Documentation ¶
Index ¶
- Constants
- func CABundleConfigMapReconciler(name string, caBundle fmt.Stringer) reconciling.NamedConfigMapReconcilerFactory
- func FrontProxyCAReconciler() reconciling.NamedSecretReconcilerFactory
- func GetCAReconciler(commonName string) reconciling.SecretReconciler
- func GetClientCertificateReconciler(name, commonName string, organizations []string, ...) reconciling.NamedSecretReconcilerFactory
- func GetECDSACACertAndKey() (cert []byte, key []byte, err error)
- func GetECDSAClientCertificateReconciler(name, commonName string, organizations []string, ...) reconciling.SecretReconciler
- func GetSignedECDSACertAndKey(notAfter time.Duration, cfg certutil.Config, caCert *x509.Certificate, ...) (cert []byte, key []byte, err error)
- func GlobalCABundle(ctx context.Context, client ctrlruntimeclient.Client, ...) (*corev1.ConfigMap, error)
- func RootCAReconciler(data caReconcilerData) reconciling.NamedSecretReconcilerFactory
- func ValidateCABundle(bundle string) error
- func ValidateCABundleConfigMap(cm *corev1.ConfigMap) error
- type CABundle
Constants ¶
const Duration365d = time.Hour * 24 * 365
Duration365d is a time.Duration that represents a year.
Variables ¶
This section is empty.
Functions ¶
func CABundleConfigMapReconciler ¶
func CABundleConfigMapReconciler(name string, caBundle fmt.Stringer) reconciling.NamedConfigMapReconcilerFactory
CABundleConfigMapReconciler returns a ConfigMapReconcilerFactory that creates a ca-bundle ConfigMap for use in seeds and userclusters.
TODO: Do not use fmt.Stringer, but a better type for the CA bundle
parameter. "*CABundle" is not viable because most of the codebase deals with "resources.CABundle", which in turn exists to prevent an import loop between this and the "resources" package.
func FrontProxyCAReconciler ¶
func FrontProxyCAReconciler() reconciling.NamedSecretReconcilerFactory
FrontProxyCAReconciler returns a function to create a secret with front proxy ca.
func GetCAReconciler ¶
func GetCAReconciler(commonName string) reconciling.SecretReconciler
GetCAReconciler returns a function to create a secret containing a CA with the specified name.
func GetClientCertificateReconciler ¶
func GetClientCertificateReconciler(name, commonName string, organizations []string, dataCertKey, dataKeyKey string, getCA caGetter) reconciling.NamedSecretReconcilerFactory
GetClientCertificateReconciler is a generic function to return a secret generator to create a client certificate signed by the cluster CA.
func GetECDSACACertAndKey ¶
GetECDSACACertAndKey returns a pem-encoded ECDSA certificate and key.
func GetECDSAClientCertificateReconciler ¶
func GetECDSAClientCertificateReconciler(name, commonName string, organizations []string, dataCertKey, dataKeyKey string, getCA ecdsaCAGetter) reconciling.SecretReconciler
GetECDSAClientCertificateReconciler is a generic function to return a secret generator to create a client certificate signed by the cert returned by the passed getCA func. The resulting secret has no ownerRef.
func GetSignedECDSACertAndKey ¶
func GetSignedECDSACertAndKey(notAfter time.Duration, cfg certutil.Config, caCert *x509.Certificate, caKey *ecdsa.PrivateKey) (cert []byte, key []byte, err error)
GetSignedECDSACertAndKey creates and returns a signed ECDSA x509 certificate and key.
func GlobalCABundle ¶
func GlobalCABundle(ctx context.Context, client ctrlruntimeclient.Client, config *kubermaticv1.KubermaticConfiguration) (*corev1.ConfigMap, error)
func RootCAReconciler ¶
func RootCAReconciler(data caReconcilerData) reconciling.NamedSecretReconcilerFactory
RootCAReconciler returns a function to create a secret with the root ca.
func ValidateCABundle ¶
Types ¶
type CABundle ¶
type CABundle struct {
// contains filtered or unexported fields
}
CABundle represents an x509.CertPool that was loaded from a file and which needs to be access both as a cert pool (i.e. parsed) _and_ as a file/PEM string.
func NewCABundleFromBytes ¶
func NewCABundleFromFile ¶
func NewFakeCABundle ¶
func NewFakeCABundle() *CABundle
NewFakeCABundle returns a CA bundle that contains a single certificate that cannot validate anything.
Directories ¶
Path | Synopsis |
---|---|
Package triple generates key-certificate pairs for the triple (CA, Server, Client).
|
Package triple generates key-certificate pairs for the triple (CA, Server, Client). |