certificates

package

v2.19.0-alpha.10 Latest Latest Go to latest Published: Jan 19, 2022 License: Apache-2.0 Imports: 22 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kubermatic/kubermatic

Documentation ¶

Index ¶

Constants
func CABundleConfigMapCreator(name string, caBundle fmt.Stringer) reconciling.NamedConfigMapCreatorGetter
func FrontProxyCACreator() reconciling.NamedSecretCreatorGetter
func GetCACreator(commonName string) reconciling.SecretCreator
func GetClientCertificateCreator(name, commonName string, organizations []string, ...) reconciling.NamedSecretCreatorGetter
func GetECDSACACertAndKey() (cert []byte, key []byte, err error)
func GetECDSAClientCertificateCreator(name, commonName string, organizations []string, ...) reconciling.SecretCreator
func GetSignedECDSACertAndKey(notAfter time.Duration, cfg certutil.Config, caCert *x509.Certificate, ...) (cert []byte, key []byte, err error)
func GlobalCABundle(ctx context.Context, client ctrlruntimeclient.Client, ...) (*corev1.ConfigMap, error)
func RootCACreator(data caCreatorData) reconciling.NamedSecretCreatorGetter
func ValidateCABundle(bundle string) error
func ValidateCABundleConfigMap(cm *corev1.ConfigMap) error
type CABundle
- func (b *CABundle) CertPool() *x509.CertPool
- func (b *CABundle) String() string

Constants ¶

View Source

const Duration365d = time.Hour * 24 * 365

Duration365d is a time.Duration that represents a year

Variables ¶

This section is empty.

Functions ¶

func CABundleConfigMapCreator ¶ added in v2.17.0

func CABundleConfigMapCreator(name string, caBundle fmt.Stringer) reconciling.NamedConfigMapCreatorGetter

CABundleConfigMapCreator returns a ConfigMapCreatorGetter that creates a ca-bundle ConfigMap for use in seeds and userclusters.

TODO: Do not use fmt.Stringer, but a better type for the CA bundle

parameter. "*CABundle" is not viable because most of the codebase
deals with "resources.CABundle", which in turn exists to
prevent an import loop between this and the "resources" package.

func FrontProxyCACreator ¶

func FrontProxyCACreator() reconciling.NamedSecretCreatorGetter

FrontProxyCACreator returns a function to create a secret with front proxy ca

func GetCACreator ¶

func GetCACreator(commonName string) reconciling.SecretCreator

GetCACreator returns a function to create a secret containing a CA with the specified name

func GetClientCertificateCreator ¶

func GetClientCertificateCreator(name, commonName string, organizations []string, dataCertKey, dataKeyKey string, getCA caGetter) reconciling.NamedSecretCreatorGetter

GetClientCertificateCreator is a generic function to return a secret generator to create a client certificate signed by the cluster CA

func GetECDSACACertAndKey ¶

func GetECDSACACertAndKey() (cert []byte, key []byte, err error)

GetECDSACACertAndKey returns a pem-encoded ECDSA certificate and key

func GetECDSAClientCertificateCreator ¶

func GetECDSAClientCertificateCreator(name, commonName string, organizations []string, dataCertKey, dataKeyKey string, getCA ecdsaCAGetter) reconciling.SecretCreator

GetECDSAClientCertificateCreator is a generic function to return a secret generator to create a client certificate signed by the cert returned by the passed getCA func. The resulting secret has no ownerRef

func GetSignedECDSACertAndKey ¶

func GetSignedECDSACertAndKey(notAfter time.Duration, cfg certutil.Config, caCert *x509.Certificate, caKey *ecdsa.PrivateKey) (cert []byte, key []byte, err error)

GetSignedECDSACertAndKey creates and returns a signed ECDSA x509 certificate and key

func GlobalCABundle ¶ added in v2.17.0

func GlobalCABundle(ctx context.Context, client ctrlruntimeclient.Client, config *operatorv1alpha1.KubermaticConfiguration) (*corev1.ConfigMap, error)

func RootCACreator ¶

func RootCACreator(data caCreatorData) reconciling.NamedSecretCreatorGetter

RootCACreator returns a function to create a secret with the root ca

func ValidateCABundle ¶ added in v2.17.0

func ValidateCABundle(bundle string) error

func ValidateCABundleConfigMap ¶ added in v2.17.0

func ValidateCABundleConfigMap(cm *corev1.ConfigMap) error

Types ¶

type CABundle ¶ added in v2.17.0

type CABundle struct {
	// contains filtered or unexported fields
}

CABundle represents an x509.CertPool that was loaded from a file and which needs to be access both as a cert pool (i.e. parsed) _and_ as a file/PEM string.

func NewCABundleFromBytes ¶ added in v2.17.0

func NewCABundleFromBytes(bytes []byte) (*CABundle, error)

func NewCABundleFromFile ¶ added in v2.17.0

func NewCABundleFromFile(filename string) (*CABundle, error)

func NewFakeCABundle ¶ added in v2.17.0

func NewFakeCABundle() *CABundle

NewFakeCABundle returns a CA bundle that contains a single certificate that cannot validate anything.

func (*CABundle) CertPool ¶ added in v2.17.0

func (b *CABundle) CertPool() *x509.CertPool

func (*CABundle) String ¶ added in v2.17.0

func (b *CABundle) String() string

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
servingcerthelper
triple Package triple generates key-certificate pairs for the triple (CA, Server, Client).	Package triple generates key-certificate pairs for the triple (CA, Server, Client).

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL