README
¶
Certificates generation for authenticator tests
Testing certificates where generated using cfssl tool.
Steps to generate new certificates
Install cfssl
and generate configuration files as follows:
ca-config.json:
{
"signing": {
"default": {
"expiry": "876000h"
},
"profiles": {
"server": {
"expiry": "876000h",
"hosts": [
"localhost"
],
"usages": [
"signing",
"key encipherment",
"server auth"
]
},
"client": {
"expiry": "876000h",
"usages": [
"signing",
"key encipherment",
"client auth"
]
}
}
}
}
ca.csr.json:
{
"CN": "my.own.ca",
"hosts": [
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "ES",
"ST": "BCN",
"L": "Barcelona"
}
]
}
server.json:
{
"CN": "server",
"key": {
"algo": "rsa",
"size": 2048
},
"hosts": ["localhost"]
}
client.json:
{
"CN": "client",
"key": {
"algo": "rsa",
"size": 2048
}
}
Generate the CA certificate:
cfssl gencert -initca ca-csr.json | cfssljson -bare ca
Generate the server certificate:
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=server server.json | cfssljson -bare server
Generate the client certificate:
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=client client.json | cfssljson -bare client
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Authenticator ¶
type Authenticator interface { // AuthenticatedTransport returns a RoundTripper with the required configuration // to connect to the endpoint. AuthenticatedTransport(endpoint config.Endpoint) (http.RoundTripper, error) }
Authenticator provides an interface to generate a authorized round tripper.
type Config ¶
type Config struct { SecretListerer discovery.SecretListerer InClusterConfig *rest.Config }
type K8sClientAuthenticator ¶
type K8sClientAuthenticator struct { Config // contains filtered or unexported fields }
func New ¶
func New(config Config, opts ...OptionFunc) (*K8sClientAuthenticator, error)
New returns an K8sClientAuthenticator that supports plain, bearer token and mTLS.
func (K8sClientAuthenticator) AuthenticatedTransport ¶
func (a K8sClientAuthenticator) AuthenticatedTransport(endpoint config.Endpoint) (http.RoundTripper, error)
AuthenticatedTransport returns a round tripper according to the endpoint config. For mTLS configuration it fetches the certificates from the secret.
type OptionFunc ¶
type OptionFunc func(kca *K8sClientAuthenticator) error
func WithLogger ¶
func WithLogger(logger *log.Logger) OptionFunc
WithLogger returns an OptionFunc to change the logger from the default noop logger.