certinit

package

v0.6.47 Latest Latest Go to latest Published: Mar 23, 2025 License: Apache-2.0 Imports: 20 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/effective-security/kubeca

Links

Open Source Insights

Documentation ¶

Index ¶

type CertClient
- func NewClient(kubeconfig, namespace string) (*CertClient, error)
type MinCertificates
type MinPods
type MinServices
type Request
- func (r *Request) Create(ctx context.Context, client *CertClient) error

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type CertClient ¶

type CertClient struct {
	Pods         MinPods
	Services     MinServices
	Certificates MinCertificates
}

CertClient provides minimum interfaces to create a CSR

func NewClient ¶

func NewClient(kubeconfig, namespace string) (*CertClient, error)

NewClient returns new client

type MinCertificates ¶

type MinCertificates interface {
	Create(ctx context.Context, certificateSigningRequest *capi.CertificateSigningRequest, opts metaV1.CreateOptions) (*capi.CertificateSigningRequest, error)
	Get(ctx context.Context, name string, opts metaV1.GetOptions) (*capi.CertificateSigningRequest, error)
}

MinCertificates is minimum Certificates interface

type MinPods ¶

type MinPods interface {
	Get(ctx context.Context, name string, opts metaV1.GetOptions) (*v1.Pod, error)
}

MinPods is minimum Pods interface

type MinServices ¶

type MinServices interface {
	List(ctx context.Context, opts metaV1.ListOptions) (*v1.ServiceList, error)
}

MinServices is minimum Services interface

type Request ¶

type Request struct {
	// Namespace as defined by pod.metadata.namespace
	Namespace string
	// PodName name as defined by pod.metadata.name
	PodName string
	// CertDir is directory where the TLS certs should be written
	CertDir string
	// ClusterDomain specifies kubernetes cluster domain
	ClusterDomain string
	// Labels to include in CertificateSigningRequest object; comma separated list of key=value
	Labels string
	// QueryK8s specifies to query kubernetes for names appropriate to this Pod
	QueryK8s bool
	// SAN is additional comma separated DNS, IP, URI or Emails to include in SAN
	SAN string
	// ServiceNames specifies additional service names that resolve to this Pod; comma separated
	ServiceNames string
	// IncludeUnqualified specifies to include unqualified .svc domains in names from --query-k8s
	IncludeUnqualified bool
	// SignerName specifies the signer name
	SignerName string
	// contains filtered or unexported fields
}

Request parameters

func (*Request) Create ¶

func (r *Request) Create(ctx context.Context, client *CertClient) error

Create certificate request and wait for issuance

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL