certificatesigningrequest

package
v1.136.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 25, 2026 License: Apache-2.0 Imports: 19 Imported by: 3

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var DigestedName = ComputeDigestedName

DigestedName is an alias for certificatesigningrequest.DigestedName. Exposed for testing.

Functions

func ComputeDigestedName 

func ComputeDigestedName(publicKey any, subject *pkix.Name, usages []certificatesv1.KeyUsage, csrPrefix string) (string, error)

ComputeDigestedName is a digest that should include all the relevant pieces of the CSR we care about. We can't directly hash the serialized CSR because of random padding that we regenerate every loop, and we include usages which are not contained in the CSR. This needs to be kept up to date as we add new fields to the node certificates and with `ensureCompatible` (https://github.com/kubernetes/client-go/blob/37045084c2aa82927b0e5ffc752861430fd7e4ab/util/certificate/csr/csr.go#L307).

func RequestCertificate 

func RequestCertificate(
	ctx context.Context,
	log logr.Logger,
	client kubernetesclientset.Interface,
	certificateSubject *pkix.Name,
	dnsSANs []string,
	ipSANs []net.IP,
	validityDuration *metav1.Duration,
	csrPrefix string,
) (
	[]byte,
	[]byte,
	string,
	error,
)

RequestCertificate will create a certificate signing request and send it to API server, then it will watch the object's status, once approved, it will return the kube-controller-manager's issued certificate (pem-encoded). If there is any errors, or the watch timeouts, it will return an error.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.