generate

package

v0.2.4 Latest Latest Go to latest Published: May 12, 2025 License: Apache-2.0 Imports: 21 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/cilium/certgen

Links

Open Source Insights

Documentation ¶

Index ¶

type CA
- func NewCA(secretName, secretNamespace string) *CA
type Cert
- func NewCert(commonName string, validityDuration time.Duration, usage []string, name string, ...) *Cert

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type CA ¶

type CA struct {
	SecretName      string
	SecretNamespace string

	CACertBytes []byte
	CAKeyBytes  []byte

	CACert *x509.Certificate
	CAKey  crypto.Signer
	// contains filtered or unexported fields
}

CA contains the data and metadata of the certificate authority

func NewCA ¶

func NewCA(secretName, secretNamespace string) *CA

NewCA creates a new root CA blueprint

func (*CA) Generate ¶

func (c *CA) Generate(commonName string, validityDuration time.Duration) error

Generate the root certificate and keyfile. Populates c.CACertBytes and c.CAKeyBytes

func (*CA) IsEmpty ¶ added in v0.1.8

func (c *CA) IsEmpty() bool

IsEmpty returns true if this CA is empty

func (*CA) LoadFromFile ¶

func (c *CA) LoadFromFile(caCertFile, caKeyFile string) error

LoadFromFile populates c.CACertBytes and c.CAKeyBytes by reading them from file.

func (*CA) LoadFromSecret ¶ added in v0.1.1

func (c *CA) LoadFromSecret(ctx context.Context, k8sClient *kubernetes.Clientset) error

LoadFromSecret populates c.CACertBytes and c.CAKeyBytes by reading them from a secret

func (*CA) LoadedFromSecret ¶ added in v0.1.3

func (c *CA) LoadedFromSecret() bool

LoadedFromSecret returns true if this CA was loaded from a K8s secret

func (*CA) Reset ¶ added in v0.1.8

func (c *CA) Reset()

Reset resets ca key and ca cert values, this is useful for reload or regeneration.

func (*CA) StoreAsSecret ¶ added in v0.1.1

func (c *CA) StoreAsSecret(ctx context.Context, k8sClient *kubernetes.Clientset, force bool) error

StoreAsSecret creates or updates the CA certificate in a K8s secret

If force is true, the existing secret with same name in same namespace (if available) will be overwritten.
If force is false and there is existing secret with same name in same namespace, just throws IsAlreadyExists error to caller

type Cert ¶

type Cert struct {
	CommonName       string
	ValidityDuration time.Duration
	Usage            []string
	Name             string
	Namespace        string
	Hosts            []string

	CA        *CA
	CertBytes []byte
	KeyBytes  []byte
}

Cert contains the data and metadata of the certificate and keyfile.

func NewCert ¶

func NewCert(
	commonName string,
	validityDuration time.Duration,
	usage []string,
	name string,
	namespace string,
) *Cert

NewCert creates a new certificate blueprint

func (*Cert) Generate ¶

func (c *Cert) Generate(ca *CA) error

Generate the certificate and keyfile and populate c.CertBytes and c.CertKey

func (*Cert) StoreAsSecret ¶

func (c *Cert) StoreAsSecret(ctx context.Context, k8sClient *kubernetes.Clientset) error

StoreAsSecret creates or updates the certificate and keyfile in a K8s secret

func (*Cert) WithHosts ¶ added in v0.1.1

func (c *Cert) WithHosts(hosts []string) *Cert

WithHosts modifies to use the given hosts instead of the default (CommonName)

Source Files ¶

View all Source files

generate.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL