generate

package

v0.3.2 Latest Latest Go to latest Published: Jan 12, 2026 License: Apache-2.0 Imports: 20 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/cilium/certgen

Links

Open Source Insights

Documentation ¶

Index ¶

type CA
- func NewCA(secretName, secretNamespace string) *CA
type Cert
- func NewCert(commonName string, validityDuration time.Duration, usage []string, name string, ...) *Cert

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type CA ¶

type CA struct {
	SecretName      string
	SecretNamespace string

	CAKeyBytes []byte

	CACerts []*x509.Certificate
	CAKey   crypto.Signer
}

CA contains the data and metadata of the certificate authority.

func NewCA ¶

func NewCA(secretName, secretNamespace string) *CA

NewCA creates a new root CA blueprint.

func (*CA) Generate ¶

func (c *CA) Generate(log *slog.Logger, commonName string, validityDuration time.Duration) error

Generate the root certificate and keyfile. Populates c.CACertBytes and c.CAKeyBytes.

func (*CA) Intermediates ¶ added in v0.3.1

func (c *CA) Intermediates() []*x509.Certificate

Intermediates returns the intermediate CA certificates to be appended to the newly generated certificates.

func (*CA) IsEmpty ¶ added in v0.1.8

func (c *CA) IsEmpty() bool

IsEmpty returns true if this CA is empty.

func (*CA) Leaf ¶ added in v0.3.1

func (c *CA) Leaf() *x509.Certificate

Leaf returns the leaf CA certificate, that is the one to be used to sign the newly generated certificates.

func (*CA) LoadFromFile ¶

func (c *CA) LoadFromFile(caCertFile, caKeyFile string) error

LoadFromFile populates c.CACertBytes and c.CAKeyBytes by reading them from file.

func (*CA) LoadFromSecret ¶ added in v0.1.1

func (c *CA) LoadFromSecret(ctx context.Context, k8sClient *kubernetes.Clientset) error

LoadFromSecret populates c.CACertBytes and c.CAKeyBytes by reading them from a secret.

func (*CA) Reset ¶ added in v0.1.8

func (c *CA) Reset()

Reset resets ca key and ca cert values, this is useful for reload or regeneration.

func (*CA) Root ¶ added in v0.3.1

func (c *CA) Root() *x509.Certificate

Root returns the certificate of the root CA.

func (*CA) StoreAsSecret ¶ added in v0.1.1

func (c *CA) StoreAsSecret(ctx context.Context, log *slog.Logger, k8sClient *kubernetes.Clientset, force bool) error

StoreAsSecret creates or updates the CA certificate in a K8s secret.

If force is true, the existing secret with same name in same namespace (if available) will be overwritten.
If force is false and there is existing secret with same name in same namespace, just throws IsAlreadyExists error to caller.

type Cert ¶

type Cert struct {
	CommonName       string
	ValidityDuration time.Duration
	Usage            []string
	Name             string
	Namespace        string
	Hosts            []string

	CA        *CA
	CertBytes []byte
	KeyBytes  []byte
}

Cert contains the data and metadata of the certificate and keyfile.

func NewCert ¶

func NewCert(
	commonName string,
	validityDuration time.Duration,
	usage []string,
	name string,
	namespace string,
) *Cert

NewCert creates a new certificate blueprint.

func (*Cert) Generate ¶

func (c *Cert) Generate(log *slog.Logger, ca *CA) error

Generate the certificate and keyfile and populate c.CertBytes and c.CertKey.

func (*Cert) StoreAsSecret ¶

func (c *Cert) StoreAsSecret(ctx context.Context, log *slog.Logger, k8sClient *kubernetes.Clientset) error

StoreAsSecret creates or updates the certificate and keyfile in a K8s secret.

func (*Cert) WithHosts ¶ added in v0.1.1

func (c *Cert) WithHosts(hosts []string) *Cert

WithHosts modifies to use the given hosts instead of the default (CommonName).

Source Files ¶

View all Source files

generate.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL