certs

Documentation

Index

• type CertPair
  • func (k CertPair) AsBytes() (cert []byte, key []byte, err error)
  • func (k CertPair) CertBytes() []byte
• type ClientInfo
• type TinyCA
  • func NewTinyCA() (*TinyCA, error)
  • func (c *TinyCA) NewClientCert(user ClientInfo) (CertPair, error)
  • func (c *TinyCA) NewServingCert(names ...string) (CertPair, error)

Types

type CertPair

type CertPair struct {
	Key  crypto.Signer
	Cert *x509.Certificate
}

CertPair is a private key and certificate for use for client auth, as a CA, or serving.

func (CertPair) AsBytes

func (k CertPair) AsBytes() (cert []byte, key []byte, err error)

AsBytes encodes keypair in the appropriate formats for on-disk storage (PEM and PKCS8, respectively).

func (CertPair) CertBytes

func (k CertPair) CertBytes() []byte

CertBytes returns the PEM-encoded version of the certificate for this pair.

type ClientInfo

type ClientInfo struct {
	// Name is the user name (embedded as the cert's CommonName)
	Name string
	// Groups are the groups to which this user belongs (embedded as the cert's
	// Organization)
	Groups []string
}

ClientInfo describes some Kubernetes user for the purposes of creating client certificates.

type TinyCA

type TinyCA struct {
	CA CertPair
	// contains filtered or unexported fields
}

TinyCA supports signing serving certs and client-certs, and can be used as an auth mechanism with envtest.

func NewTinyCA

func NewTinyCA() (*TinyCA, error)

NewTinyCA creates a new a tiny CA utility for provisioning serving certs and client certs FOR TESTING ONLY. Don't use this for anything else!

func (*TinyCA) NewClientCert

func (c *TinyCA) NewClientCert(user ClientInfo) (CertPair, error)

NewClientCert produces a new CertPair suitable for use with Kubernetes client cert auth with an API server validating based on this CA.

func (*TinyCA) NewServingCert

func (c *TinyCA) NewServingCert(names ...string) (CertPair, error)

NewServingCert returns a new CertPair for a serving HTTPS on localhost (or other specified names).