Documentation
¶
Index ¶
- func CertDataToPEM(b []byte) (string, error)
- func GenerateCaCertificate(commonName string) (string, string, error)
- func GenerateCertificate(cert *x509.Certificate, signerCert *x509.Certificate, ...) (string, string, error)
- func GenerateClientCertificate(name string, signerCert *x509.Certificate, signerKey crypto.PrivateKey) (string, string, error)
- func GenerateServerCertificate(name string, signerCert *x509.Certificate, signerKey crypto.PrivateKey, ...) (string, string, error)
- func GetKubeConfigClientCert(conf *rest.Config) (*tls.Certificate, error)
- func JWTSigningKeyFromSecret(ctx context.Context, kube kubernetes.Interface, namespace, name string) (crypto.PrivateKey, error)
- func KeyDataToPEM(k crypto.PrivateKey) (string, error)
- func TLSCertFromFile(certPath string, keyPath string, strict bool) (tls.Certificate, error)
- func TLSCertFromSecret(ctx context.Context, kube kubernetes.Interface, namespace, name string) (tls.Certificate, error)
- func TLSCertFromX509(cert *x509.Certificate, key crypto.PrivateKey) (tls.Certificate, error)
- func TLSCertToSecret(ctx context.Context, kube kubernetes.Interface, namespace, name string, ...) error
- func TransportFromConfig(config *rest.Config) (*http.Transport, error)
- func X509CertPoolFromFile(path string) (*x509.CertPool, error)
- func X509CertPoolFromSecret(ctx context.Context, kube kubernetes.Interface, namespace, name, field string) (*x509.CertPool, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CertDataToPEM ¶
func GenerateCaCertificate ¶
GenerateCaCertificate generates a certificate and private key that will be configured to be usable as a Certificate Authority (CA). It returns both, the public certificate and the private key in PEM format.
The certificate will be valid for 10 days.
DO NOT USE THE RESULTING CERTIFICATE OR KEY OR ANY CERTIFICATES SIGNED BY THIS CA FOR PRODUCTION PURPOSES. NEVER. YOU HAVE BEEN WARNED.
And sorry for shouting.
func GenerateCertificate ¶
func GenerateCertificate(cert *x509.Certificate, signerCert *x509.Certificate, signerKey crypto.PrivateKey) (string, string, error)
GenerateCertificate generates a certificate from template cert and signs it using signerCert and signerKey.
It will return the certificate and its private key as PEM encoded strings.
func GenerateClientCertificate ¶
func GenerateClientCertificate(name string, signerCert *x509.Certificate, signerKey crypto.PrivateKey) (string, string, error)
GenerateClientCertificate generates a TLS certificate, signed with the given signer cert and signer key, that is suitable for client side authentication.
It will return the certificate and its private key as PEM encoded strings.
func GenerateServerCertificate ¶
func GenerateServerCertificate(name string, signerCert *x509.Certificate, signerKey crypto.PrivateKey, ips []string, dns []string) (string, string, error)
GenerateServerCertificate generates a TLS certificate, signed with the given signer cert and signer key, that is suitable for server side authentication.
It will return the certificate and its private key as PEM encoded strings.
func GetKubeConfigClientCert ¶
func GetKubeConfigClientCert(conf *rest.Config) (*tls.Certificate, error)
GetKubeConfigClientCert extracts the client certificate and private key from a given Kubernetes configuration. It supports both, loading the data from a file, as well as using base64-encoded embedded data.
func JWTSigningKeyFromSecret ¶ added in v0.2.0
func JWTSigningKeyFromSecret(ctx context.Context, kube kubernetes.Interface, namespace, name string) (crypto.PrivateKey, error)
JWTSigningKeyFromSecret reads a JWT signing key from a Kubernetes secret. The secret should contain a JWT signing key in the "jwt.key" field.
func KeyDataToPEM ¶
func KeyDataToPEM(k crypto.PrivateKey) (string, error)
func TLSCertFromFile ¶ added in v0.2.0
TLSCertFromFile loads a TLS certificate and RSA private key from the files specified as certPath and keyPath, applying some basic validation before returning the certificate.
func TLSCertFromSecret ¶
func TLSCertFromSecret(ctx context.Context, kube kubernetes.Interface, namespace, name string) (tls.Certificate, error)
TLSCertFromSecret reads a Kubernetes TLS secrets, and parses its data into a tls.Certificate.
func TLSCertFromX509 ¶ added in v0.2.0
func TLSCertFromX509(cert *x509.Certificate, key crypto.PrivateKey) (tls.Certificate, error)
TLSCertFromX509 generates a TLS certificate for the x509 certificate cert and the private key key. This function supports RSA and EC types of private keys.
func TLSCertToSecret ¶
func TLSCertToSecret(ctx context.Context, kube kubernetes.Interface, namespace, name string, tlsCert tls.Certificate) error
TLSCertToSecret writes a TLS certificate to a Kubernetes TLS secret. The data in the TLS certificate will be converted to PEM prior to being written out.
func TransportFromConfig ¶
TransportFromConfig creates an HTTP transport that is configured to use the TLS credentials and configuration from the given REST config.
func X509CertPoolFromSecret ¶
func X509CertPoolFromSecret(ctx context.Context, kube kubernetes.Interface, namespace, name, field string) (*x509.CertPool, error)
X509CertPoolFromSecret reads certificate data from a Kubernetes secret and appends the data to a X509 cert pool to be returned. If field is given, only data from this field will be parsed into the cert pool. Otherwise, if field is the empty string, all fields in the secret are expected to have valid certificate data and will be parsed.
Types ¶
This section is empty.
Source Files