Documentation
¶
Index ¶
- type CA
- func (c *CA) Generate(log *slog.Logger, commonName string, validityDuration time.Duration) error
- func (c *CA) Intermediates() []*x509.Certificate
- func (c *CA) IsEmpty() bool
- func (c *CA) Leaf() *x509.Certificate
- func (c *CA) LoadFromFile(caCertFile, caKeyFile string) error
- func (c *CA) LoadFromSecret(ctx context.Context, k8sClient *kubernetes.Clientset) error
- func (c *CA) Reset()
- func (c *CA) Root() *x509.Certificate
- func (c *CA) StoreAsConfigMap(ctx context.Context, log *slog.Logger, k8sClient *kubernetes.Clientset) error
- func (c *CA) StoreAsSecret(ctx context.Context, log *slog.Logger, k8sClient *kubernetes.Clientset, ...) error
- func (c *CA) ValidateExpiry(leafValidities []time.Duration) error
- type CAConfig
- type Cert
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CA ¶
CA contains the data and metadata of the certificate authority.
func (*CA) Generate ¶
Generate the root certificate and keyfile. Populates c.CACertBytes and c.CAKeyBytes.
func (*CA) Intermediates ¶ added in v0.3.1
func (c *CA) Intermediates() []*x509.Certificate
Intermediates returns the intermediate CA certificates to be appended to the newly generated certificates.
func (*CA) Leaf ¶ added in v0.3.1
func (c *CA) Leaf() *x509.Certificate
Leaf returns the leaf CA certificate, that is the one to be used to sign the newly generated certificates.
func (*CA) LoadFromFile ¶
LoadFromFile populates c.CACertBytes and c.CAKeyBytes by reading them from file.
func (*CA) LoadFromSecret ¶ added in v0.1.1
LoadFromSecret populates c.CACertBytes and c.CAKeyBytes by reading them from a secret.
func (*CA) Reset ¶ added in v0.1.8
func (c *CA) Reset()
Reset resets ca key and ca cert values, this is useful for reload or regeneration.
func (*CA) Root ¶ added in v0.3.1
func (c *CA) Root() *x509.Certificate
Root returns the certificate of the root CA.
func (*CA) StoreAsConfigMap ¶
func (c *CA) StoreAsConfigMap(ctx context.Context, log *slog.Logger, k8sClient *kubernetes.Clientset) error
StoreAsConfigMap creates or updates the CA certificate in a K8s ConfigMap. Only the CA cert is stored in the ConfigMap, the CA key is not stored.
func (*CA) StoreAsSecret ¶ added in v0.1.1
func (c *CA) StoreAsSecret(ctx context.Context, log *slog.Logger, k8sClient *kubernetes.Clientset, force bool) error
StoreAsSecret creates or updates the CA certificate in a K8s secret.
- If force is true, the existing secret with same name in same namespace (if available) will be overwritten.
- If force is false and there is existing secret with same name in same namespace, just throws IsAlreadyExists error to caller.
type CAConfig ¶ added in v0.4.0
type CAConfig struct {
SecretName string
SecretNamespace string
ConfigMapName string
ConfigMapNamespace string
}
CAConfig contains the configuration for CA creation and storage.
type Cert ¶
type Cert struct {
CommonName string
ValidityDuration time.Duration
Usage []string
Name string
Namespace string
Hosts []string
CA *CA
CertBytes []byte
KeyBytes []byte
}
Cert contains the data and metadata of the certificate and keyfile.
func NewCert ¶
func NewCert( commonName string, validityDuration time.Duration, usage []string, name string, namespace string, ) *Cert
NewCert creates a new certificate blueprint.
func (*Cert) Generate ¶
Generate the certificate and keyfile and populate c.CertBytes and c.CertKey.
func (*Cert) StoreAsSecret ¶
func (c *Cert) StoreAsSecret(ctx context.Context, log *slog.Logger, k8sClient *kubernetes.Clientset) error
StoreAsSecret creates or updates the certificate and keyfile in a K8s secret.
Source Files