istio_ca

package
v0.2.0-dev.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 10, 2023 License: Apache-2.0 Imports: 47 Imported by: 3

Documentation

Index

Constants

View Source 
const (
	// K8sSATrustworthyJWTFileName is the token volume mount file name for k8s trustworthy jwt token.
	K8sSATrustworthyJWTFileName = "/var/run/secrets/tokens/istio-token"

	// K8sSAJWTFileName is the token volume mount file name for k8s jwt token.
	K8sSAJWTFileName = "/var/run/secrets/kubernetes.io/serviceaccount/token"

	// CACertPEMFileName The data name in the ConfigMap of each namespace storing the root cert of non-Kube CA.
	CACertPEMFileName = "/var/run/secrets/istio/root-cert.pem"
)

Variables

This section is empty.

Functions

func CreateK8SToken 

func CreateK8SToken(ctx context.Context, config *rest.Config, saName, saNamespace string, audiences []string, expirationSeconds int) ([]byte, error)

func GetEastWestGWAddress 

func GetEastWestGWAddress(cl client.Client, istioRevision string) (string, error)

func GetIMGWAddress 

func GetIMGWAddress(cl client.Client, istioRevision string) (string, error)

func GetIMGWPod 

func GetIMGWPod(cl client.Client, istioRevision string) (*corev1.Pod, error)

func GetIstioRootCAPEM 

func GetIstioRootCAPEM(cl client.Client, istioRevision string) (*corev1.ConfigMap, []byte, error)

func GetIstioTokenFromPod 

func GetIstioTokenFromPod(config *rest.Config, scheme *runtime.Scheme, name, namespace string) ([]byte, error)

func GetIstiodService 

func GetIstiodService(cl client.Client, istioRevision string) (*corev1.Service, error)

func GetMeshConfig 

func GetMeshConfig(cl client.Client, istioRevision string) (*meshv1alpha1.MeshConfig, error)

func NewIstioCAClient 

func NewIstioCAClient(config IstioCAClientConfig, logger logr.Logger) ca.Client

Types

type CitadelClient 

type CitadelClient struct {
	// contains filtered or unexported fields
}

func NewCitadelClient 

func NewCitadelClient(opts *security.Options, tlsOpts *TLSOptions, logger logr.Logger) (*CitadelClient, error)

NewCitadelClient create a CA client for Citadel.

func (*CitadelClient) CSRSign 

func (c *CitadelClient) CSRSign(csrPEM []byte, certValidTTLInSec int64) ([]string, error)

CSRSign calls Citadel to sign a CSR.

func (*CitadelClient) Close 

func (c *CitadelClient) Close()

func (*CitadelClient) GetRootCertBundle 

func (c *CitadelClient) GetRootCertBundle() ([]string, error)

GetRootCertBundle: Citadel (Istiod) CA doesn't publish any endpoint to retrieve CA certs

type ConfigRetrievalError 

type ConfigRetrievalError struct {
	Status string
}

func (ConfigRetrievalError) Error 

func (e ConfigRetrievalError) Error() string

type CredFetcher 

type CredFetcher struct {
	Token string
}

func (CredFetcher) GetIdentityProvider 

func (f CredFetcher) GetIdentityProvider() string

func (CredFetcher) GetPlatformCredential 

func (f CredFetcher) GetPlatformCredential() (string, error)

func (CredFetcher) GetType 

func (f CredFetcher) GetType() string

func (CredFetcher) Stop 

func (f CredFetcher) Stop()

type HeimdallResponse 

type HeimdallResponse struct {
	CAClientConfig IstioCAClientConfig
	Environment    environment.IstioEnvironment
}

func GetIstioCAClientConfigFromHeimdall 

func GetIstioCAClientConfigFromHeimdall(ctx context.Context, heimdallURL, authorizationToken, version string) (config HeimdallResponse, err error)

type IstioCAClient 

type IstioCAClient struct {
	// contains filtered or unexported fields
}

func (*IstioCAClient) GetCAEndpoint 

func (c *IstioCAClient) GetCAEndpoint() string

func (*IstioCAClient) GetCAPem 

func (c *IstioCAClient) GetCAPem() []byte

func (*IstioCAClient) GetCertificate 

func (c *IstioCAClient) GetCertificate(hostname string, ttl time.Duration) (ca.Certificate, error)

func (*IstioCAClient) GetConfig 

func (c *IstioCAClient) GetConfig() IstioCAClientConfig

type IstioCAClientConfig 

type IstioCAClientConfig struct {
	CAEndpoint    string
	CAEndpointSAN string
	ClusterID     string
	Token         []byte
	CApem         []byte
	Revision      string
	MeshID        string
	TrustDomain   string
	ZipkinAddress string
}

func GetIstioCAClientConfig 

func GetIstioCAClientConfig(clusterID string, istioRevision string) (IstioCAClientConfig, error)

func GetIstioCAClientConfigFromLocal 

func GetIstioCAClientConfigFromLocal(clusterID string, endpointAddress string) (config IstioCAClientConfig, err error)

func GetIstioCAClientConfigWithKubeConfig 

func GetIstioCAClientConfigWithKubeConfig(clusterID string, istioRevision string, kubeConfig []byte, saObjectKey *client.ObjectKey) (IstioCAClientConfig, error)

type TLSOptions 

type TLSOptions struct {
	RootCertPEM []byte
	KeyPEM      []byte
	CertPEM     []byte
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.