := createPrivateKeyAndCertificate(kubeApiServer); err != nil {
		log.Fatal(err)
	}

	if err := createPrivateAndPublicKeys(kubeSA); err != nil {
		log.Fatal(err)
	}
}

func createPrivateKeyAndCertificate(cr *pki.CertRequest) error {
	pk, err := cr.PrivateKey()
	if err != nil {
		return err
	}

	if pk.IsNew() {
		if err = pk.Save(""); err != nil {
			return err
		}
	}

	certFile := pk.CertificateFilepath()
	if _, err = os.Stat(certFile); err == nil {
		if !pk.IsNew() {
			return fmt.Errorf("certificate file %s already exists", certFile)
		}
	} else if !os.IsNotExist(err) {
		return err
	}

	crt, err := pk.CertificateSign(cr)
	if err != nil {
		return fmt.Errorf("failed to sign certificate: %s", err)
	}

	return crt.Save(certFile)
}

func createPrivateAndPublicKeys(cr *pki.PublicKeyRequest) error {
	pk, err := cr.PrivateKey()
	if err != nil {
		return err
	}

	if pk.IsNew() {
		if err = pk.Save(""); err != nil {
			return err
		}
	}

	pubKey := pk.PublicKeyFilepath()
	if _, err = os.Stat(pubKey); err == nil {
		if !pk.IsNew() {
			return fmt.Errorf("public key file %s already exists", pubKey)
		}
	} else if !os.IsNotExist(err) {
		return err
	}
	
	return pk.Public().Save(pubKey)
}

Documentation ¶

Index ¶

type AltNames
type CA
- func (ca *CA) Certificate() *Certificate
type CertRequest
- func (r *CertRequest) LoadCA() (*CA, error)
- func (r *CertRequest) PrivateKey() (*PrivateKey, error)
type Certificate
- func (crt *Certificate) PEM() []byte
- func (crt *Certificate) Save(certFile string) error
type PrivateKey
- func NewPrivateKey() (*PrivateKey, error)
type PublicKey
- func (key *PublicKey) PEM() []byte
- func (key *PublicKey) Save(keyFile string) error
type PublicKeyRequest
- func (r *PublicKeyRequest) PrivateKey() (*PrivateKey, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AltNames ¶

type AltNames struct {
	DNSNames []string
	IPs      []net.IP
}

type CA ¶

type CA struct {
	// contains filtered or unexported fields
}

func (*CA) Certificate ¶

func (ca *CA) Certificate() *Certificate

type CertRequest ¶

type CertRequest struct {
	Name         string
	CAName       string
	CommonName   string
	Organization []string
	Usages       []x509.ExtKeyUsage
	AltNames     AltNames

	PkiDir      string
	Description string
}

func (*CertRequest) LoadCA ¶

func (r *CertRequest) LoadCA() (*CA, error)

func (*CertRequest) PrivateKey ¶

func (r *CertRequest) PrivateKey() (*PrivateKey, error)

type Certificate ¶

type Certificate struct {
	// contains filtered or unexported fields
}

func (*Certificate) PEM ¶

func (crt *Certificate) PEM() []byte

func (*Certificate) Save ¶

func (crt *Certificate) Save(certFile string) error

type PrivateKey ¶

type PrivateKey struct {
	// contains filtered or unexported fields
}

func NewPrivateKey ¶

func NewPrivateKey() (*PrivateKey, error)

func (*PrivateKey) CertificateFilepath ¶

func (key *PrivateKey) CertificateFilepath() string

func (*PrivateKey) CertificateSign ¶

func (key *PrivateKey) CertificateSign(cr *CertRequest) (*Certificate, error)

func (*PrivateKey) Filepath ¶

func (key *PrivateKey) Filepath() string

func (*PrivateKey) IsNew ¶

func (key *PrivateKey) IsNew() bool

func (*PrivateKey) PEM ¶

func (key *PrivateKey) PEM() []byte

func (*PrivateKey) Public ¶

func (key *PrivateKey) Public() *PublicKey

func (*PrivateKey) PublicKeyFilepath ¶

func (key *PrivateKey) PublicKeyFilepath() string

func (*PrivateKey) Save ¶

func (key *PrivateKey) Save(keyFile string) error

type PublicKey ¶

type PublicKey struct {
	// contains filtered or unexported fields
}

func (*PublicKey) PEM ¶

func (key *PublicKey) PEM() []byte

func (*PublicKey) Save ¶

func (key *PublicKey) Save(keyFile string) error

type PublicKeyRequest ¶

type PublicKeyRequest struct {
	Name string

	PkiDir      string
	Description string
}

func (*PublicKeyRequest) PrivateKey ¶

func (r *PublicKeyRequest) PrivateKey() (*PrivateKey, error)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL