certs

package module
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 24, 2020 License: Apache-2.0 Imports: 11 Imported by: 52

README

CircleCI

certificates

Utilities to work with certificates created by cert-operator.

Documentation

Index

Constants

View Source 
const (
	// DefaultWatchTimeout is the time to wait on watches against the Kubernetes
	// API before giving up and throwing an error.
	DefaultWatchTimeout = 90 * time.Second
)
View Source 
const (
	SecretNamespace = "default"
)

These constants are used when filtering the secrets, to only retrieve the ones we are interested in.

Variables

View Source 
var AllCerts = []Cert{
	APICert,
	AppOperatorAPICert,
	AWSOperatorAPICert,
	CalicoEtcdClientCert,
	ClusterOperatorAPICert,
	EtcdCert,
	FlanneldEtcdClientCert,
	InternalAPICert,
	NodeOperatorCert,
	PrometheusCert,
	ServiceAccountCert,
	WorkerCert,
}

AllCerts lists all certificates that can be created by cert-operator.

Functions

func IsInvalidConfig 

func IsInvalidConfig(err error) bool

func IsInvalidSecret 

func IsInvalidSecret(err error) bool

func IsTimeout 

func IsTimeout(err error) bool

func IsWrongType 

func IsWrongType(err error) bool

func K8sLabels 

func K8sLabels(clusterID string, certificate Cert) map[string]string

K8sLabels returns labels for the Kubernetes object for the certificate name and the guest cluster ID.

func K8sName 

func K8sName(clusterID string, certificate Cert) string

K8sName returns Kubernetes object name for the certificate name and the guest cluster ID.

Types

type AppOperator 

type AppOperator struct {
	APIServer TLS
}

type Cert 

type Cert string

Cert is a certificate name. 

const (
	APICert                Cert = "api"
	AppOperatorAPICert     Cert = "app-operator-api"
	AWSOperatorAPICert     Cert = "aws-operator-api"
	CalicoEtcdClientCert   Cert = "calico-etcd-client"
	ClusterOperatorAPICert Cert = "cluster-operator-api"
	EtcdCert               Cert = "etcd"
	FlanneldEtcdClientCert Cert = "flanneld-etcd-client"
	InternalAPICert        Cert = "internal-api"
	NodeOperatorCert       Cert = "node-operator"
	PrometheusCert         Cert = "prometheus"
	ServiceAccountCert     Cert = "service-account"
	WorkerCert             Cert = "worker"
)

These constants used as Cert parsing a secret received from the API.

func (Cert) String 

func (c Cert) String() string

type Cluster 

type Cluster struct {
	APIServer        TLS
	CalicoEtcdClient TLS
	EtcdServer       TLS
	ServiceAccount   TLS
	Worker           TLS
}

type ClusterOperator 

type ClusterOperator struct {
	APIServer TLS
}

type Config 

type Config struct {
	K8sClient kubernetes.Interface
	Logger    micrologger.Logger

	WatchTimeout time.Duration
}

type Draining 

type Draining struct {
	NodeOperator TLS
}

type File 

type File struct {
	AbsolutePath string
	Data         []byte
}

type Files 

type Files []File

func NewFilesCluster 

func NewFilesCluster(cluster Cluster) Files

func NewFilesClusterMaster 

func NewFilesClusterMaster(cluster Cluster) Files

func NewFilesClusterWorker 

func NewFilesClusterWorker(cluster Cluster) Files

type Interface 

type Interface interface {
	// SearchAppOperator searches for secrets containing TLS certs
	// for managed catalogue service.
	SearchAppOperator(clusterID string) (AppOperator, error)
	// SearchCluster searches for secrets containing TLS certs for guest
	// clusters components.
	SearchCluster(clusterID string) (Cluster, error)
	// SearchClusterOperator searches for secrets containing TLS certs for
	// connecting to guest clusters.
	SearchClusterOperator(clusterID string) (ClusterOperator, error)
	// SearchDraining searches for secrets containing TLS certs for
	// draining nodes in guest clusters.
	SearchDraining(clusterID string) (Draining, error)
	// SearchMonitoring searches for secrets containing TLS certs for
	// monitoring guest clusters.
	SearchMonitoring(clusterID string) (Monitoring, error)
	// SearchTLS provides a dedicated way to lookup a single TLS asset for one
	// specific purpose. This might be used for e.g. granting guest cluster
	// access within operators.
	SearchTLS(clusterID string, cert Cert) (TLS, error)
}

type Monitoring 

type Monitoring struct {
	KubeStateMetrics TLS
	Prometheus       TLS
}

type Searcher 

type Searcher struct {
	// contains filtered or unexported fields
}

func NewSearcher 

func NewSearcher(config Config) (*Searcher, error)

func (*Searcher) SearchAppOperator 

func (s *Searcher) SearchAppOperator(clusterID string) (AppOperator, error)

func (*Searcher) SearchCluster 

func (s *Searcher) SearchCluster(clusterID string) (Cluster, error)

func (*Searcher) SearchClusterOperator 

func (s *Searcher) SearchClusterOperator(clusterID string) (ClusterOperator, error)

func (*Searcher) SearchDraining 

func (s *Searcher) SearchDraining(clusterID string) (Draining, error)

func (*Searcher) SearchMonitoring 

func (s *Searcher) SearchMonitoring(clusterID string) (Monitoring, error)

func (*Searcher) SearchTLS 

func (s *Searcher) SearchTLS(clusterID string, cert Cert) (TLS, error)

type TLS 

type TLS struct {
	CA, Crt, Key []byte
}

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.