The highest tagged major version is
Documentation
¶
Index ¶
- Constants
- Variables
- func CertOrKeyExist(pkiPath, name string) bool
- func CheckCertificatePeriodValidity(baseName string, cert *x509.Certificate)
- func CreateCACertAndKeyFiles(certSpec *KubekeyCert, pkiPath string, kubeConf *common.KubeConf) error
- func CreateCertAndKeyFilesWithCA(caCertSpec *KubekeyCert, certSpec *KubekeyCert, pkiPath string, ...) error
- func EncodeCertPEM(cert *x509.Certificate) []byte
- func GenerateCA(ca *KubekeyCert, pkiPath string, kubeConf *common.KubeConf) error
- func GenerateCerts(cert *KubekeyCert, caCert *KubekeyCert, pkiPath string, ...) error
- func GeneratePrivateKey(keyType x509.PublicKeyAlgorithm) (crypto.Signer, error)
- func HasServerAuth(cert *x509.Certificate) bool
- func LoadCertificateAuthority(pkiDir string, baseName string) (*x509.Certificate, crypto.Signer, error)
- func NewCertAndKey(caCert *x509.Certificate, caKey crypto.Signer, config *CertConfig) (*x509.Certificate, crypto.Signer, error)
- func NewCertificateAuthority(config *CertConfig) (*x509.Certificate, crypto.Signer, error)
- func NewSignedCert(cfg *CertConfig, key crypto.Signer, caCert *x509.Certificate, ...) (*x509.Certificate, error)
- func PathsForCertAndKey(pkiPath, name string) (string, string)
- func RemoveDuplicateAltNames(altNames *certutil.AltNames)
- func TryLoadCertAndKeyFromDisk(pkiPath, name string) (*x509.Certificate, crypto.Signer, error)
- func TryLoadCertChainFromDisk(pkiPath, name string) (*x509.Certificate, []*x509.Certificate, error)
- func TryLoadCertFromDisk(pkiPath, name string) (*x509.Certificate, error)
- func TryLoadKeyFromDisk(pkiPath, name string) (crypto.Signer, error)
- func ValidateCertPeriod(cert *x509.Certificate, offset time.Duration) error
- func VerifyCertChain(cert *x509.Certificate, intermediates []*x509.Certificate, ...) error
- func WriteCert(pkiPath, name string, cert *x509.Certificate) error
- func WriteCertAndKey(pkiPath string, name string, cert *x509.Certificate, key crypto.Signer) error
- func WriteKey(pkiPath, name string, key crypto.Signer) error
- type CertConfig
- type KubekeyCert
Constants ¶
const ( // CertificateValidity defines the validity for all the signed certificates generated by kubeadm CertificateValidity = time.Hour * 24 * 365 * 10 // CertificateBlockType is a possible value for pem.Block.Type. CertificateBlockType = "CERTIFICATE" )
Variables ¶
var NewPrivateKey = GeneratePrivateKey
NewPrivateKey returns a new private key.
Functions ¶
func CertOrKeyExist ¶
CertOrKeyExist returns a boolean whether the cert or the key exists
func CheckCertificatePeriodValidity ¶
func CheckCertificatePeriodValidity(baseName string, cert *x509.Certificate)
CheckCertificatePeriodValidity takes a certificate and prints a warning if its period is not valid related to the current time. It does so only if the certificate was not validated already by keeping track with a cache.
func CreateCACertAndKeyFiles ¶
func CreateCACertAndKeyFiles(certSpec *KubekeyCert, pkiPath string, kubeConf *common.KubeConf) error
CreateCACertAndKeyFiles generates and writes out a given certificate authority. The certSpec should be one of the variables from this package.
func CreateCertAndKeyFilesWithCA ¶
func CreateCertAndKeyFilesWithCA(caCertSpec *KubekeyCert, certSpec *KubekeyCert, pkiPath string, kubeConf *common.KubeConf) error
CreateCertAndKeyFilesWithCA loads the given certificate authority from disk, then generates and writes out the given certificate and key. The certSpec and caCertSpec should both be one of the variables from this package.
func EncodeCertPEM ¶
func EncodeCertPEM(cert *x509.Certificate) []byte
EncodeCertPEM returns PEM-endcoded certificate data
func GenerateCA ¶
func GenerateCA(ca *KubekeyCert, pkiPath string, kubeConf *common.KubeConf) error
func GenerateCerts ¶
func GenerateCerts(cert *KubekeyCert, caCert *KubekeyCert, pkiPath string, kubeConf *common.KubeConf) error
func GeneratePrivateKey ¶
func GeneratePrivateKey(keyType x509.PublicKeyAlgorithm) (crypto.Signer, error)
func HasServerAuth ¶
func HasServerAuth(cert *x509.Certificate) bool
HasServerAuth returns true if the given certificate is a ServerAuth
func LoadCertificateAuthority ¶
func LoadCertificateAuthority(pkiDir string, baseName string) (*x509.Certificate, crypto.Signer, error)
LoadCertificateAuthority tries to load a CA in the given directory with the given name.
func NewCertAndKey ¶
func NewCertAndKey(caCert *x509.Certificate, caKey crypto.Signer, config *CertConfig) (*x509.Certificate, crypto.Signer, error)
NewCertAndKey creates new certificate and key by passing the certificate authority certificate and key
func NewCertificateAuthority ¶
func NewCertificateAuthority(config *CertConfig) (*x509.Certificate, crypto.Signer, error)
NewCertificateAuthority creates new certificate and private key for the certificate authority
func NewSignedCert ¶
func NewSignedCert(cfg *CertConfig, key crypto.Signer, caCert *x509.Certificate, caKey crypto.Signer, isCA bool) (*x509.Certificate, error)
NewSignedCert creates a signed certificate using the given CA certificate and key
func PathsForCertAndKey ¶
PathsForCertAndKey returns the paths for the certificate and key given the path and basename.
func RemoveDuplicateAltNames ¶
RemoveDuplicateAltNames removes duplicate items in altNames.
func TryLoadCertAndKeyFromDisk ¶
TryLoadCertAndKeyFromDisk tries to load a cert and a key from the disk and validates that they are valid
func TryLoadCertChainFromDisk ¶
func TryLoadCertChainFromDisk(pkiPath, name string) (*x509.Certificate, []*x509.Certificate, error)
TryLoadCertChainFromDisk tries to load the cert chain from the disk
func TryLoadCertFromDisk ¶
func TryLoadCertFromDisk(pkiPath, name string) (*x509.Certificate, error)
TryLoadCertFromDisk tries to load the cert from the disk
func TryLoadKeyFromDisk ¶
TryLoadKeyFromDisk tries to load the key from the disk and validates that it is valid
func ValidateCertPeriod ¶
func ValidateCertPeriod(cert *x509.Certificate, offset time.Duration) error
ValidateCertPeriod checks if the certificate is valid relative to the current time (+/- offset)
func VerifyCertChain ¶
func VerifyCertChain(cert *x509.Certificate, intermediates []*x509.Certificate, root *x509.Certificate) error
VerifyCertChain verifies that a certificate has a valid chain of intermediate CAs back to the root CA
func WriteCert ¶
func WriteCert(pkiPath, name string, cert *x509.Certificate) error
WriteCert stores the given certificate at the given location
func WriteCertAndKey ¶
WriteCertAndKey stores certificate and key at the specified location
Types ¶
type CertConfig ¶
type CertConfig struct {
certutil.Config
NotAfter *time.Time
PublicKeyAlgorithm x509.PublicKeyAlgorithm
}
CertConfig is a wrapper around certutil.Config extending it with PublicKeyAlgorithm.
type KubekeyCert ¶
type KubekeyCert struct {
Name string
LongName string
BaseName string
CAName string
Config CertConfig
}
KubekeyCert represents a certificate that Kubeadm will create to function properly.
func (*KubekeyCert) CreateFromCA ¶
func (k *KubekeyCert) CreateFromCA(kubeConf *common.KubeConf, pkiPath string, caCert *x509.Certificate, caKey crypto.Signer) error
CreateFromCA makes and writes a certificate using the given CA cert and key.
func (*KubekeyCert) GetConfig ¶
func (k *KubekeyCert) GetConfig(_ *common.KubeConf) (*CertConfig, error)
GetConfig returns the definition for the given cert given the provided InitConfiguration
Source Files