Documentation ¶
Index ¶
- Constants
- func CABundleConfigMapReconciler(name string, caBundle fmt.Stringer) reconciling.NamedConfigMapReconcilerFactory
- func FrontProxyCAReconciler() reconciling.NamedSecretReconcilerFactory
- func GetCAReconciler(commonName string) reconciling.SecretReconciler
- func GetClientCertificateReconciler(name, commonName string, organizations []string, ...) reconciling.NamedSecretReconcilerFactory
- func GetECDSACACertAndKey() (cert []byte, key []byte, err error)
- func GetECDSAClientCertificateReconciler(name, commonName string, organizations []string, ...) reconciling.SecretReconciler
- func GetSignedECDSACertAndKey(notAfter time.Duration, cfg certutil.Config, caCert *x509.Certificate, ...) (cert []byte, key []byte, err error)
- func GlobalCABundle(ctx context.Context, client ctrlruntimeclient.Client, ...) (*corev1.ConfigMap, error)
- func RootCAReconciler(data caReconcilerData) reconciling.NamedSecretReconcilerFactory
- func ValidateCABundle(bundle string) error
- func ValidateCABundleConfigMap(cm *corev1.ConfigMap) error
- type CABundle
Constants ¶
const Duration365d = time.Hour * 24 * 365
Duration365d is a time.Duration that represents a year.
Variables ¶
This section is empty.
Functions ¶
func CABundleConfigMapReconciler ¶ added in v2.22.0
func CABundleConfigMapReconciler(name string, caBundle fmt.Stringer) reconciling.NamedConfigMapReconcilerFactory
CABundleConfigMapReconciler returns a ConfigMapReconcilerFactory that creates a ca-bundle ConfigMap for use in seeds and userclusters.
TODO: Do not use fmt.Stringer, but a better type for the CA bundle
parameter. "*CABundle" is not viable because most of the codebase deals with "resources.CABundle", which in turn exists to prevent an import loop between this and the "resources" package.
func FrontProxyCAReconciler ¶ added in v2.22.0
func FrontProxyCAReconciler() reconciling.NamedSecretReconcilerFactory
FrontProxyCAReconciler returns a function to create a secret with front proxy ca.
func GetCAReconciler ¶ added in v2.22.0
func GetCAReconciler(commonName string) reconciling.SecretReconciler
GetCAReconciler returns a function to create a secret containing a CA with the specified name.
func GetClientCertificateReconciler ¶ added in v2.22.0
func GetClientCertificateReconciler(name, commonName string, organizations []string, dataCertKey, dataKeyKey string, getCA caGetter) reconciling.NamedSecretReconcilerFactory
GetClientCertificateReconciler is a generic function to return a secret generator to create a client certificate signed by the cluster CA.
func GetECDSACACertAndKey ¶
GetECDSACACertAndKey returns a pem-encoded ECDSA certificate and key.
func GetECDSAClientCertificateReconciler ¶ added in v2.22.0
func GetECDSAClientCertificateReconciler(name, commonName string, organizations []string, dataCertKey, dataKeyKey string, getCA ecdsaCAGetter) reconciling.SecretReconciler
GetECDSAClientCertificateReconciler is a generic function to return a secret generator to create a client certificate signed by the cert returned by the passed getCA func. The resulting secret has no ownerRef.
func GetSignedECDSACertAndKey ¶
func GetSignedECDSACertAndKey(notAfter time.Duration, cfg certutil.Config, caCert *x509.Certificate, caKey *ecdsa.PrivateKey) (cert []byte, key []byte, err error)
GetSignedECDSACertAndKey creates and returns a signed ECDSA x509 certificate and key.
func GlobalCABundle ¶ added in v2.17.0
func GlobalCABundle(ctx context.Context, client ctrlruntimeclient.Client, config *kubermaticv1.KubermaticConfiguration) (*corev1.ConfigMap, error)
func RootCAReconciler ¶ added in v2.22.0
func RootCAReconciler(data caReconcilerData) reconciling.NamedSecretReconcilerFactory
RootCAReconciler returns a function to create a secret with the root ca.
func ValidateCABundle ¶ added in v2.17.0
func ValidateCABundleConfigMap ¶ added in v2.17.0
Types ¶
type CABundle ¶ added in v2.17.0
type CABundle struct {
// contains filtered or unexported fields
}
CABundle represents an x509.CertPool that was loaded from a file and which needs to be access both as a cert pool (i.e. parsed) _and_ as a file/PEM string.
func NewCABundleFromBytes ¶ added in v2.17.0
func NewCABundleFromFile ¶ added in v2.17.0
func NewFakeCABundle ¶ added in v2.17.0
func NewFakeCABundle() *CABundle
NewFakeCABundle returns a CA bundle that contains a single certificate that cannot validate anything.
Directories ¶
Path | Synopsis |
---|---|
Package triple generates key-certificate pairs for the triple (CA, Server, Client).
|
Package triple generates key-certificate pairs for the triple (CA, Server, Client). |