tls

package
v1.4.17 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 9, 2024 License: Apache-2.0 Imports: 32 Imported by: 187

Documentation

Overview

Package tls defines and generates the tls assets based on its dependencies.

Index

Constants

View Source 
const (

	// ValidityOneDay sets the validity of a cert to 24 hours.
	ValidityOneDay = time.Hour * 24

	// ValidityOneYear sets the validity of a cert to 1 year.
	ValidityOneYear = ValidityOneDay * 365

	// ValidityTenYears sets the validity of a cert to 10 years.
	ValidityTenYears = ValidityOneYear * 10
)

Variables

This section is empty.

Functions

func CSRToPem 

func CSRToPem(cert *x509.CertificateRequest) []byte

CSRToPem converts an x509.CertificateRequest to a pem string

func CertToPem 

func CertToPem(cert *x509.Certificate) []byte

CertToPem converts an x509.Certificate object to a pem string

func GenerateSelfSignedCertificate added in v0.9.2 

func GenerateSelfSignedCertificate(cfg *CertCfg) (*rsa.PrivateKey, *x509.Certificate, error)

GenerateSelfSignedCertificate generates a key/cert pair defined by CertCfg.

func GenerateSignedCertificate added in v0.9.2 

func GenerateSignedCertificate(caKey *rsa.PrivateKey, caCert *x509.Certificate,
	cfg *CertCfg) (*rsa.PrivateKey, *x509.Certificate, error)

GenerateSignedCertificate generate a key and cert defined by CertCfg and signed by CA.

func PemToCertificate 

func PemToCertificate(data []byte) (*x509.Certificate, error)

PemToCertificate converts a data block to x509.Certificate.

func PemToPrivateKey 

func PemToPrivateKey(data []byte) (*rsa.PrivateKey, error)

PemToPrivateKey converts a data block to rsa.PrivateKey.

func PemToPublicKey added in v0.9.2 

func PemToPublicKey(data []byte) (*rsa.PublicKey, error)

PemToPublicKey converts a data block to rsa.PublicKey.

func PrivateKey 

func PrivateKey() (*rsa.PrivateKey, error)

PrivateKey generates an RSA Private key and returns the value

func PrivateKeyToPem 

func PrivateKeyToPem(key *rsa.PrivateKey) []byte

PrivateKeyToPem converts an rsa.PrivateKey object to pem string

func PublicKeyToPem 

func PublicKeyToPem(key *rsa.PublicKey) ([]byte, error)

PublicKeyToPem converts an rsa.PublicKey object to pem string

func SelfSignedCertificate added in v0.9.2 

func SelfSignedCertificate(cfg *CertCfg, key *rsa.PrivateKey) (*x509.Certificate, error)

SelfSignedCertificate creates a self signed certificate

func SignedCertificate 

func SignedCertificate(
	cfg *CertCfg,
	csr *x509.CertificateRequest,
	key *rsa.PrivateKey,
	caCert *x509.Certificate,
	caKey *rsa.PrivateKey,
) (*x509.Certificate, error)

SignedCertificate creates a new X.509 certificate based on a template.

Types

type APIServerProxyCertKey added in v0.2.0 

type APIServerProxyCertKey struct {
	SignedCertKey
}

APIServerProxyCertKey is the asset that generates the API server proxy key/cert pair. [DEPRECATED]

func (*APIServerProxyCertKey) Dependencies added in v0.2.0 

func (a *APIServerProxyCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*APIServerProxyCertKey) Generate added in v0.2.0 

func (a *APIServerProxyCertKey) Generate(ctx context.Context, dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*APIServerProxyCertKey) Name added in v0.2.0 

func (a *APIServerProxyCertKey) Name() string

Name returns the human-friendly name of the asset.

type AdminKubeConfigCABundle added in v0.9.2 

type AdminKubeConfigCABundle struct {
	CertBundle
}

AdminKubeConfigCABundle is the asset the generates the admin-kubeconfig-ca-bundle, which contains all the individual client CAs.

func (*AdminKubeConfigCABundle) Dependencies added in v0.9.2 

func (a *AdminKubeConfigCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*AdminKubeConfigCABundle) Generate added in v0.9.2 

func (a *AdminKubeConfigCABundle) Generate(ctx context.Context, deps asset.Parents) error

Generate generates the cert bundle based on its dependencies.

func (*AdminKubeConfigCABundle) Name added in v0.9.2 

func (a *AdminKubeConfigCABundle) Name() string

Name returns the human-friendly name of the asset.

type AdminKubeConfigClientCertKey added in v0.9.2 

type AdminKubeConfigClientCertKey struct {
	SignedCertKey
}

AdminKubeConfigClientCertKey is the asset that generates the key/cert pair for admin client to apiserver.

func (*AdminKubeConfigClientCertKey) Dependencies added in v0.9.2 

func (a *AdminKubeConfigClientCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*AdminKubeConfigClientCertKey) Generate added in v0.9.2 

func (a *AdminKubeConfigClientCertKey) Generate(ctx context.Context, dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*AdminKubeConfigClientCertKey) Load added in v0.9.2 

func (a *AdminKubeConfigClientCertKey) Load(f asset.FileFetcher) (bool, error)

Load reads the asset files from disk.

func (*AdminKubeConfigClientCertKey) Name added in v0.9.2 

func (a *AdminKubeConfigClientCertKey) Name() string

Name returns the human-friendly name of the asset.

type AdminKubeConfigSignerCertKey added in v0.9.2 

type AdminKubeConfigSignerCertKey struct {
	SelfSignedCertKey
}

AdminKubeConfigSignerCertKey is a key/cert pair that signs the admin kubeconfig client certs.

func (*AdminKubeConfigSignerCertKey) Dependencies added in v0.9.2 

func (c *AdminKubeConfigSignerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the root-ca, which is empty.

func (*AdminKubeConfigSignerCertKey) Generate added in v0.9.2 

func (c *AdminKubeConfigSignerCertKey) Generate(ctx context.Context, parents asset.Parents) error

Generate generates the root-ca key and cert pair.

func (*AdminKubeConfigSignerCertKey) Load added in v0.9.2 

func (c *AdminKubeConfigSignerCertKey) Load(f asset.FileFetcher) (bool, error)

Load reads the asset files from disk.

func (*AdminKubeConfigSignerCertKey) Name added in v0.9.2 

func (c *AdminKubeConfigSignerCertKey) Name() string

Name returns the human-friendly name of the asset.

type AggregatorCA added in v0.2.0 

type AggregatorCA struct {
	SelfSignedCertKey
}

AggregatorCA is the asset that generates the aggregator-ca key/cert pair. [DEPRECATED]

func (*AggregatorCA) Dependencies added in v0.2.0 

func (a *AggregatorCA) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*AggregatorCA) Generate added in v0.2.0 

func (a *AggregatorCA) Generate(ctx context.Context, dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*AggregatorCA) Name added in v0.2.0 

func (a *AggregatorCA) Name() string

Name returns the human-friendly name of the asset.

type AggregatorCABundle added in v0.9.2 

type AggregatorCABundle struct {
	CertBundle
}

AggregatorCABundle is the asset the generates the aggregator-ca-bundle, which contains all the individual client CAs.

func (*AggregatorCABundle) Dependencies added in v0.9.2 

func (a *AggregatorCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*AggregatorCABundle) Generate added in v0.9.2 

func (a *AggregatorCABundle) Generate(ctx context.Context, deps asset.Parents) error

Generate generates the cert bundle based on its dependencies.

func (*AggregatorCABundle) Name added in v0.9.2 

func (a *AggregatorCABundle) Name() string

Name returns the human-friendly name of the asset.

type AggregatorClientCertKey added in v0.9.2 

type AggregatorClientCertKey struct {
	SignedCertKey
}

AggregatorClientCertKey is the asset that generates the API server proxy key/cert pair.

func (*AggregatorClientCertKey) Dependencies added in v0.9.2 

func (a *AggregatorClientCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair

func (*AggregatorClientCertKey) Generate added in v0.9.2 

func (a *AggregatorClientCertKey) Generate(ctx context.Context, dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*AggregatorClientCertKey) Name added in v0.9.2 

func (a *AggregatorClientCertKey) Name() string

Name returns the human-friendly name of the asset.

type AggregatorSignerCertKey added in v0.9.2 

type AggregatorSignerCertKey struct {
	SelfSignedCertKey
}

AggregatorSignerCertKey is a key/cert pair that signs the aggregator client certs.

func (*AggregatorSignerCertKey) Dependencies added in v0.9.2 

func (c *AggregatorSignerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the root-ca, which is empty.

func (*AggregatorSignerCertKey) Generate added in v0.9.2 

func (c *AggregatorSignerCertKey) Generate(ctx context.Context, parents asset.Parents) error

Generate generates the root-ca key and cert pair.

func (*AggregatorSignerCertKey) Name added in v0.9.2 

func (c *AggregatorSignerCertKey) Name() string

Name returns the human-friendly name of the asset.

type AppendParentChoice added in v0.2.0 

type AppendParentChoice bool

AppendParentChoice dictates whether the parent's cert is to be added to the cert. 

const (
	// AppendParent indicates that the parent's cert should be added.
	AppendParent AppendParentChoice = true
	// DoNotAppendParent indicates that the parent's cert should not be added.
	DoNotAppendParent AppendParentChoice = false
)

type BootstrapSSHKeyPair added in v0.9.2 

type BootstrapSSHKeyPair struct {
	Priv []byte // private key
	Pub  []byte // public ssh key
}

BootstrapSSHKeyPair generates a private, public key pair for SSH. These keys can use to used to configure the bootstrap-host so that the private key can be used to connect.

func (*BootstrapSSHKeyPair) Dependencies added in v0.9.2 

func (a *BootstrapSSHKeyPair) Dependencies() []asset.Asset

Dependencies lists the assets required to generate the BootstrapSSHKeyPair.

func (*BootstrapSSHKeyPair) Files added in v0.9.2 

func (a *BootstrapSSHKeyPair) Files() []*asset.File

Files returns the files generated by the asset.

func (*BootstrapSSHKeyPair) Generate added in v0.9.2 

func (a *BootstrapSSHKeyPair) Generate(ctx context.Context, dependencies asset.Parents) error

Generate generates the key pair based on its dependencies.

func (*BootstrapSSHKeyPair) Load added in v0.9.2 

func (a *BootstrapSSHKeyPair) Load(asset.FileFetcher) (bool, error)

Load is a no-op because the service account keypair is not written to disk.

func (*BootstrapSSHKeyPair) Name added in v0.9.2 

func (a *BootstrapSSHKeyPair) Name() string

Name defines a user freindly name for BootstrapSSHKeyPair.

func (*BootstrapSSHKeyPair) Private added in v0.9.2 

func (a *BootstrapSSHKeyPair) Private() []byte

Private returns the private key.

func (*BootstrapSSHKeyPair) Public added in v0.9.2 

func (a *BootstrapSSHKeyPair) Public() []byte

Public returns the public SSH key.

type BoundSASigningKey added in v0.9.2 

type BoundSASigningKey struct {
	FileList []*asset.File
}

BoundSASigningKey contains a user provided key and public parts for the service account signing key used by kube-apiserver. This asset does not generate any new content and only loads these files from disk when provided by the user.

func (*BoundSASigningKey) Dependencies added in v0.9.2 

func (*BoundSASigningKey) Dependencies() []asset.Asset

Dependencies returns all of the dependencies directly needed to generate the asset.

func (*BoundSASigningKey) Files added in v0.9.2 

func (sk *BoundSASigningKey) Files() []*asset.File

Files returns the files generated by the asset.

func (*BoundSASigningKey) Generate added in v0.9.2 

func (*BoundSASigningKey) Generate(_ context.Context, dependencies asset.Parents) error

Generate generates the CloudProviderConfig.

func (*BoundSASigningKey) Load added in v0.9.2 

func (sk *BoundSASigningKey) Load(f asset.FileFetcher) (bool, error)

Load reads the private key from the disk. It ensures that the key provided is a valid RSA key.

func (*BoundSASigningKey) Name added in v0.9.2 

func (*BoundSASigningKey) Name() string

Name returns a human friendly name for the asset.

type CertBundle added in v0.9.2 

type CertBundle struct {
	BundleRaw []byte
	FileList  []*asset.File
}

CertBundle contains a multiple certificates in a bundle.

func (*CertBundle) Cert added in v0.9.2 

func (b *CertBundle) Cert() []byte

Cert returns the certificate bundle.

func (*CertBundle) Files added in v0.9.2 

func (b *CertBundle) Files() []*asset.File

Files returns the files generated by the asset.

func (*CertBundle) Generate added in v0.9.2 

func (b *CertBundle) Generate(_ context.Context, filename string, certs ...CertInterface) error

Generate generates the cert bundle from certs.

func (*CertBundle) Load added in v0.9.2 

func (b *CertBundle) Load(asset.FileFetcher) (bool, error)

Load is a no-op because TLS assets are not written to disk.

type CertCfg 

type CertCfg struct {
	DNSNames     []string
	ExtKeyUsages []x509.ExtKeyUsage
	IPAddresses  []net.IP
	KeyUsages    x509.KeyUsage
	Subject      pkix.Name
	Validity     time.Duration
	IsCA         bool
}

CertCfg contains all needed fields to configure a new certificate

type CertInterface added in v0.9.2 

type CertInterface interface {
	// Cert returns the certificate.
	Cert() []byte
}

CertInterface contains cert.

type CertKey 

type CertKey struct {
	CertRaw  []byte
	KeyRaw   []byte
	FileList []*asset.File
}

CertKey contains the private key and the cert.

func (*CertKey) Cert added in v0.2.0 

func (c *CertKey) Cert() []byte

Cert returns the certificate.

func (*CertKey) CertFile added in v0.9.2 

func (c *CertKey) CertFile() *asset.File

CertFile returns the certificate file.

func (*CertKey) Files added in v0.2.0 

func (c *CertKey) Files() []*asset.File

Files returns the files generated by the asset.

func (*CertKey) Key added in v0.2.0 

func (c *CertKey) Key() []byte

Key returns the private key.

func (*CertKey) Load added in v0.3.0 

func (c *CertKey) Load(asset.FileFetcher) (bool, error)

Load is a no-op because TLS assets are not written to disk.

type CertKeyInterface added in v0.2.0 

type CertKeyInterface interface {
	CertInterface
	// Key returns the private key.
	Key() []byte
}

CertKeyInterface contains a private key and the associated cert.

type CloudProviderCABundle added in v0.9.2 

type CloudProviderCABundle struct {
	File *asset.File
}

CloudProviderCABundle is the asset the generates the CA bundle for trusting communication with the cloud provider. This bundle is used by the machine-config-operator on the bootstrap node.

func (*CloudProviderCABundle) Dependencies added in v0.9.2 

func (a *CloudProviderCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the CA bundle.

func (*CloudProviderCABundle) Files added in v0.9.2 

func (a *CloudProviderCABundle) Files() []*asset.File

Files returns the files generated by the asset.

func (*CloudProviderCABundle) Generate added in v0.9.2 

func (a *CloudProviderCABundle) Generate(_ context.Context, deps asset.Parents) error

Generate generates the CA bundle based on its dependencies.

func (*CloudProviderCABundle) Load added in v0.9.2 

func (a *CloudProviderCABundle) Load(asset.FileFetcher) (bool, error)

Load is a no-op because TLS assets are not written to disk.

func (*CloudProviderCABundle) Name added in v0.9.2 

func (a *CloudProviderCABundle) Name() string

Name returns the human-friendly name of the asset.

type JournalCertKey added in v0.9.2 

type JournalCertKey struct {
	SignedCertKey
}

JournalCertKey is the asset that generates the key/cert pair that is used to authenticate with journal-gatewayd on the bootstrap node.

func (*JournalCertKey) Dependencies added in v0.9.2 

func (a *JournalCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*JournalCertKey) Generate added in v0.9.2 

func (a *JournalCertKey) Generate(ctx context.Context, dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*JournalCertKey) Name added in v0.9.2 

func (a *JournalCertKey) Name() string

Name returns the human-friendly name of the asset.

type KeyPair 

type KeyPair struct {
	Pvt      []byte
	Pub      []byte
	FileList []*asset.File
}

KeyPair contains a private key and a public key.

func (*KeyPair) Files added in v0.2.0 

func (k *KeyPair) Files() []*asset.File

Files returns the files generated by the asset.

func (*KeyPair) Generate 

func (k *KeyPair) Generate(_ context.Context, filenameBase string) error

Generate generates the rsa private / public key pair.

func (*KeyPair) Private added in v0.2.0 

func (k *KeyPair) Private() []byte

Private returns the private key.

func (*KeyPair) Public added in v0.2.0 

func (k *KeyPair) Public() []byte

Public returns the public key.

type KeyPairInterface added in v0.2.0 

type KeyPairInterface interface {
	// Private returns the private key.
	Private() []byte
	// Public returns the public key.
	Public() []byte
}

KeyPairInterface contains a private key and a public key.

type KubeAPIServerCompleteCABundle added in v0.9.2 

type KubeAPIServerCompleteCABundle struct {
	CertBundle
}

KubeAPIServerCompleteCABundle is the asset the generates the kube-apiserver-complete-server-ca-bundle, which contains all the certs that are valid to confirm the kube-apiserver identity.

func (*KubeAPIServerCompleteCABundle) Dependencies added in v0.9.2 

func (a *KubeAPIServerCompleteCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*KubeAPIServerCompleteCABundle) Generate added in v0.9.2 

func (a *KubeAPIServerCompleteCABundle) Generate(ctx context.Context, deps asset.Parents) error

Generate generates the cert bundle based on its dependencies.

func (*KubeAPIServerCompleteCABundle) Name added in v0.9.2 

func (a *KubeAPIServerCompleteCABundle) Name() string

Name returns the human-friendly name of the asset.

type KubeAPIServerCompleteClientCABundle added in v0.9.2 

type KubeAPIServerCompleteClientCABundle struct {
	CertBundle
}

KubeAPIServerCompleteClientCABundle is the asset the generates the kube-apiserver-complete-client-ca-bundle, which contains all the certs that are valid for the kube-apiserver to trust for clients.

func (*KubeAPIServerCompleteClientCABundle) Dependencies added in v0.9.2 

func (a *KubeAPIServerCompleteClientCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*KubeAPIServerCompleteClientCABundle) Generate added in v0.9.2 

func (a *KubeAPIServerCompleteClientCABundle) Generate(ctx context.Context, deps asset.Parents) error

Generate generates the cert bundle based on its dependencies.

func (*KubeAPIServerCompleteClientCABundle) Name added in v0.9.2 

func (a *KubeAPIServerCompleteClientCABundle) Name() string

Name returns the human-friendly name of the asset.

type KubeAPIServerExternalLBServerCertKey added in v0.9.2 

type KubeAPIServerExternalLBServerCertKey struct {
	SignedCertKey
}

KubeAPIServerExternalLBServerCertKey is the asset that generates the kube-apiserver serving key/cert pair for SNI external load balancer.

func (*KubeAPIServerExternalLBServerCertKey) Dependencies added in v0.9.2 

func (a *KubeAPIServerExternalLBServerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair

func (*KubeAPIServerExternalLBServerCertKey) Generate added in v0.9.2 

func (a *KubeAPIServerExternalLBServerCertKey) Generate(ctx context.Context, dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*KubeAPIServerExternalLBServerCertKey) Name added in v0.9.2 

func (a *KubeAPIServerExternalLBServerCertKey) Name() string

Name returns the human-friendly name of the asset.

type KubeAPIServerInternalLBServerCertKey added in v0.9.2 

type KubeAPIServerInternalLBServerCertKey struct {
	SignedCertKey
}

KubeAPIServerInternalLBServerCertKey is the asset that generates the kube-apiserver serving key/cert pair for SNI internal load balancer.

func (*KubeAPIServerInternalLBServerCertKey) Dependencies added in v0.9.2 

func (a *KubeAPIServerInternalLBServerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair

func (*KubeAPIServerInternalLBServerCertKey) Generate added in v0.9.2 

func (a *KubeAPIServerInternalLBServerCertKey) Generate(ctx context.Context, dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*KubeAPIServerInternalLBServerCertKey) Name added in v0.9.2 

func (a *KubeAPIServerInternalLBServerCertKey) Name() string

Name returns the human-friendly name of the asset.

type KubeAPIServerLBCABundle added in v0.9.2 

type KubeAPIServerLBCABundle struct {
	CertBundle
}

KubeAPIServerLBCABundle is the asset the generates the kube-apiserver-lb-ca-bundle, which contains all the individual client CAs.

func (*KubeAPIServerLBCABundle) Dependencies added in v0.9.2 

func (a *KubeAPIServerLBCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*KubeAPIServerLBCABundle) Generate added in v0.9.2 

func (a *KubeAPIServerLBCABundle) Generate(ctx context.Context, deps asset.Parents) error

Generate generates the cert bundle based on its dependencies.

func (*KubeAPIServerLBCABundle) Name added in v0.9.2 

func (a *KubeAPIServerLBCABundle) Name() string

Name returns the human-friendly name of the asset.

type KubeAPIServerLBSignerCertKey added in v0.9.2 

type KubeAPIServerLBSignerCertKey struct {
	SelfSignedCertKey
}

KubeAPIServerLBSignerCertKey is a key/cert pair that signs the kube-apiserver server cert for SNI load balancer.

func (*KubeAPIServerLBSignerCertKey) Dependencies added in v0.9.2 

func (c *KubeAPIServerLBSignerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the root-ca, which is empty.

func (*KubeAPIServerLBSignerCertKey) Generate added in v0.9.2 

func (c *KubeAPIServerLBSignerCertKey) Generate(ctx context.Context, parents asset.Parents) error

Generate generates the root-ca key and cert pair.

func (*KubeAPIServerLBSignerCertKey) Load added in v0.9.2 

func (c *KubeAPIServerLBSignerCertKey) Load(f asset.FileFetcher) (bool, error)

Load reads the asset files from disk.

func (*KubeAPIServerLBSignerCertKey) Name added in v0.9.2 

func (c *KubeAPIServerLBSignerCertKey) Name() string

Name returns the human-friendly name of the asset.

type KubeAPIServerLocalhostCABundle added in v0.9.2 

type KubeAPIServerLocalhostCABundle struct {
	CertBundle
}

KubeAPIServerLocalhostCABundle is the asset the generates the kube-apiserver-localhost-ca-bundle, which contains all the individual client CAs.

func (*KubeAPIServerLocalhostCABundle) Dependencies added in v0.9.2 

func (a *KubeAPIServerLocalhostCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*KubeAPIServerLocalhostCABundle) Generate added in v0.9.2 

func (a *KubeAPIServerLocalhostCABundle) Generate(ctx context.Context, deps asset.Parents) error

Generate generates the cert bundle based on its dependencies.

func (*KubeAPIServerLocalhostCABundle) Name added in v0.9.2 

func (a *KubeAPIServerLocalhostCABundle) Name() string

Name returns the human-friendly name of the asset.

type KubeAPIServerLocalhostServerCertKey added in v0.9.2 

type KubeAPIServerLocalhostServerCertKey struct {
	SignedCertKey
}

KubeAPIServerLocalhostServerCertKey is the asset that generates the kube-apiserver serving key/cert pair for SNI localhost.

func (*KubeAPIServerLocalhostServerCertKey) Dependencies added in v0.9.2 

func (a *KubeAPIServerLocalhostServerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair

func (*KubeAPIServerLocalhostServerCertKey) Generate added in v0.9.2 

func (a *KubeAPIServerLocalhostServerCertKey) Generate(ctx context.Context, dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*KubeAPIServerLocalhostServerCertKey) Name added in v0.9.2 

func (a *KubeAPIServerLocalhostServerCertKey) Name() string

Name returns the human-friendly name of the asset.

type KubeAPIServerLocalhostSignerCertKey added in v0.9.2 

type KubeAPIServerLocalhostSignerCertKey struct {
	SelfSignedCertKey
}

KubeAPIServerLocalhostSignerCertKey is a key/cert pair that signs the kube-apiserver server cert for SNI localhost.

func (*KubeAPIServerLocalhostSignerCertKey) Dependencies added in v0.9.2 

func (c *KubeAPIServerLocalhostSignerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the root-ca, which is empty.

func (*KubeAPIServerLocalhostSignerCertKey) Generate added in v0.9.2 

func (c *KubeAPIServerLocalhostSignerCertKey) Generate(ctx context.Context, parents asset.Parents) error

Generate generates the root-ca key and cert pair.

func (*KubeAPIServerLocalhostSignerCertKey) Load added in v0.9.2 

func (c *KubeAPIServerLocalhostSignerCertKey) Load(f asset.FileFetcher) (bool, error)

Load reads the asset files from disk.

func (*KubeAPIServerLocalhostSignerCertKey) Name added in v0.9.2 

func (c *KubeAPIServerLocalhostSignerCertKey) Name() string

Name returns the human-friendly name of the asset.

type KubeAPIServerServiceNetworkCABundle added in v0.9.2 

type KubeAPIServerServiceNetworkCABundle struct {
	CertBundle
}

KubeAPIServerServiceNetworkCABundle is the asset the generates the kube-apiserver-service-network-ca-bundle, which contains all the individual client CAs.

func (*KubeAPIServerServiceNetworkCABundle) Dependencies added in v0.9.2 

func (a *KubeAPIServerServiceNetworkCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*KubeAPIServerServiceNetworkCABundle) Generate added in v0.9.2 

func (a *KubeAPIServerServiceNetworkCABundle) Generate(ctx context.Context, deps asset.Parents) error

Generate generates the cert bundle based on its dependencies.

func (*KubeAPIServerServiceNetworkCABundle) Name added in v0.9.2 

func (a *KubeAPIServerServiceNetworkCABundle) Name() string

Name returns the human-friendly name of the asset.

type KubeAPIServerServiceNetworkServerCertKey added in v0.9.2 

type KubeAPIServerServiceNetworkServerCertKey struct {
	SignedCertKey
}

KubeAPIServerServiceNetworkServerCertKey is the asset that generates the kube-apiserver serving key/cert pair for SNI service network.

func (*KubeAPIServerServiceNetworkServerCertKey) Dependencies added in v0.9.2 

func (a *KubeAPIServerServiceNetworkServerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair

func (*KubeAPIServerServiceNetworkServerCertKey) Generate added in v0.9.2 

func (a *KubeAPIServerServiceNetworkServerCertKey) Generate(ctx context.Context, dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*KubeAPIServerServiceNetworkServerCertKey) Name added in v0.9.2 

func (a *KubeAPIServerServiceNetworkServerCertKey) Name() string

Name returns the human-friendly name of the asset.

type KubeAPIServerServiceNetworkSignerCertKey added in v0.9.2 

type KubeAPIServerServiceNetworkSignerCertKey struct {
	SelfSignedCertKey
}

KubeAPIServerServiceNetworkSignerCertKey is a key/cert pair that signs the kube-apiserver server cert for SNI service network.

func (*KubeAPIServerServiceNetworkSignerCertKey) Dependencies added in v0.9.2 

func (c *KubeAPIServerServiceNetworkSignerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the root-ca, which is empty.

func (*KubeAPIServerServiceNetworkSignerCertKey) Generate added in v0.9.2 

func (c *KubeAPIServerServiceNetworkSignerCertKey) Generate(ctx context.Context, parents asset.Parents) error

Generate generates the root-ca key and cert pair.

func (*KubeAPIServerServiceNetworkSignerCertKey) Load added in v0.9.2 

func (c *KubeAPIServerServiceNetworkSignerCertKey) Load(f asset.FileFetcher) (bool, error)

Load reads the asset files from disk.

func (*KubeAPIServerServiceNetworkSignerCertKey) Name added in v0.9.2 

func (c *KubeAPIServerServiceNetworkSignerCertKey) Name() string

Name returns the human-friendly name of the asset.

type KubeAPIServerToKubeletCABundle added in v0.9.2 

type KubeAPIServerToKubeletCABundle struct {
	CertBundle
}

KubeAPIServerToKubeletCABundle is the asset the generates the kube-apiserver-to-kubelet-ca-bundle, which contains all the individual client CAs.

func (*KubeAPIServerToKubeletCABundle) Dependencies added in v0.9.2 

func (a *KubeAPIServerToKubeletCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*KubeAPIServerToKubeletCABundle) Generate added in v0.9.2 

func (a *KubeAPIServerToKubeletCABundle) Generate(ctx context.Context, deps asset.Parents) error

Generate generates the cert bundle based on its dependencies.

func (*KubeAPIServerToKubeletCABundle) Name added in v0.9.2 

func (a *KubeAPIServerToKubeletCABundle) Name() string

Name returns the human-friendly name of the asset.

type KubeAPIServerToKubeletClientCertKey added in v0.9.2 

type KubeAPIServerToKubeletClientCertKey struct {
	SignedCertKey
}

KubeAPIServerToKubeletClientCertKey is the asset that generates the kube-apiserver to kubelet client key/cert pair.

func (*KubeAPIServerToKubeletClientCertKey) Dependencies added in v0.9.2 

func (a *KubeAPIServerToKubeletClientCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair

func (*KubeAPIServerToKubeletClientCertKey) Generate added in v0.9.2 

func (a *KubeAPIServerToKubeletClientCertKey) Generate(ctx context.Context, dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*KubeAPIServerToKubeletClientCertKey) Name added in v0.9.2 

func (a *KubeAPIServerToKubeletClientCertKey) Name() string

Name returns the human-friendly name of the asset.

type KubeAPIServerToKubeletSignerCertKey added in v0.9.2 

type KubeAPIServerToKubeletSignerCertKey struct {
	SelfSignedCertKey
}

KubeAPIServerToKubeletSignerCertKey is a key/cert pair that signs the kube-apiserver to kubelet client certs.

func (*KubeAPIServerToKubeletSignerCertKey) Dependencies added in v0.9.2 

func (c *KubeAPIServerToKubeletSignerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the root-ca, which is empty.

func (*KubeAPIServerToKubeletSignerCertKey) Generate added in v0.9.2 

func (c *KubeAPIServerToKubeletSignerCertKey) Generate(ctx context.Context, parents asset.Parents) error

Generate generates the root-ca key and cert pair.

func (*KubeAPIServerToKubeletSignerCertKey) Name added in v0.9.2 

func (c *KubeAPIServerToKubeletSignerCertKey) Name() string

Name returns the human-friendly name of the asset.

type KubeControlPlaneCABundle added in v0.9.2 

type KubeControlPlaneCABundle struct {
	CertBundle
}

KubeControlPlaneCABundle is the asset the generates the kube-control-plane-ca-bundle, which contains all the individual client CAs.

func (*KubeControlPlaneCABundle) Dependencies added in v0.9.2 

func (a *KubeControlPlaneCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*KubeControlPlaneCABundle) Generate added in v0.9.2 

func (a *KubeControlPlaneCABundle) Generate(ctx context.Context, deps asset.Parents) error

Generate generates the cert bundle based on its dependencies.

func (*KubeControlPlaneCABundle) Name added in v0.9.2 

func (a *KubeControlPlaneCABundle) Name() string

Name returns the human-friendly name of the asset.

type KubeControlPlaneKubeControllerManagerClientCertKey added in v0.9.2 

type KubeControlPlaneKubeControllerManagerClientCertKey struct {
	SignedCertKey
}

KubeControlPlaneKubeControllerManagerClientCertKey is the asset that generates the kube-controller-manger client key/cert pair.

func (*KubeControlPlaneKubeControllerManagerClientCertKey) Dependencies added in v0.9.2 

func (a *KubeControlPlaneKubeControllerManagerClientCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair

func (*KubeControlPlaneKubeControllerManagerClientCertKey) Generate added in v0.9.2 

func (a *KubeControlPlaneKubeControllerManagerClientCertKey) Generate(ctx context.Context, dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*KubeControlPlaneKubeControllerManagerClientCertKey) Name added in v0.9.2 

func (a *KubeControlPlaneKubeControllerManagerClientCertKey) Name() string

Name returns the human-friendly name of the asset.

type KubeControlPlaneKubeSchedulerClientCertKey added in v0.9.2 

type KubeControlPlaneKubeSchedulerClientCertKey struct {
	SignedCertKey
}

KubeControlPlaneKubeSchedulerClientCertKey is the asset that generates the kube-scheduler client key/cert pair.

func (*KubeControlPlaneKubeSchedulerClientCertKey) Dependencies added in v0.9.2 

func (a *KubeControlPlaneKubeSchedulerClientCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair

func (*KubeControlPlaneKubeSchedulerClientCertKey) Generate added in v0.9.2 

func (a *KubeControlPlaneKubeSchedulerClientCertKey) Generate(ctx context.Context, dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*KubeControlPlaneKubeSchedulerClientCertKey) Name added in v0.9.2 

func (a *KubeControlPlaneKubeSchedulerClientCertKey) Name() string

Name returns the human-friendly name of the asset.

type KubeControlPlaneSignerCertKey added in v0.9.2 

type KubeControlPlaneSignerCertKey struct {
	SelfSignedCertKey
}

KubeControlPlaneSignerCertKey is a key/cert pair that signs the kube control-plane client certs.

func (*KubeControlPlaneSignerCertKey) Dependencies added in v0.9.2 

func (c *KubeControlPlaneSignerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the root-ca, which is empty.

func (*KubeControlPlaneSignerCertKey) Generate added in v0.9.2 

func (c *KubeControlPlaneSignerCertKey) Generate(ctx context.Context, parents asset.Parents) error

Generate generates the root-ca key and cert pair.

func (*KubeControlPlaneSignerCertKey) Name added in v0.9.2 

func (c *KubeControlPlaneSignerCertKey) Name() string

Name returns the human-friendly name of the asset.

type KubeletBootstrapCABundle added in v0.9.2 

type KubeletBootstrapCABundle struct {
	CertBundle
}

KubeletBootstrapCABundle is the asset the generates the admin-kubeconfig-ca-bundle, which contains all the individual client CAs.

func (*KubeletBootstrapCABundle) Dependencies added in v0.9.2 

func (a *KubeletBootstrapCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*KubeletBootstrapCABundle) Generate added in v0.9.2 

func (a *KubeletBootstrapCABundle) Generate(ctx context.Context, deps asset.Parents) error

Generate generates the cert bundle based on its dependencies.

func (*KubeletBootstrapCABundle) Name added in v0.9.2 

func (a *KubeletBootstrapCABundle) Name() string

Name returns the human-friendly name of the asset.

type KubeletBootstrapCertSigner added in v0.9.2 

type KubeletBootstrapCertSigner struct {
	SelfSignedCertKey
}

KubeletBootstrapCertSigner is a key/cert pair that signs the kubelet bootstrap kubeconfig client certs that the kubelet uses to create CSRs for it's real certificates

func (*KubeletBootstrapCertSigner) Dependencies added in v0.9.2 

func (c *KubeletBootstrapCertSigner) Dependencies() []asset.Asset

Dependencies returns the dependency of the root-ca, which is empty.

func (*KubeletBootstrapCertSigner) Generate added in v0.9.2 

func (c *KubeletBootstrapCertSigner) Generate(ctx context.Context, parents asset.Parents) error

Generate generates the root-ca key and cert pair.

func (*KubeletBootstrapCertSigner) Name added in v0.9.2 

func (c *KubeletBootstrapCertSigner) Name() string

Name returns the human-friendly name of the asset.

type KubeletCSRSignerCertKey added in v0.9.2 

type KubeletCSRSignerCertKey struct {
	SelfSignedCertKey
}

KubeletCSRSignerCertKey is a key/cert pair that signs the kubelet client certs.

func (*KubeletCSRSignerCertKey) Dependencies added in v0.9.2 

func (c *KubeletCSRSignerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the root-ca, which is empty.

func (*KubeletCSRSignerCertKey) Generate added in v0.9.2 

func (c *KubeletCSRSignerCertKey) Generate(ctx context.Context, parents asset.Parents) error

Generate generates the root-ca key and cert pair.

func (*KubeletCSRSignerCertKey) Name added in v0.9.2 

func (c *KubeletCSRSignerCertKey) Name() string

Name returns the human-friendly name of the asset.

type KubeletClientCABundle added in v0.9.2 

type KubeletClientCABundle struct {
	CertBundle
}

KubeletClientCABundle is the asset the generates the kubelet-client-ca-bundle, which contains all the individual client CAs.

func (*KubeletClientCABundle) Dependencies added in v0.9.2 

func (a *KubeletClientCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*KubeletClientCABundle) Generate added in v0.9.2 

func (a *KubeletClientCABundle) Generate(ctx context.Context, deps asset.Parents) error

Generate generates the cert bundle based on its dependencies.

func (*KubeletClientCABundle) Name added in v0.9.2 

func (a *KubeletClientCABundle) Name() string

Name returns the human-friendly name of the asset.

type KubeletClientCertKey added in v0.9.2 

type KubeletClientCertKey struct {
	SignedCertKey
}

KubeletClientCertKey is the asset that generates the key/cert pair for kubelet client to apiserver. This credential can be revoked by deleting the configmap containing its signer.

func (*KubeletClientCertKey) Dependencies added in v0.9.2 

func (a *KubeletClientCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*KubeletClientCertKey) Generate added in v0.9.2 

func (a *KubeletClientCertKey) Generate(ctx context.Context, dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*KubeletClientCertKey) Name added in v0.9.2 

func (a *KubeletClientCertKey) Name() string

Name returns the human-friendly name of the asset.

type KubeletServingCABundle added in v0.9.2 

type KubeletServingCABundle struct {
	CertBundle
}

KubeletServingCABundle is the asset the generates the kubelet-serving-ca-bundle, which contains all the individual client CAs.

func (*KubeletServingCABundle) Dependencies added in v0.9.2 

func (a *KubeletServingCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*KubeletServingCABundle) Generate added in v0.9.2 

func (a *KubeletServingCABundle) Generate(ctx context.Context, deps asset.Parents) error

Generate generates the cert bundle based on its dependencies.

func (*KubeletServingCABundle) Name added in v0.9.2 

func (a *KubeletServingCABundle) Name() string

Name returns the human-friendly name of the asset.

type MCSCertKey added in v0.2.0 

type MCSCertKey struct {
	SignedCertKey
}

MCSCertKey is the asset that generates the MCS key/cert pair.

func (*MCSCertKey) Dependencies added in v0.2.0 

func (a *MCSCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*MCSCertKey) Generate added in v0.2.0 

func (a *MCSCertKey) Generate(ctx context.Context, dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*MCSCertKey) Name added in v0.2.0 

func (a *MCSCertKey) Name() string

Name returns the human-friendly name of the asset.

type RootCA 

type RootCA struct {
	SelfSignedCertKey
}

RootCA contains the private key and the cert that acts as a certificate authority, which is in turn really only used to generate a certificate for the Machine Config Server. More in https://docs.openshift.com/container-platform/4.13/security/certificate_types_descriptions/machine-config-operator-certificates.html and https://github.com/openshift/api/tree/master/tls/docs/MachineConfig%20Operator%20Certificates This logic dates back to the very creation of OpenShift 4 and the initial code for this project. The private key is (as best we know) completely discarded after an installation is complete.

func (*RootCA) Dependencies 

func (c *RootCA) Dependencies() []asset.Asset

Dependencies returns nothing.

func (*RootCA) Generate 

func (c *RootCA) Generate(ctx context.Context, parents asset.Parents) error

Generate generates the MCS/Ignition CA.

func (*RootCA) Name 

func (c *RootCA) Name() string

Name returns the human-friendly name of the asset.

type SelfSignedCertKey added in v0.9.2 

type SelfSignedCertKey struct {
	CertKey
}

SelfSignedCertKey contains the private key and the cert that's self-signed.

func (*SelfSignedCertKey) Generate added in v0.9.2 

func (c *SelfSignedCertKey) Generate(_ context.Context,
	cfg *CertCfg,
	filenameBase string,
) error

Generate generates a cert/key pair signed by the specified parent CA.

type ServiceAccountKeyPair added in v0.2.0 

type ServiceAccountKeyPair struct {
	KeyPair
}

ServiceAccountKeyPair is the asset that generates the service-account public/private key pair.

func (*ServiceAccountKeyPair) Dependencies added in v0.2.0 

func (a *ServiceAccountKeyPair) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*ServiceAccountKeyPair) Generate added in v0.2.0 

func (a *ServiceAccountKeyPair) Generate(ctx context.Context, dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*ServiceAccountKeyPair) Load added in v0.3.0 

func (a *ServiceAccountKeyPair) Load(asset.FileFetcher) (bool, error)

Load is a no-op because the service account keypair is not written to disk.

func (*ServiceAccountKeyPair) Name added in v0.2.0 

func (a *ServiceAccountKeyPair) Name() string

Name returns the human-friendly name of the asset.

type SignedCertKey added in v0.9.2 

type SignedCertKey struct {
	CertKey
}

SignedCertKey contains the private key and the cert that's signed by the parent CA.

func (*SignedCertKey) Generate added in v0.9.2 

func (c *SignedCertKey) Generate(_ context.Context,
	cfg *CertCfg,
	parentCA CertKeyInterface,
	filenameBase string,
	appendParent AppendParentChoice,
) error

Generate generates a cert/key pair signed by the specified parent CA.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.