generator

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 5, 2022 License: MIT Imports: 10 Imported by: 0

Documentation

Overview

NOTE: This package originates from controller-runtime v0.1. The later versions of controller-runtime removed support for self signed certificate generation. The dependencies of this package no longer have the functions it depended on, mostly client-go, and have been moved to other projects as part of re-organization of certificate and key helper libraries. Refer https://github.com/kubernetes/kubernetes/issues/71004 for more details.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ServiceToCommonName

func ServiceToCommonName(serviceNamespace, serviceName string) string

ServiceToCommonName generates the CommonName for the certificate when using a k8s service.

func ValidCACert

func ValidCACert(key, cert, caCert []byte, dnsName string, time time.Time) bool

ValidCACert think cert and key are valid if they meet the following requirements: - key and cert are valid pair - caCert is the root ca of cert - cert is for dnsName - cert won't expire before time

Types

type Artifacts

type Artifacts struct {
	// PEM encoded private key
	Key []byte
	// PEM encoded serving certificate
	Cert []byte
	// PEM encoded CA private key
	CAKey []byte
	// PEM encoded CA certificate
	CACert []byte
}

Artifacts hosts a private key, its corresponding serving certificate and the CA certificate that signs the serving certificate.

type CertGenerator

type CertGenerator interface {
	// Generate returns a Artifacts struct.
	Generate(CommonName string) (*Artifacts, error)
	// SetCA sets the PEM-encoded CA private key and CA cert for signing the generated serving cert.
	SetCA(caKey, caCert []byte)
}

CertGenerator is an interface to provision the serving certificate.

type SelfSignedCertGenerator

type SelfSignedCertGenerator struct {

	// Validity is the length of the generated certificate's validity and signed by the
	// root CA cert.
	Validity time.Duration
	// contains filtered or unexported fields
}

SelfSignedCertGenerator implements the certGenerator interface. It provisions self-signed certificates. NOTE: The self signed root CA cert is created with a validity of 10 years. This is set by the upstream client-go's cert utils package.

func (*SelfSignedCertGenerator) Generate

func (cp *SelfSignedCertGenerator) Generate(commonName string) (*Artifacts, error)

Generate creates and returns a CA certificate, certificate and key for the server. serverKey and serverCert are used by the server to establish trust for clients, CA certificate is used by the client to verify the server authentication chain. The cert will be valid for 365 days.

func (*SelfSignedCertGenerator) SetCA

func (cp *SelfSignedCertGenerator) SetCA(caKey, caCert []byte)

SetCA sets the PEM-encoded CA private key and CA cert for signing the generated serving cert.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL