kubecrypto

package
v1.11.0-rc.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 19, 2023 License: Apache-2.0 Imports: 22 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	CABundleKey = "ca-bundle.crt"
)

Variables

View Source 
var (
	CertProjectedAnnotations = map[string]func([]*x509.Certificate) (string, error){
								// contains filtered or unexported fields
	}
	CertKeyProjectedAnnotations = helpers.MergeMaps(
		wrapCertProjectionsForCertKey(CertProjectedAnnotations),
		map[string]func([]*x509.Certificate, *rsa.PrivateKey) (string, error){
			certsKeySizeBitsKey: func(certs []*x509.Certificate, key *rsa.PrivateKey) (string, error) {
				return strconv.Itoa(key.Size() * 8), nil
			},
		},
	)
)

Functions

func GetCABundleDataFromConfigMap 

func GetCABundleDataFromConfigMap(cm *corev1.ConfigMap) ([]byte, error)

func GetCABundleFromConfigMap 

func GetCABundleFromConfigMap(cm *corev1.ConfigMap) ([]*x509.Certificate, error)

func GetCertDataFromSecret 

func GetCertDataFromSecret(secret *corev1.Secret) ([]byte, error)

func GetCertFromSecret 

func GetCertFromSecret(secret *corev1.Secret) (*x509.Certificate, error)

func GetCertKeyDataFromSecret 

func GetCertKeyDataFromSecret(secret *corev1.Secret) ([]byte, []byte, error)

func GetCertKeyFromSecret 

func GetCertKeyFromSecret(secret *corev1.Secret) (*x509.Certificate, *rsa.PrivateKey, error)

func GetCertsFromSecret 

func GetCertsFromSecret(secret *corev1.Secret) ([]*x509.Certificate, error)

func GetCertsKeyFromSecret 

func GetCertsKeyFromSecret(secret *corev1.Secret) ([]*x509.Certificate, *rsa.PrivateKey, error)

func GetKeyDataFromSecret 

func GetKeyDataFromSecret(secret *corev1.Secret) ([]byte, error)

func GetKeyFromSecret 

func GetKeyFromSecret(secret *corev1.Secret) (*rsa.PrivateKey, error)

Types

type CABundleConfig 

type CABundleConfig struct {
	MetaConfig
}

func (*CABundleConfig) GetMetaConfigMap added in v1.9.0 

func (c *CABundleConfig) GetMetaConfigMap() *corev1.ConfigMap

type CAConfig 

type CAConfig struct {
	MetaConfig
	Validity time.Duration
	Refresh  time.Duration
}

func (*CAConfig) GetMetaSecret added in v1.9.0 

func (c *CAConfig) GetMetaSecret() *corev1.Secret

type CertChainConfig added in v1.9.0 

type CertChainConfig struct {
	CAConfig       *CAConfig
	CABundleConfig *CABundleConfig
	CertConfigs    []*CertificateConfig
}

func (*CertChainConfig) GetMetaConfigMaps added in v1.9.0 

func (c *CertChainConfig) GetMetaConfigMaps() []*corev1.ConfigMap

func (*CertChainConfig) GetMetaSecrets added in v1.9.0 

func (c *CertChainConfig) GetMetaSecrets() []*corev1.Secret

type CertChainConfigs added in v1.9.0 

type CertChainConfigs []*CertChainConfig

func (CertChainConfigs) GetMetaConfigMaps added in v1.9.0 

func (configs CertChainConfigs) GetMetaConfigMaps() []*corev1.ConfigMap

func (CertChainConfigs) GetMetaSecrets added in v1.9.0 

func (configs CertChainConfigs) GetMetaSecrets() []*corev1.Secret

type CertificateConfig 

type CertificateConfig struct {
	MetaConfig
	Validity    time.Duration
	Refresh     time.Duration
	CertCreator ocrypto.CertCreator
}

func (*CertificateConfig) GetMetaSecret added in v1.9.0 

func (c *CertificateConfig) GetMetaSecret() *corev1.Secret

type CertificateManager 

type CertificateManager struct {
	// contains filtered or unexported fields
}

func NewCertificateManager 

func NewCertificateManager(
	keyGetter ocrypto.RSAKeyGetter,
	secretsClient corev1client.SecretsGetter,
	secretLister corev1listers.SecretLister,
	configMapClient corev1client.ConfigMapsGetter,
	configMapLister corev1listers.ConfigMapLister,
	eventRecorder record.EventRecorder,
) *CertificateManager

func (*CertificateManager) ManageCertificateChain added in v1.9.0 

func (cm *CertificateManager) ManageCertificateChain(ctx context.Context, nowFunc func() time.Time, controller *metav1.ObjectMeta, controllerGVK schema.GroupVersionKind, certChainConfig *CertChainConfig, existingSecrets map[string]*corev1.Secret, existingConfigMaps map[string]*corev1.ConfigMap) error

func (*CertificateManager) ManageCertificates 

func (cm *CertificateManager) ManageCertificates(ctx context.Context, nowFunc func() time.Time, controller *metav1.ObjectMeta, controllerGVK schema.GroupVersionKind, caConfig *CAConfig, caBundleConfig *CABundleConfig, certConfigs []*CertificateConfig, existingSecrets map[string]*corev1.Secret, existingConfigMaps map[string]*corev1.ConfigMap) error

ManageCertificates creates and manages the lifetime of a certificate chain. All certificates are automatically recreated when their desired config changes. Certificates are automatically refreshed when they reach their refresh interval, or 80% of their lifetime, whichever comes sooner.

type MetaConfig 

type MetaConfig struct {
	Name        string
	Labels      map[string]string
	Annotations map[string]string
}

func (*MetaConfig) GetObjectMeta added in v1.9.0 

func (c *MetaConfig) GetObjectMeta() *metav1.ObjectMeta

type SigningTLSSecret 

type SigningTLSSecret struct {
	TLSSecret
	// contains filtered or unexported fields
}

func MakeSelfSignedCA 

func MakeSelfSignedCA(ctx context.Context, name string, certCreator ocrypto.CertCreator, keyGetter ocrypto.RSAKeyGetter, nowFunc func() time.Time, validity, refresh time.Duration, controller metav1.Object, controllerGVK schema.GroupVersionKind, existingSecret *corev1.Secret) (*SigningTLSSecret, error)

func NewSigningTLSSecret 

func NewSigningTLSSecret(tlsSecret *TLSSecret, nowFunc func() time.Time) *SigningTLSSecret

func (*SigningTLSSecret) AsCertificateAuthority 

func (s *SigningTLSSecret) AsCertificateAuthority() (*ocrypto.CertificateAuthority, error)

func (*SigningTLSSecret) MakeCertificate 

func (s *SigningTLSSecret) MakeCertificate(ctx context.Context, name string, certCreator ocrypto.CertCreator, keyGetter ocrypto.RSAKeyGetter, controller *metav1.ObjectMeta, controllerGVK schema.GroupVersionKind, existingSecret *corev1.Secret, validity, refresh time.Duration) (*TLSSecret, error)

type TLSSecret 

type TLSSecret struct {
	// contains filtered or unexported fields
}

func NewTLSSecret 

func NewTLSSecret(secret *corev1.Secret) *TLSSecret

func (*TLSSecret) GetCert 

func (s *TLSSecret) GetCert() (*x509.Certificate, error)

func (*TLSSecret) GetCertKey 

func (s *TLSSecret) GetCertKey() (*x509.Certificate, *rsa.PrivateKey, error)

func (*TLSSecret) GetCerts 

func (s *TLSSecret) GetCerts() ([]*x509.Certificate, error)

func (*TLSSecret) GetCertsKey 

func (s *TLSSecret) GetCertsKey() ([]*x509.Certificate, *rsa.PrivateKey, error)

func (*TLSSecret) GetKey 

func (s *TLSSecret) GetKey() (*rsa.PrivateKey, error)

func (*TLSSecret) GetSecret 

func (s *TLSSecret) GetSecret() *corev1.Secret

func (*TLSSecret) MakeCABundle 

func (s *TLSSecret) MakeCABundle(name string, controller metav1.Object, controllerGVK schema.GroupVersionKind, existingCM *corev1.ConfigMap, now time.Time) (*corev1.ConfigMap, error)

func (*TLSSecret) Refresh 

func (s *TLSSecret) Refresh(updated *corev1.Secret)

func (*TLSSecret) SetCache 

func (s *TLSSecret) SetCache(certs []*x509.Certificate, key *rsa.PrivateKey)

func (*TLSSecret) SetCertsCache 

func (s *TLSSecret) SetCertsCache(certs []*x509.Certificate)

func (*TLSSecret) SetKeyCache 

func (s *TLSSecret) SetKeyCache(key *rsa.PrivateKey)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.