Documentation
¶
Overview ¶
Package certgen contains the code that handles the `certgen` subcommand for the main `sesame` binary.
Index ¶
- Constants
- func AsLegacySecrets(namespace string, certdata *certs.Certificates) []*corev1.Secret
- func AsSecrets(namespace string, certdata *certs.Certificates) []*corev1.Secret
- func WriteCertsPEM(outputDir string, certdata *certs.Certificates, force OverwritePolicy) error
- func WriteSecretsKube(client *kubernetes.Clientset, secrets []*corev1.Secret, force OverwritePolicy) error
- func WriteSecretsYAML(outputDir string, secrets []*corev1.Secret, force OverwritePolicy) error
- type OverwritePolicy
Constants ¶
const ( // CACertificateKey is the dictionary key for the CA certificate bundle. CACertificateKey = "cacert.pem" // SesameCertificateKey is the dictionary key for the Sesame certificate. SesameCertificateKey = "sesamecert.pem" // SesamePrivateKeyKey is the dictionary key for the Sesame private key. SesamePrivateKeyKey = "sesamekey.pem" // EnvoyCertificateKey is the dictionary key for the Envoy certificate. EnvoyCertificateKey = "envoycert.pem" // EnvoyPrivateKeyKey is the dictionary key for the Envoy private key. EnvoyPrivateKeyKey = "envoykey.pem" )
Variables ¶
This section is empty.
Functions ¶
func AsLegacySecrets ¶
func AsLegacySecrets(namespace string, certdata *certs.Certificates) []*corev1.Secret
AsLegacySecrets transforms the given Certificates struct into a slice of Secrets that is compatible with certgen from sesame 1.4 and earlier. The difference is that the CA cert is in a separate secret, rather than duplicated inline in each TLS secrets.
func AsSecrets ¶
func AsSecrets(namespace string, certdata *certs.Certificates) []*corev1.Secret
AsSecrets transforms the given Certificates struct into a slice of Secrets in in compact Secret format, which is compatible with both cert-manager and Sesame.
func WriteCertsPEM ¶
func WriteCertsPEM(outputDir string, certdata *certs.Certificates, force OverwritePolicy) error
WriteCertsPEM writes out all the certs in certdata to individual PEM files in outputDir
func WriteSecretsKube ¶
func WriteSecretsKube(client *kubernetes.Clientset, secrets []*corev1.Secret, force OverwritePolicy) error
WriteSecretsKube writes all the keypairs out to Kubernetes Secrets in the compact format which is compatible with Secrets generated by cert-manager.
func WriteSecretsYAML ¶
func WriteSecretsYAML(outputDir string, secrets []*corev1.Secret, force OverwritePolicy) error
WriteSecretsYAML writes all the keypairs out to Kubernetes Secrets in YAML form in outputDir.
Types ¶
type OverwritePolicy ¶
type OverwritePolicy int
OverwritePolicy specifies whether an output should be overwritten.
const ( // NoOverwrite specifies outputs must not be overwritten. NoOverwrite OverwritePolicy = 0 // Overwrite specifies outputs may be overwritten. Overwrite OverwritePolicy = 1 )
Source Files