cert

package

v1.2.1 Latest Latest Go to latest Published: Feb 17, 2023 License: Apache-2.0 Imports: 37 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/openyurtio/openyurt

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func EncodeCertPEM(c *x509.Certificate) ([]byte, error)
func EncodePublicKeyPEM(key crypto.PublicKey) ([]byte, error)
func GetCertAndKeyFromCertMgr(certManager certificate.Manager, stopCh <-chan struct{}) (key []byte, cert []byte, err error)
func GetCertFromTLSCert(cert *tls.Certificate) (certPEM []byte, err error)
func GetPrivateKeyFromTLSCert(cert *tls.Certificate) (keyPEM []byte, err error)
func GetURLFromSVC(svc *corev1.Service) (string, error)
func IsCertFromCA(cert *x509.Certificate, caCert *x509.Certificate) bool
func NewPrivateKey() (*rsa.PrivateKey, error)
func NewSelfSignedCA() (*x509.Certificate, crypto.Signer, error)
func NewSignedCert(client client.Interface, cfg *CertConfig, key crypto.Signer, ...) (cert *x509.Certificate, err error)
func WriteCertAndKeyIntoSecret(clientSet client.Interface, certName, secretName string, ...) error
func WriteCertIntoSecret(clientSet client.Interface, certName, secretName string, ...) error
func WriteKeyPairIntoSecret(clientSet client.Interface, secretName, keyName string, key crypto.Signer) error
func WriteKubeConfigIntoSecret(clientSet client.Interface, secretName, kubeConfigName string, ...) error
type CertConfig
type PoolCoordinatorCertManager
- func NewPoolCoordinatorCertManager(kc client.Interface, podInformer coreinformers.PodInformer) *PoolCoordinatorCertManager
- func (c *PoolCoordinatorCertManager) Run(threadiness int, stopCh <-chan struct{})
type SecretClient
- func NewSecretClient(clientSet client.Interface, ns, name string) (*SecretClient, error)
- func (c *SecretClient) AddData(key string, val []byte) error
- func (c *SecretClient) GetData(key string) ([]byte, error)

Constants ¶

View Source

const (
	ComponentName               = "yurt-controller-manager_poolcoordinator"
	PoolcoordinatorNS           = "kube-system"
	PoolcoordinatorAPIServerSVC = "pool-coordinator-apiserver"
	PoolcoordinatorETCDSVC      = "pool-coordinator-etcd"

	// CA certs contains the pool-coordinator CA certs
	PoolCoordinatorCASecretName = "pool-coordinator-ca-certs"
	// Static certs is shared among all pool-coordinator system, which contains:
	// - ca.crt
	// - apiserver-etcd-client.crt
	// - apiserver-etcd-client.key
	// - sa.pub
	// - sa.key
	// - apiserver-kubelet-client.crt  (not self signed)
	// - apiserver-kubelet-client.key （not self signed)
	// - admin.conf (kube-config)
	PoolcoordinatorStaticSecertName = "pool-coordinator-static-certs"
	// Dynamic certs will not be shared among clients or servers, contains:
	// - apiserver.crt
	// - apiserver.key
	// - etcd-server.crt
	// - etcd-server.key
	// todo: currently we only create one copy, this will be refined in the future to assign customized certs for differnet nodepools
	PoolcoordinatorDynamicSecertName = "pool-coordinator-dynamic-certs"
	// Yurthub certs shared by all yurthub, contains:
	// - ca.crt
	// - pool-coordinator-yurthub-client.crt
	// - pool-coordinator-yurthub-client.key
	PoolcoordinatorYurthubClientSecertName = "pool-coordinator-yurthub-certs"
	// Monitoring kubeconfig contains: monitoring kubeconfig for poolcoordinator
	// - kubeconfig
	PoolcoordinatorMonitoringKubeconfigSecertName = "pool-coordinator-monitoring-kubeconfig"

	PoolcoordinatorOrg      = "openyurt:pool-coordinator"
	PoolcoordinatorAdminOrg = "system:masters"

	PoolcoordinatorAPIServerCN            = "openyurt:pool-coordinator:apiserver"
	PoolcoordinatorNodeLeaseProxyClientCN = "openyurt:pool-coordinator:node-lease-proxy-client"
	PoolcoordinatorETCDCN                 = "openyurt:pool-coordinator:etcd"
	PoolcoordinatorYurthubClientCN        = "openyurt:pool-coordinator:yurthub"
	KubeConfigMonitoringClientCN          = "openyurt:pool-coordinator:monitoring"
	KubeConfigAdminClientCN               = "cluster-admin"
)

Variables ¶

This section is empty.

Functions ¶

func EncodeCertPEM ¶

func EncodeCertPEM(c *x509.Certificate) ([]byte, error)

EncodeCertPEM returns PEM-endcoded certificate data

func EncodePublicKeyPEM ¶

func EncodePublicKeyPEM(key crypto.PublicKey) ([]byte, error)

EncodePublicKeyPEM returns PEM-encoded public data

func GetCertAndKeyFromCertMgr ¶

func GetCertAndKeyFromCertMgr(certManager certificate.Manager, stopCh <-chan struct{}) (key []byte, cert []byte, err error)

get certificate & private key (in PEM format) from certmanager

func GetCertFromTLSCert ¶

func GetCertFromTLSCert(cert *tls.Certificate) (certPEM []byte, err error)

func GetPrivateKeyFromTLSCert ¶

func GetPrivateKeyFromTLSCert(cert *tls.Certificate) (keyPEM []byte, err error)

func GetURLFromSVC ¶

func GetURLFromSVC(svc *corev1.Service) (string, error)

func IsCertFromCA ¶

func IsCertFromCA(cert *x509.Certificate, caCert *x509.Certificate) bool

func NewPrivateKey ¶

func NewPrivateKey() (*rsa.PrivateKey, error)

NewPrivateKey creates an RSA private key

func NewSelfSignedCA ¶

func NewSelfSignedCA() (*x509.Certificate, crypto.Signer, error)

func NewSignedCert ¶

func NewSignedCert(client client.Interface, cfg *CertConfig, key crypto.Signer, caCert *x509.Certificate, caKey crypto.Signer, stopCh <-chan struct{}) (cert *x509.Certificate, err error)

NewSignedCert creates a signed certificate using the given CA certificate and key

func WriteCertAndKeyIntoSecret ¶

func WriteCertAndKeyIntoSecret(clientSet client.Interface, certName, secretName string, cert *x509.Certificate, key crypto.Signer) error

write cert&key into secret Notice: if cert OR key is nil, it will be ignored

func WriteCertIntoSecret ¶

func WriteCertIntoSecret(clientSet client.Interface, certName, secretName string, certManager certificate.Manager, stopCh <-chan struct{}) error

write cert&key pair generated from certManager into a secret

func WriteKeyPairIntoSecret ¶

func WriteKeyPairIntoSecret(clientSet client.Interface, secretName, keyName string, key crypto.Signer) error

func WriteKubeConfigIntoSecret ¶

func WriteKubeConfigIntoSecret(clientSet client.Interface, secretName, kubeConfigName string, kubeConfigByte []byte) error

Types ¶

type CertConfig ¶

type CertConfig struct {
	// certName should be unique,  will be used as output name ${certName}.crt
	CertName string
	// secretName is where the certs should be stored
	SecretName string
	// used as kubeconfig
	IsKubeConfig bool

	ExtKeyUsage  []x509.ExtKeyUsage
	CommonName   string
	Organization []string
	DNSNames     []string
	IPs          []net.IP
	// contains filtered or unexported fields
}

type PoolCoordinatorCertManager ¶

type PoolCoordinatorCertManager struct {
	// contains filtered or unexported fields
}

PoolCoordinatorCertManager manages certificates releted with poolcoordinator pod

func NewPoolCoordinatorCertManager ¶

func NewPoolCoordinatorCertManager(kc client.Interface, podInformer coreinformers.PodInformer) *PoolCoordinatorCertManager

func (*PoolCoordinatorCertManager) Run ¶

func (c *PoolCoordinatorCertManager) Run(threadiness int, stopCh <-chan struct{})

type SecretClient ¶

type SecretClient struct {
	Name      string
	Namespace string
	// contains filtered or unexported fields
}

a simple client to handle secret operations

func NewSecretClient ¶

func NewSecretClient(clientSet client.Interface, ns, name string) (*SecretClient, error)

func (*SecretClient) AddData ¶

func (c *SecretClient) AddData(key string, val []byte) error

func (*SecretClient) GetData ¶

func (c *SecretClient) GetData(key string) ([]byte, error)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL