Documentation
¶
Overview ¶
Package certgen contains the code that handles the `certgen` subcommand for the main `contour` binary.
Index ¶
- Constants
- func AsLegacySecrets(namespace string, certdata map[string][]byte) []*corev1.Secret
- func AsSecrets(namespace string, certdata map[string][]byte) []*corev1.Secret
- func NewCA(cn string, expiry time.Time) ([]byte, []byte, error)
- func NewCert(caCertPEM, caKeyPEM []byte, expiry time.Time, service, namespace string) ([]byte, []byte, error)
- func WriteCertsPEM(outputDir string, certdata map[string][]byte, force OverwritePolicy) error
- func WriteSecretsKube(client *kubernetes.Clientset, secrets []*corev1.Secret, force OverwritePolicy) error
- func WriteSecretsYAML(outputDir string, secrets []*corev1.Secret, force OverwritePolicy) error
- type OverwritePolicy
Constants ¶
const ( // CACertificateKey is the dictionary key for the CA certificate bundle. CACertificateKey = "cacert.pem" // ContourCertificateKey is the dictionary key for the Contour certificate. ContourCertificateKey = "contourcert.pem" // ContourPrivateKeyKey is the dictionary key for the Contour private key. ContourPrivateKeyKey = "contourkey.pem" // EnvoyCertificateKey is the dictionary key for the Envoy certificate. EnvoyCertificateKey = "envoycert.pem" // EnvoyPrivateKeyKey is the dictionary key for the Envoy private key. EnvoyPrivateKeyKey = "envoykey.pem" )
Variables ¶
This section is empty.
Functions ¶
func AsLegacySecrets ¶ added in v1.5.0
AsLegacySecrets transforms the given certdata into a slice of Secrets that is compatible with certgen from contour 1.4 and earlier. The difference is that the CA cert is in a separate secret, rather than duplicated inline in each TLS secrets.
func AsSecrets ¶ added in v1.5.0
AsSecrets transforms the given certdata map into a slice of Secrets in in compact Secret format, which is compatible with both cert-manager and Contour.
func NewCA ¶
NewCA generates a new CA, given the CA's CN and an expiry time. The return order is cacert, cakey, error.
func NewCert ¶
func NewCert(caCertPEM, caKeyPEM []byte, expiry time.Time, service, namespace string) ([]byte, []byte, error)
NewCert generates a new keypair given the CA keypair, the expiry time, the service name ("contour" or "envoy"), and the Kubernetes namespace the service will run in (because of the Kubernetes DNS schema.) The return values are cert, key, err.
func WriteCertsPEM ¶
func WriteCertsPEM(outputDir string, certdata map[string][]byte, force OverwritePolicy) error
WriteCertsPEM writes out all the certs in certdata to individual PEM files in outputDir
func WriteSecretsKube ¶
func WriteSecretsKube(client *kubernetes.Clientset, secrets []*corev1.Secret, force OverwritePolicy) error
WriteSecretsKube writes all the keypairs out to Kubernetes Secrets in the compact format which is compatible with Secrets generated by cert-manager.
func WriteSecretsYAML ¶
func WriteSecretsYAML(outputDir string, secrets []*corev1.Secret, force OverwritePolicy) error
WriteSecretsYAML writes all the keypairs out to Kubernetes Secrets in YAML form in outputDir.
Types ¶
type OverwritePolicy ¶ added in v1.5.0
type OverwritePolicy int
OverwritePolicy specifies whether an output should be overwritten.
const ( // NoOverwrite specifies outputs must not be overwritten. NoOverwrite OverwritePolicy = 0 // Overwrite specifies outputs may be overwritten. Overwrite OverwritePolicy = 1 )
Source Files