tls

package
v0.16.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 2, 2019 License: Apache-2.0 Imports: 22 Imported by: 0

Documentation

Overview

Package tls defines and generates the tls assets based on its dependencies.

Index

Constants

View Source
const (

	// ValidityOneDay sets the validity of a cert to 24 hours.
	ValidityOneDay = time.Hour * 24

	// ValidityOneYear sets the validity of a cert to 1 year.
	ValidityOneYear = ValidityOneDay * 365

	// ValidityTenYears sets the validity of a cert to 10 years.
	ValidityTenYears = ValidityOneYear * 10
)

Variables

This section is empty.

Functions

func CSRToPem

func CSRToPem(cert *x509.CertificateRequest) []byte

CSRToPem converts an x509.CertificateRequest to a pem string

func CertToPem

func CertToPem(cert *x509.Certificate) []byte

CertToPem converts an x509.Certificate object to a pem string

func GenerateSelfSignedCertificate added in v0.13.0

func GenerateSelfSignedCertificate(cfg *CertCfg) (*rsa.PrivateKey, *x509.Certificate, error)

GenerateSelfSignedCertificate generates a key/cert pair defined by CertCfg.

func GenerateSignedCertificate added in v0.13.0

func GenerateSignedCertificate(caKey *rsa.PrivateKey, caCert *x509.Certificate,
	cfg *CertCfg) (*rsa.PrivateKey, *x509.Certificate, error)

GenerateSignedCertificate generate a key and cert defined by CertCfg and signed by CA.

func PemToCertificate

func PemToCertificate(data []byte) (*x509.Certificate, error)

PemToCertificate converts a data block to x509.Certificate.

func PemToPrivateKey

func PemToPrivateKey(data []byte) (*rsa.PrivateKey, error)

PemToPrivateKey converts a data block to rsa.PrivateKey.

func PrivateKey

func PrivateKey() (*rsa.PrivateKey, error)

PrivateKey generates an RSA Private key and returns the value

func PrivateKeyToPem

func PrivateKeyToPem(key *rsa.PrivateKey) []byte

PrivateKeyToPem converts an rsa.PrivateKey object to pem string

func PublicKeyToPem

func PublicKeyToPem(key *rsa.PublicKey) ([]byte, error)

PublicKeyToPem converts an rsa.PublicKey object to pem string

func SelfSignedCertificate added in v0.13.0

func SelfSignedCertificate(cfg *CertCfg, key *rsa.PrivateKey) (*x509.Certificate, error)

SelfSignedCertificate creates a self signed certificate

func SignedCertificate

func SignedCertificate(
	cfg *CertCfg,
	csr *x509.CertificateRequest,
	key *rsa.PrivateKey,
	caCert *x509.Certificate,
	caKey *rsa.PrivateKey,
) (*x509.Certificate, error)

SignedCertificate creates a new X.509 certificate based on a template.

Types

type APIServerCertKey added in v0.2.0

type APIServerCertKey struct {
	SignedCertKey
}

APIServerCertKey is the asset that generates the API server key/cert pair. [DEPRECATED]

func (*APIServerCertKey) Dependencies added in v0.2.0

func (a *APIServerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*APIServerCertKey) Generate added in v0.2.0

func (a *APIServerCertKey) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*APIServerCertKey) Name added in v0.2.0

func (a *APIServerCertKey) Name() string

Name returns the human-friendly name of the asset.

type APIServerProxyCertKey added in v0.2.0

type APIServerProxyCertKey struct {
	SignedCertKey
}

APIServerProxyCertKey is the asset that generates the API server proxy key/cert pair. [DEPRECATED]

func (*APIServerProxyCertKey) Dependencies added in v0.2.0

func (a *APIServerProxyCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*APIServerProxyCertKey) Generate added in v0.2.0

func (a *APIServerProxyCertKey) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*APIServerProxyCertKey) Name added in v0.2.0

func (a *APIServerProxyCertKey) Name() string

Name returns the human-friendly name of the asset.

type AdminKubeConfigCABundle added in v0.13.0

type AdminKubeConfigCABundle struct {
	CertBundle
}

AdminKubeConfigCABundle is the asset the generates the admin-kubeconfig-ca-bundle, which contains all the individual client CAs.

func (*AdminKubeConfigCABundle) Dependencies added in v0.13.0

func (a *AdminKubeConfigCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*AdminKubeConfigCABundle) Generate added in v0.13.0

func (a *AdminKubeConfigCABundle) Generate(deps asset.Parents) error

Generate generates the cert bundle based on its dependencies.

func (*AdminKubeConfigCABundle) Name added in v0.13.0

func (a *AdminKubeConfigCABundle) Name() string

Name returns the human-friendly name of the asset.

type AdminKubeConfigClientCertKey added in v0.13.0

type AdminKubeConfigClientCertKey struct {
	SignedCertKey
}

AdminKubeConfigClientCertKey is the asset that generates the key/cert pair for admin client to apiserver.

func (*AdminKubeConfigClientCertKey) Dependencies added in v0.13.0

func (a *AdminKubeConfigClientCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*AdminKubeConfigClientCertKey) Generate added in v0.13.0

func (a *AdminKubeConfigClientCertKey) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*AdminKubeConfigClientCertKey) Name added in v0.13.0

Name returns the human-friendly name of the asset.

type AdminKubeConfigSignerCertKey added in v0.13.0

type AdminKubeConfigSignerCertKey struct {
	SelfSignedCertKey
}

AdminKubeConfigSignerCertKey is a key/cert pair that signs the admin kubeconfig client certs.

func (*AdminKubeConfigSignerCertKey) Dependencies added in v0.13.0

func (c *AdminKubeConfigSignerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the root-ca, which is empty.

func (*AdminKubeConfigSignerCertKey) Generate added in v0.13.0

func (c *AdminKubeConfigSignerCertKey) Generate(parents asset.Parents) error

Generate generates the root-ca key and cert pair.

func (*AdminKubeConfigSignerCertKey) Name added in v0.13.0

Name returns the human-friendly name of the asset.

type AggregatorCA added in v0.2.0

type AggregatorCA struct {
	SelfSignedCertKey
}

AggregatorCA is the asset that generates the aggregator-ca key/cert pair. [DEPRECATED]

func (*AggregatorCA) Dependencies added in v0.2.0

func (a *AggregatorCA) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*AggregatorCA) Generate added in v0.2.0

func (a *AggregatorCA) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*AggregatorCA) Name added in v0.2.0

func (a *AggregatorCA) Name() string

Name returns the human-friendly name of the asset.

type AggregatorCABundle added in v0.13.0

type AggregatorCABundle struct {
	CertBundle
}

AggregatorCABundle is the asset the generates the aggregator-ca-bundle, which contains all the individual client CAs.

func (*AggregatorCABundle) Dependencies added in v0.13.0

func (a *AggregatorCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*AggregatorCABundle) Generate added in v0.13.0

func (a *AggregatorCABundle) Generate(deps asset.Parents) error

Generate generates the cert bundle based on its dependencies.

func (*AggregatorCABundle) Name added in v0.13.0

func (a *AggregatorCABundle) Name() string

Name returns the human-friendly name of the asset.

type AggregatorClientCertKey added in v0.13.0

type AggregatorClientCertKey struct {
	SignedCertKey
}

AggregatorClientCertKey is the asset that generates the API server proxy key/cert pair.

func (*AggregatorClientCertKey) Dependencies added in v0.13.0

func (a *AggregatorClientCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair

func (*AggregatorClientCertKey) Generate added in v0.13.0

func (a *AggregatorClientCertKey) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*AggregatorClientCertKey) Name added in v0.13.0

func (a *AggregatorClientCertKey) Name() string

Name returns the human-friendly name of the asset.

type AggregatorSignerCertKey added in v0.13.0

type AggregatorSignerCertKey struct {
	SelfSignedCertKey
}

AggregatorSignerCertKey is a key/cert pair that signs the aggregator client certs.

func (*AggregatorSignerCertKey) Dependencies added in v0.13.0

func (c *AggregatorSignerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the root-ca, which is empty.

func (*AggregatorSignerCertKey) Generate added in v0.13.0

func (c *AggregatorSignerCertKey) Generate(parents asset.Parents) error

Generate generates the root-ca key and cert pair.

func (*AggregatorSignerCertKey) Name added in v0.13.0

func (c *AggregatorSignerCertKey) Name() string

Name returns the human-friendly name of the asset.

type AppendParentChoice added in v0.2.0

type AppendParentChoice bool

AppendParentChoice dictates whether the parent's cert is to be added to the cert.

const (
	// AppendParent indicates that the parent's cert should be added.
	AppendParent AppendParentChoice = true
	// DoNotAppendParent indicates that the parent's cert should not be added.
	DoNotAppendParent AppendParentChoice = false
)

type CertBundle added in v0.13.0

type CertBundle struct {
	BundleRaw []byte
	FileList  []*asset.File
}

CertBundle contains a multiple certificates in a bundle.

func (*CertBundle) Cert added in v0.13.0

func (b *CertBundle) Cert() []byte

Cert returns the certificate bundle.

func (*CertBundle) Files added in v0.13.0

func (b *CertBundle) Files() []*asset.File

Files returns the files generated by the asset.

func (*CertBundle) Generate added in v0.13.0

func (b *CertBundle) Generate(filename string, certs ...CertInterface) error

Generate generates the cert bundle from certs.

func (*CertBundle) Load added in v0.13.0

func (b *CertBundle) Load(asset.FileFetcher) (bool, error)

Load is a no-op because TLS assets are not written to disk.

type CertCfg

type CertCfg struct {
	DNSNames     []string
	ExtKeyUsages []x509.ExtKeyUsage
	IPAddresses  []net.IP
	KeyUsages    x509.KeyUsage
	Subject      pkix.Name
	Validity     time.Duration
	IsCA         bool
}

CertCfg contains all needed fields to configure a new certificate

type CertInterface added in v0.13.0

type CertInterface interface {
	// Cert returns the certificate.
	Cert() []byte
}

CertInterface contains cert.

type CertKey

type CertKey struct {
	CertRaw  []byte
	KeyRaw   []byte
	FileList []*asset.File
}

CertKey contains the private key and the cert.

func (*CertKey) Cert added in v0.2.0

func (c *CertKey) Cert() []byte

Cert returns the certificate.

func (*CertKey) CertFile added in v0.10.0

func (c *CertKey) CertFile() *asset.File

CertFile returns the certificate file.

func (*CertKey) Files added in v0.2.0

func (c *CertKey) Files() []*asset.File

Files returns the files generated by the asset.

func (*CertKey) Key added in v0.2.0

func (c *CertKey) Key() []byte

Key returns the private key.

func (*CertKey) Load added in v0.3.0

func (c *CertKey) Load(asset.FileFetcher) (bool, error)

Load is a no-op because TLS assets are not written to disk.

type CertKeyInterface added in v0.2.0

type CertKeyInterface interface {
	CertInterface
	// Key returns the private key.
	Key() []byte
}

CertKeyInterface contains a private key and the associated cert.

type EtcdCA added in v0.2.0

type EtcdCA struct {
	SelfSignedCertKey
}

EtcdCA is the asset that generates the etcd-ca key/cert pair. [DEPRECATED]

func (*EtcdCA) Dependencies added in v0.2.0

func (a *EtcdCA) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*EtcdCA) Generate added in v0.2.0

func (a *EtcdCA) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*EtcdCA) Name added in v0.2.0

func (a *EtcdCA) Name() string

Name returns the human-friendly name of the asset.

type EtcdCABundle added in v0.13.0

type EtcdCABundle struct {
	CertBundle
}

EtcdCABundle is the asset the generates the etcd-ca-bundle, which contains all the individual client CAs.

func (*EtcdCABundle) Dependencies added in v0.13.0

func (a *EtcdCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*EtcdCABundle) Generate added in v0.13.0

func (a *EtcdCABundle) Generate(deps asset.Parents) error

Generate generates the cert bundle based on its dependencies.

func (*EtcdCABundle) Name added in v0.13.0

func (a *EtcdCABundle) Name() string

Name returns the human-friendly name of the asset.

type EtcdClientCertKey added in v0.2.0

type EtcdClientCertKey struct {
	SignedCertKey
}

EtcdClientCertKey is the asset that generates the etcd client key/cert pair. [DEPRECATED]

func (*EtcdClientCertKey) Dependencies added in v0.2.0

func (a *EtcdClientCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*EtcdClientCertKey) Generate added in v0.2.0

func (a *EtcdClientCertKey) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*EtcdClientCertKey) Name added in v0.2.0

func (a *EtcdClientCertKey) Name() string

Name returns the human-friendly name of the asset.

type EtcdMetricCABundle added in v0.16.0

type EtcdMetricCABundle struct {
	CertBundle
}

EtcdMetricCABundle is the asset the generates the etcd-metrics-ca-bundle, which contains all the individual client CAs.

func (*EtcdMetricCABundle) Dependencies added in v0.16.0

func (a *EtcdMetricCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*EtcdMetricCABundle) Generate added in v0.16.0

func (a *EtcdMetricCABundle) Generate(deps asset.Parents) error

Generate generates the cert bundle based on its dependencies.

func (*EtcdMetricCABundle) Name added in v0.16.0

func (a *EtcdMetricCABundle) Name() string

Name returns the human-friendly name of the asset.

type EtcdMetricSignerCertKey added in v0.16.0

type EtcdMetricSignerCertKey struct {
	SelfSignedCertKey
}

EtcdMetricSignerCertKey is a key/cert pair that signs the etcd-metrics client and server certs.

func (*EtcdMetricSignerCertKey) Dependencies added in v0.16.0

func (c *EtcdMetricSignerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the root-ca, which is empty.

func (*EtcdMetricSignerCertKey) Generate added in v0.16.0

func (c *EtcdMetricSignerCertKey) Generate(parents asset.Parents) error

Generate generates the root-ca key and cert pair.

func (*EtcdMetricSignerCertKey) Name added in v0.16.0

func (c *EtcdMetricSignerCertKey) Name() string

Name returns the human-friendly name of the asset.

type EtcdMetricSignerClientCertKey added in v0.16.0

type EtcdMetricSignerClientCertKey struct {
	SignedCertKey
}

EtcdMetricSignerClientCertKey is the asset that generates the etcd-metrics client key/cert pair.

func (*EtcdMetricSignerClientCertKey) Dependencies added in v0.16.0

func (a *EtcdMetricSignerClientCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*EtcdMetricSignerClientCertKey) Generate added in v0.16.0

func (a *EtcdMetricSignerClientCertKey) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*EtcdMetricSignerClientCertKey) Name added in v0.16.0

Name returns the human-friendly name of the asset.

type EtcdSignerCertKey added in v0.13.0

type EtcdSignerCertKey struct {
	SelfSignedCertKey
}

EtcdSignerCertKey is a key/cert pair that signs the etcd client and peer certs.

func (*EtcdSignerCertKey) Dependencies added in v0.13.0

func (c *EtcdSignerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the root-ca, which is empty.

func (*EtcdSignerCertKey) Generate added in v0.13.0

func (c *EtcdSignerCertKey) Generate(parents asset.Parents) error

Generate generates the root-ca key and cert pair.

func (*EtcdSignerCertKey) Name added in v0.13.0

func (c *EtcdSignerCertKey) Name() string

Name returns the human-friendly name of the asset.

type EtcdSignerClientCertKey added in v0.13.0

type EtcdSignerClientCertKey struct {
	SignedCertKey
}

EtcdSignerClientCertKey is the asset that generates the etcd client key/cert pair.

func (*EtcdSignerClientCertKey) Dependencies added in v0.13.0

func (a *EtcdSignerClientCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*EtcdSignerClientCertKey) Generate added in v0.13.0

func (a *EtcdSignerClientCertKey) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*EtcdSignerClientCertKey) Name added in v0.13.0

func (a *EtcdSignerClientCertKey) Name() string

Name returns the human-friendly name of the asset.

type JournalCertKey added in v0.10.0

type JournalCertKey struct {
	SignedCertKey
}

JournalCertKey is the asset that generates the key/cert pair that is used to authenticate with journal-gatewayd on the bootstrap node.

func (*JournalCertKey) Dependencies added in v0.10.0

func (a *JournalCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*JournalCertKey) Generate added in v0.10.0

func (a *JournalCertKey) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*JournalCertKey) Name added in v0.10.0

func (a *JournalCertKey) Name() string

Name returns the human-friendly name of the asset.

type KeyPair

type KeyPair struct {
	Pvt      []byte
	Pub      []byte
	FileList []*asset.File
}

KeyPair contains a private key and a public key.

func (*KeyPair) Files added in v0.2.0

func (k *KeyPair) Files() []*asset.File

Files returns the files generated by the asset.

func (*KeyPair) Generate

func (k *KeyPair) Generate(filenameBase string) error

Generate generates the rsa private / public key pair.

func (*KeyPair) Private added in v0.2.0

func (k *KeyPair) Private() []byte

Private returns the private key.

func (*KeyPair) Public added in v0.2.0

func (k *KeyPair) Public() []byte

Public returns the public key.

type KeyPairInterface added in v0.2.0

type KeyPairInterface interface {
	// Private returns the private key.
	Private() []byte
	// Public returns the public key.
	Public() []byte
}

KeyPairInterface contains a private key and a public key.

type KubeAPIServerCompleteCABundle added in v0.13.0

type KubeAPIServerCompleteCABundle struct {
	CertBundle
}

KubeAPIServerCompleteCABundle is the asset the generates the kube-apiserver-complete-server-ca-bundle, which contains all the certs that are valid to confirm the kube-apiserver identity.

func (*KubeAPIServerCompleteCABundle) Dependencies added in v0.13.0

func (a *KubeAPIServerCompleteCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*KubeAPIServerCompleteCABundle) Generate added in v0.13.0

Generate generates the cert bundle based on its dependencies.

func (*KubeAPIServerCompleteCABundle) Name added in v0.13.0

Name returns the human-friendly name of the asset.

type KubeAPIServerCompleteClientCABundle added in v0.13.0

type KubeAPIServerCompleteClientCABundle struct {
	CertBundle
}

KubeAPIServerCompleteClientCABundle is the asset the generates the kube-apiserver-complete-client-ca-bundle, which contains all the certs that are valid for the kube-apiserver to trust for clients.

func (*KubeAPIServerCompleteClientCABundle) Dependencies added in v0.13.0

func (a *KubeAPIServerCompleteClientCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*KubeAPIServerCompleteClientCABundle) Generate added in v0.13.0

Generate generates the cert bundle based on its dependencies.

