The highest tagged major version is v2.

certificates

package

v3.0.0-...-d6c4d9c Latest Latest Go to latest Published: Apr 14, 2023 License: Apache-2.0 Imports: 21 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kubermatic/kubermatic

Documentation ¶

Index ¶

Constants
func CABundleConfigMapReconciler(name string, caBundle fmt.Stringer) reconciling.NamedConfigMapReconcilerFactory
func FrontProxyCAReconciler() reconciling.NamedSecretReconcilerFactory
func GetCAReconciler(commonName string) reconciling.SecretReconciler
func GetClientCertificateReconciler(name, commonName string, organizations []string, ...) reconciling.NamedSecretReconcilerFactory
func GetECDSACACertAndKey() (cert []byte, key []byte, err error)
func GetECDSAClientCertificateReconciler(name, commonName string, organizations []string, ...) reconciling.SecretReconciler
func GetSignedECDSACertAndKey(notAfter time.Duration, cfg certutil.Config, caCert *x509.Certificate, ...) (cert []byte, key []byte, err error)
func GlobalCABundle(ctx context.Context, client ctrlruntimeclient.Client, ...) (*corev1.ConfigMap, error)
func RootCAReconciler(data caReconcilerData) reconciling.NamedSecretReconcilerFactory
func ValidateCABundle(bundle string) error
func ValidateCABundleConfigMap(cm *corev1.ConfigMap) error
type CABundle
- func (b *CABundle) CertPool() *x509.CertPool
- func (b *CABundle) String() string

Constants ¶

View Source

const Duration365d = time.Hour * 24 * 365

Duration365d is a time.Duration that represents a year.

Variables ¶

This section is empty.

Functions ¶

func CABundleConfigMapReconciler ¶

func CABundleConfigMapReconciler(name string, caBundle fmt.Stringer) reconciling.NamedConfigMapReconcilerFactory

CABundleConfigMapReconciler returns a ConfigMapReconcilerFactory that creates a ca-bundle ConfigMap for use in seeds and userclusters.

TODO: Do not use fmt.Stringer, but a better type for the CA bundle

parameter. "*CABundle" is not viable because most of the codebase
deals with "resources.CABundle", which in turn exists to
prevent an import loop between this and the "resources" package.

func FrontProxyCAReconciler ¶

func FrontProxyCAReconciler() reconciling.NamedSecretReconcilerFactory

FrontProxyCAReconciler returns a function to create a secret with front proxy ca.

func GetCAReconciler ¶

func GetCAReconciler(commonName string) reconciling.SecretReconciler

GetCAReconciler returns a function to create a secret containing a CA with the specified name.

func GetClientCertificateReconciler ¶

func GetClientCertificateReconciler(name, commonName string, organizations []string, dataCertKey, dataKeyKey string, getCA caGetter) reconciling.NamedSecretReconcilerFactory

GetClientCertificateReconciler is a generic function to return a secret generator to create a client certificate signed by the cluster CA.

func GetECDSACACertAndKey ¶

func GetECDSACACertAndKey() (cert []byte, key []byte, err error)

GetECDSACACertAndKey returns a pem-encoded ECDSA certificate and key.

func GetECDSAClientCertificateReconciler ¶

func GetECDSAClientCertificateReconciler(name, commonName string, organizations []string, dataCertKey, dataKeyKey string, getCA ecdsaCAGetter) reconciling.SecretReconciler

GetECDSAClientCertificateReconciler is a generic function to return a secret generator to create a client certificate signed by the cert returned by the passed getCA func. The resulting secret has no ownerRef.

func GetSignedECDSACertAndKey ¶

func GetSignedECDSACertAndKey(notAfter time.Duration, cfg certutil.Config, caCert *x509.Certificate, caKey *ecdsa.PrivateKey) (cert []byte, key []byte, err error)

GetSignedECDSACertAndKey creates and returns a signed ECDSA x509 certificate and key.

func GlobalCABundle ¶

func GlobalCABundle(ctx context.Context, client ctrlruntimeclient.Client, config *kubermaticv1.KubermaticConfiguration) (*corev1.ConfigMap, error)

func RootCAReconciler ¶

func RootCAReconciler(data caReconcilerData) reconciling.NamedSecretReconcilerFactory

RootCAReconciler returns a function to create a secret with the root ca.

func ValidateCABundle ¶

func ValidateCABundle(bundle string) error

func ValidateCABundleConfigMap ¶

func ValidateCABundleConfigMap(cm *corev1.ConfigMap) error

Types ¶

type CABundle ¶

type CABundle struct {
	// contains filtered or unexported fields
}

CABundle represents an x509.CertPool that was loaded from a file and which needs to be access both as a cert pool (i.e. parsed) _and_ as a file/PEM string.

func NewCABundleFromBytes ¶

func NewCABundleFromBytes(bytes []byte) (*CABundle, error)

func NewCABundleFromFile ¶

func NewCABundleFromFile(filename string) (*CABundle, error)

func NewFakeCABundle ¶

func NewFakeCABundle() *CABundle

NewFakeCABundle returns a CA bundle that contains a single certificate that cannot validate anything.

func (*CABundle) CertPool ¶

func (b *CABundle) CertPool() *x509.CertPool

func (*CABundle) String ¶

func (b *CABundle) String() string

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
servingcerthelper
triple Package triple generates key-certificate pairs for the triple (CA, Server, Client).	Package triple generates key-certificate pairs for the triple (CA, Server, Client).

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL