Documentation
¶
Index ¶
Constants ¶
const ( // the Services annotation ServicesKey = annotation_prefix + "services" NamespaceKey = annotation_prefix + "namespace" )
const ( CSRPemType = "CERTIFICATE REQUEST" RSAPemType = "RSA PRIVATE KEY" DefaultKeyLength = 2048 )
const KeyLength = 2048
Variables ¶
This section is empty.
Functions ¶
func GenerateName ¶
Types ¶
type MockTlsService ¶
type MockTlsService struct {
}
func (MockTlsService) CreateSecretForServices ¶
func (m MockTlsService) CreateSecretForServices(pod corev1.Pod) []corev1.Secret
type PodTLSKey ¶
type PodTLSKey struct {
// contains filtered or unexported fields
}
func (PodTLSKey) Annotations ¶
func (PodTLSKey) GenerateName ¶
func (PodTLSKey) Name ¶
Name returns a name that will be used for both the CSR and secret For per-pod keys, this is simply the name of the pod
func (PodTLSKey) ServiceAccount ¶
ServiceAccountName associated with the pod. This is used in the ASN1 CN attribute
type RealTlsService ¶
type RealTlsService struct {
// KeyLength sets the generated key siza
KeyLength int
// contains filtered or unexported fields
}
func (RealTlsService) CreateSecretForServices ¶
func (t RealTlsService) CreateSecretForServices(ctx context.Context, info TLSKeyInfo) (*corev1.Secret, error)
func (RealTlsService) SecretForKeyInfo ¶
func (t RealTlsService) SecretForKeyInfo(ctx context.Context, info TLSKeyInfo) (*corev1.Secret, error)
type ServicesTLSKey ¶
type ServicesTLSKey struct {
// contains filtered or unexported fields
}
ServicesTLSKey is a structure that holds all of the metadata about a TLS key we are about to create It implements the business-logic around translating a service list into that metadata
func NewKubeTLSKeyInfo ¶
func NewKubeTLSKeyInfo(pod corev1.Pod, services []corev1.Service) (keyinfo ServicesTLSKey)
NewKubeTLSKeyInfo does not check that the services are from the same namespace as the pod.
func (ServicesTLSKey) Annotations ¶
func (k ServicesTLSKey) Annotations() map[string]string
func (ServicesTLSKey) DNSNames ¶
func (k ServicesTLSKey) DNSNames() []string
Returns the list of DNS names associated with this key.
func (ServicesTLSKey) GenerateName ¶
func (k ServicesTLSKey) GenerateName() bool
func (ServicesTLSKey) Name ¶
func (k ServicesTLSKey) Name() string
Name returns a hashed name that will be used for both the CSR and secret Takes the sorted list of services, and returns a consistent hash for that list.
func (ServicesTLSKey) Namespace ¶
func (k ServicesTLSKey) Namespace() string
func (ServicesTLSKey) ServiceAccount ¶
func (k ServicesTLSKey) ServiceAccount() string
ServiceAccountName associated with the pod. This is used in the ASN1 CN attribute
type TLSKeyInfo ¶
type TLSKeyInfo interface {
// Name returns a name that will be used for both the CSR and secret
Name() string
// Annotations returns a map of annotations to be applied to the CSR and secret
Annotations() map[string]string
// ServiceAccountName associated with the this key. This is used in the ASN1 CN attribute
ServiceAccount() string
// DNSNames associated with this key
DNSNames() []string
// Namespace that this key is created in
Namespace() string
// GenerateName is true if we intend to override the pod's name.
GenerateName() bool
}
TLSKeyInfo represents one TLS Keypair's information.
func NewPodTLSKeyInfo ¶
func NewPodTLSKeyInfo(pod *corev1.Pod, services []corev1.Service) (keyinfo TLSKeyInfo)
NewKubeTLSKeyInfo does not check that the services are from the same namespace as the pod.
type TlsService ¶
type TlsService interface {
SecretForKeyInfo(ctx context.Context, info TLSKeyInfo) (*corev1.Secret, error)
}
Service that creates a TLS cert and kicks it back to the pod for mounting
func NewRealTlsService ¶
func NewRealTlsService(cs kubernetes.Interface, KeyLength int) TlsService
Source Files