func (*KubeAPIServerCompleteClientCABundle) Name added in v0.13.0

Name returns the human-friendly name of the asset.

type KubeAPIServerLBCABundle added in v0.13.0

type KubeAPIServerLBCABundle struct {
	CertBundle
}

KubeAPIServerLBCABundle is the asset the generates the kube-apiserver-lb-ca-bundle, which contains all the individual client CAs.

func (*KubeAPIServerLBCABundle) Dependencies added in v0.13.0

func (a *KubeAPIServerLBCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*KubeAPIServerLBCABundle) Generate added in v0.13.0

func (a *KubeAPIServerLBCABundle) Generate(deps asset.Parents) error

Generate generates the cert bundle based on its dependencies.

func (*KubeAPIServerLBCABundle) Name added in v0.13.0

func (a *KubeAPIServerLBCABundle) Name() string

Name returns the human-friendly name of the asset.

type KubeAPIServerLBServerCertKey added in v0.13.0

type KubeAPIServerLBServerCertKey struct {
	SignedCertKey
}

KubeAPIServerLBServerCertKey is the asset that generates the kube-apiserver serving key/cert pair for SNI load balancer.

func (*KubeAPIServerLBServerCertKey) Dependencies added in v0.13.0

func (a *KubeAPIServerLBServerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair

func (*KubeAPIServerLBServerCertKey) Generate added in v0.13.0

func (a *KubeAPIServerLBServerCertKey) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*KubeAPIServerLBServerCertKey) Name added in v0.13.0

Name returns the human-friendly name of the asset.

type KubeAPIServerLBSignerCertKey added in v0.13.0

type KubeAPIServerLBSignerCertKey struct {
	SelfSignedCertKey
}

KubeAPIServerLBSignerCertKey is a key/cert pair that signs the kube-apiserver server cert for SNI load balancer.

func (*KubeAPIServerLBSignerCertKey) Dependencies added in v0.13.0

func (c *KubeAPIServerLBSignerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the root-ca, which is empty.

func (*KubeAPIServerLBSignerCertKey) Generate added in v0.13.0

func (c *KubeAPIServerLBSignerCertKey) Generate(parents asset.Parents) error

Generate generates the root-ca key and cert pair.

func (*KubeAPIServerLBSignerCertKey) Name added in v0.13.0

Name returns the human-friendly name of the asset.

type KubeAPIServerLocalhostCABundle added in v0.13.0

type KubeAPIServerLocalhostCABundle struct {
	CertBundle
}

KubeAPIServerLocalhostCABundle is the asset the generates the kube-apiserver-localhost-ca-bundle, which contains all the individual client CAs.

func (*KubeAPIServerLocalhostCABundle) Dependencies added in v0.13.0

func (a *KubeAPIServerLocalhostCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*KubeAPIServerLocalhostCABundle) Generate added in v0.13.0

Generate generates the cert bundle based on its dependencies.

func (*KubeAPIServerLocalhostCABundle) Name added in v0.13.0

Name returns the human-friendly name of the asset.

type KubeAPIServerLocalhostServerCertKey added in v0.13.0

type KubeAPIServerLocalhostServerCertKey struct {
	SignedCertKey
}

KubeAPIServerLocalhostServerCertKey is the asset that generates the kube-apiserver serving key/cert pair for SNI localhost.

func (*KubeAPIServerLocalhostServerCertKey) Dependencies added in v0.13.0

func (a *KubeAPIServerLocalhostServerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair

func (*KubeAPIServerLocalhostServerCertKey) Generate added in v0.13.0

func (a *KubeAPIServerLocalhostServerCertKey) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*KubeAPIServerLocalhostServerCertKey) Name added in v0.13.0

Name returns the human-friendly name of the asset.

type KubeAPIServerLocalhostSignerCertKey added in v0.13.0

type KubeAPIServerLocalhostSignerCertKey struct {
	SelfSignedCertKey
}

KubeAPIServerLocalhostSignerCertKey is a key/cert pair that signs the kube-apiserver server cert for SNI localhost.

func (*KubeAPIServerLocalhostSignerCertKey) Dependencies added in v0.13.0

func (c *KubeAPIServerLocalhostSignerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the root-ca, which is empty.

func (*KubeAPIServerLocalhostSignerCertKey) Generate added in v0.13.0

Generate generates the root-ca key and cert pair.

func (*KubeAPIServerLocalhostSignerCertKey) Name added in v0.13.0

Name returns the human-friendly name of the asset.

type KubeAPIServerServiceNetworkCABundle added in v0.13.0

type KubeAPIServerServiceNetworkCABundle struct {
	CertBundle
}

KubeAPIServerServiceNetworkCABundle is the asset the generates the kube-apiserver-service-network-ca-bundle, which contains all the individual client CAs.

func (*KubeAPIServerServiceNetworkCABundle) Dependencies added in v0.13.0

func (a *KubeAPIServerServiceNetworkCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*KubeAPIServerServiceNetworkCABundle) Generate added in v0.13.0

Generate generates the cert bundle based on its dependencies.

func (*KubeAPIServerServiceNetworkCABundle) Name added in v0.13.0

Name returns the human-friendly name of the asset.

type KubeAPIServerServiceNetworkServerCertKey added in v0.13.0

type KubeAPIServerServiceNetworkServerCertKey struct {
	SignedCertKey
}

KubeAPIServerServiceNetworkServerCertKey is the asset that generates the kube-apiserver serving key/cert pair for SNI service network.

func (*KubeAPIServerServiceNetworkServerCertKey) Dependencies added in v0.13.0

Dependencies returns the dependency of the the cert/key pair

func (*KubeAPIServerServiceNetworkServerCertKey) Generate added in v0.13.0

func (a *KubeAPIServerServiceNetworkServerCertKey) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*KubeAPIServerServiceNetworkServerCertKey) Name added in v0.13.0

Name returns the human-friendly name of the asset.

type KubeAPIServerServiceNetworkSignerCertKey added in v0.13.0

type KubeAPIServerServiceNetworkSignerCertKey struct {
	SelfSignedCertKey
}

KubeAPIServerServiceNetworkSignerCertKey is a key/cert pair that signs the kube-apiserver server cert for SNI service network.

func (*KubeAPIServerServiceNetworkSignerCertKey) Dependencies added in v0.13.0

Dependencies returns the dependency of the root-ca, which is empty.

func (*KubeAPIServerServiceNetworkSignerCertKey) Generate added in v0.13.0

Generate generates the root-ca key and cert pair.

func (*KubeAPIServerServiceNetworkSignerCertKey) Name added in v0.13.0

Name returns the human-friendly name of the asset.

type KubeAPIServerToKubeletCABundle added in v0.13.0

type KubeAPIServerToKubeletCABundle struct {
	CertBundle
}

KubeAPIServerToKubeletCABundle is the asset the generates the kube-apiserver-to-kubelet-ca-bundle, which contains all the individual client CAs.

func (*KubeAPIServerToKubeletCABundle) Dependencies added in v0.13.0

func (a *KubeAPIServerToKubeletCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*KubeAPIServerToKubeletCABundle) Generate added in v0.13.0

Generate generates the cert bundle based on its dependencies.

func (*KubeAPIServerToKubeletCABundle) Name added in v0.13.0

Name returns the human-friendly name of the asset.

type KubeAPIServerToKubeletClientCertKey added in v0.13.0

type KubeAPIServerToKubeletClientCertKey struct {
	SignedCertKey
}

KubeAPIServerToKubeletClientCertKey is the asset that generates the kube-apiserver to kubelet client key/cert pair.

func (*KubeAPIServerToKubeletClientCertKey) Dependencies added in v0.13.0

func (a *KubeAPIServerToKubeletClientCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair

func (*KubeAPIServerToKubeletClientCertKey) Generate added in v0.13.0

func (a *KubeAPIServerToKubeletClientCertKey) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*KubeAPIServerToKubeletClientCertKey) Name added in v0.13.0

Name returns the human-friendly name of the asset.

type KubeAPIServerToKubeletSignerCertKey added in v0.13.0

type KubeAPIServerToKubeletSignerCertKey struct {
	SelfSignedCertKey
}

KubeAPIServerToKubeletSignerCertKey is a key/cert pair that signs the kube-apiserver to kubelet client certs.

func (*KubeAPIServerToKubeletSignerCertKey) Dependencies added in v0.13.0

func (c *KubeAPIServerToKubeletSignerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the root-ca, which is empty.

func (*KubeAPIServerToKubeletSignerCertKey) Generate added in v0.13.0

Generate generates the root-ca key and cert pair.

func (*KubeAPIServerToKubeletSignerCertKey) Name added in v0.13.0

Name returns the human-friendly name of the asset.

type KubeCA added in v0.2.0

type KubeCA struct {
	SelfSignedCertKey
}

KubeCA is the asset that generates the kube-ca key/cert pair. [DEPRECATED]

func (*KubeCA) Dependencies added in v0.2.0

func (a *KubeCA) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*KubeCA) Generate added in v0.2.0

func (a *KubeCA) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*KubeCA) Name added in v0.2.0

func (a *KubeCA) Name() string

Name returns the human-friendly name of the asset.

type KubeControlPlaneCABundle added in v0.13.0

type KubeControlPlaneCABundle struct {
	CertBundle
}

KubeControlPlaneCABundle is the asset the generates the kube-control-plane-ca-bundle, which contains all the individual client CAs.

func (*KubeControlPlaneCABundle) Dependencies added in v0.13.0

func (a *KubeControlPlaneCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*KubeControlPlaneCABundle) Generate added in v0.13.0

func (a *KubeControlPlaneCABundle) Generate(deps asset.Parents) error

Generate generates the cert bundle based on its dependencies.

func (*KubeControlPlaneCABundle) Name added in v0.13.0

func (a *KubeControlPlaneCABundle) Name() string

Name returns the human-friendly name of the asset.

type KubeControlPlaneKubeControllerManagerClientCertKey added in v0.13.0

type KubeControlPlaneKubeControllerManagerClientCertKey struct {
	SignedCertKey
}

KubeControlPlaneKubeControllerManagerClientCertKey is the asset that generates the kube-controller-manger client key/cert pair.

func (*KubeControlPlaneKubeControllerManagerClientCertKey) Dependencies added in v0.13.0

Dependencies returns the dependency of the the cert/key pair

func (*KubeControlPlaneKubeControllerManagerClientCertKey) Generate added in v0.13.0

Generate generates the cert/key pair based on its dependencies.

func (*KubeControlPlaneKubeControllerManagerClientCertKey) Name added in v0.13.0

Name returns the human-friendly name of the asset.

type KubeControlPlaneKubeSchedulerClientCertKey added in v0.13.0

type KubeControlPlaneKubeSchedulerClientCertKey struct {
	SignedCertKey
}

KubeControlPlaneKubeSchedulerClientCertKey is the asset that generates the kube-scheduler client key/cert pair.

func (*KubeControlPlaneKubeSchedulerClientCertKey) Dependencies added in v0.13.0

Dependencies returns the dependency of the the cert/key pair

func (*KubeControlPlaneKubeSchedulerClientCertKey) Generate added in v0.13.0

Generate generates the cert/key pair based on its dependencies.

func (*KubeControlPlaneKubeSchedulerClientCertKey) Name added in v0.13.0

Name returns the human-friendly name of the asset.

type KubeControlPlaneSignerCertKey added in v0.13.0

type KubeControlPlaneSignerCertKey struct {
	SelfSignedCertKey
}

KubeControlPlaneSignerCertKey is a key/cert pair that signs the kube control-plane client certs.

func (*KubeControlPlaneSignerCertKey) Dependencies added in v0.13.0

func (c *KubeControlPlaneSignerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the root-ca, which is empty.

func (*KubeControlPlaneSignerCertKey) Generate added in v0.13.0

func (c *KubeControlPlaneSignerCertKey) Generate(parents asset.Parents) error

Generate generates the root-ca key and cert pair.

func (*KubeControlPlaneSignerCertKey) Name added in v0.13.0

Name returns the human-friendly name of the asset.

type KubeletBootstrapCABundle added in v0.14.0

type KubeletBootstrapCABundle struct {
	CertBundle
}

KubeletBootstrapCABundle is the asset the generates the admin-kubeconfig-ca-bundle, which contains all the individual client CAs.

func (*KubeletBootstrapCABundle) Dependencies added in v0.14.0

func (a *KubeletBootstrapCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*KubeletBootstrapCABundle) Generate added in v0.14.0

func (a *KubeletBootstrapCABundle) Generate(deps asset.Parents) error

Generate generates the cert bundle based on its dependencies.

func (*KubeletBootstrapCABundle) Name added in v0.14.0

func (a *KubeletBootstrapCABundle) Name() string

Name returns the human-friendly name of the asset.

type KubeletBootstrapCertSigner added in v0.14.0

type KubeletBootstrapCertSigner struct {
	SelfSignedCertKey
}

KubeletBootstrapCertSigner is a key/cert pair that signs the kubelet bootstrap kubeconfig client certs that the kubelet uses to create CSRs for it's real certificates

func (*KubeletBootstrapCertSigner) Dependencies added in v0.14.0

func (c *KubeletBootstrapCertSigner) Dependencies() []asset.Asset

Dependencies returns the dependency of the root-ca, which is empty.

func (*KubeletBootstrapCertSigner) Generate added in v0.14.0

func (c *KubeletBootstrapCertSigner) Generate(parents asset.Parents) error

Generate generates the root-ca key and cert pair.

func (*KubeletBootstrapCertSigner) Name added in v0.14.0

Name returns the human-friendly name of the asset.

type KubeletCSRSignerCertKey added in v0.13.0

type KubeletCSRSignerCertKey struct {
	SelfSignedCertKey
}

KubeletCSRSignerCertKey is a key/cert pair that signs the kubelet client certs.

func (*KubeletCSRSignerCertKey) Dependencies added in v0.13.0

func (c *KubeletCSRSignerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the root-ca, which is empty.

func (*KubeletCSRSignerCertKey) Generate added in v0.13.0

func (c *KubeletCSRSignerCertKey) Generate(parents asset.Parents) error

Generate generates the root-ca key and cert pair.

func (*KubeletCSRSignerCertKey) Name added in v0.13.0

func (c *KubeletCSRSignerCertKey) Name() string

Name returns the human-friendly name of the asset.

type KubeletClientCABundle added in v0.13.0

type KubeletClientCABundle struct {
	CertBundle
}

KubeletClientCABundle is the asset the generates the kubelet-client-ca-bundle, which contains all the individual client CAs.

func (*KubeletClientCABundle) Dependencies added in v0.13.0

func (a *KubeletClientCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*KubeletClientCABundle) Generate added in v0.13.0

func (a *KubeletClientCABundle) Generate(deps asset.Parents) error

Generate generates the cert bundle based on its dependencies.

func (*KubeletClientCABundle) Name added in v0.13.0

func (a *KubeletClientCABundle) Name() string

Name returns the human-friendly name of the asset.

type KubeletClientCertKey added in v0.13.0

type KubeletClientCertKey struct {
	SignedCertKey
}

KubeletClientCertKey is the asset that generates the key/cert pair for kubelet client to apiserver.

func (*KubeletClientCertKey) Dependencies added in v0.13.0

func (a *KubeletClientCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*KubeletClientCertKey) Generate added in v0.13.0

func (a *KubeletClientCertKey) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*KubeletClientCertKey) Name added in v0.13.0

func (a *KubeletClientCertKey) Name() string

Name returns the human-friendly name of the asset.

type KubeletServingCABundle added in v0.13.0

type KubeletServingCABundle struct {
	CertBundle
}

KubeletServingCABundle is the asset the generates the kubelet-serving-ca-bundle, which contains all the individual client CAs.

func (*KubeletServingCABundle) Dependencies added in v0.13.0

func (a *KubeletServingCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*KubeletServingCABundle) Generate added in v0.13.0

func (a *KubeletServingCABundle) Generate(deps asset.Parents) error

Generate generates the cert bundle based on its dependencies.

func (*KubeletServingCABundle) Name added in v0.13.0

func (a *KubeletServingCABundle) Name() string

Name returns the human-friendly name of the asset.

type MCSCertKey added in v0.2.0

type MCSCertKey struct {
	SignedCertKey
}

MCSCertKey is the asset that generates the MCS key/cert pair.

func (*MCSCertKey) Dependencies added in v0.2.0

func (a *MCSCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*MCSCertKey) Generate added in v0.2.0

func (a *MCSCertKey) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*MCSCertKey) Name added in v0.2.0

func (a *MCSCertKey) Name() string

Name returns the human-friendly name of the asset.

type RootCA

type RootCA struct {
	SelfSignedCertKey
}

RootCA contains the private key and the cert that's self-signed as the root CA.

func (*RootCA) Dependencies

func (c *RootCA) Dependencies() []asset.Asset

Dependencies returns the dependency of the root-ca, which is empty.

func (*RootCA) Generate

func (c *RootCA) Generate(parents asset.Parents) error

Generate generates the root-ca key and cert pair.

func (*RootCA) Name

func (c *RootCA) Name() string

Name returns the human-friendly name of the asset.

type SelfSignedCertKey added in v0.13.0

type SelfSignedCertKey struct {
	CertKey
}

SelfSignedCertKey contains the private key and the cert that's self-signed.

func (*SelfSignedCertKey) Generate added in v0.13.0

func (c *SelfSignedCertKey) Generate(
	cfg *CertCfg,
	filenameBase string,
) error

Generate generates a cert/key pair signed by the specified parent CA.

type ServiceAccountKeyPair added in v0.2.0

type ServiceAccountKeyPair struct {
	KeyPair
}

ServiceAccountKeyPair is the asset that generates the service-account public/private key pair.

func (*ServiceAccountKeyPair) Dependencies added in v0.2.0

func (a *ServiceAccountKeyPair) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*ServiceAccountKeyPair) Generate added in v0.2.0

func (a *ServiceAccountKeyPair) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*ServiceAccountKeyPair) Load added in v0.3.0

Load is a no-op because the service account keypair is not written to disk.

func (*ServiceAccountKeyPair) Name added in v0.2.0

func (a *ServiceAccountKeyPair) Name() string

Name returns the human-friendly name of the asset.

type SignedCertKey added in v0.13.0

type SignedCertKey struct {
	CertKey
}

SignedCertKey contains the private key and the cert that's signed by the parent CA.

func (*SignedCertKey) Generate added in v0.13.0

func (c *SignedCertKey) Generate(
	cfg *CertCfg,
	parentCA CertKeyInterface,
	filenameBase string,
	appendParent AppendParentChoice,
) error

Generate generates a cert/key pair signed by the specified parent CA.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL