certmanager

package

v0.2.0-alpha.2 Latest Latest Go to latest Published: May 5, 2026 License: Apache-2.0 Imports: 5 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/go-kure/kure

Links

Open Source Insights

Documentation ¶

Overview ¶

Package certmanager provides helpers for building cert-manager resources such as Certificates, Issuers and ClusterIssuers.

Example (ComposeClusterIssuerAndCertificate) ¶

This example demonstrates composing a ClusterIssuer with an ACME configuration and a matching Certificate, which is a common pattern for automated TLS in Kubernetes.

package main

import (
	"fmt"

	certv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
	cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1"

	corev1 "k8s.io/api/core/v1"

	"github.com/go-kure/kure/internal/certmanager"
)

func main() {
	// --- ClusterIssuer with ACME (Let's Encrypt) ---
	privateKey := cmmeta.SecretKeySelector{
		LocalObjectReference: cmmeta.LocalObjectReference{Name: "letsencrypt-account-key"},
		Key:                  "tls.key",
	}
	acme := certmanager.CreateACMEIssuer(
		"https://acme-v02.api.letsencrypt.org/directory",
		"admin@example.com",
		privateKey,
	)

	solver := certmanager.CreateACMEHTTP01Solver(corev1.ServiceTypeClusterIP, "nginx")
	certmanager.AddACMEIssuerSolver(acme, solver)

	issuer := certmanager.CreateClusterIssuer("letsencrypt-prod", certv1.IssuerSpec{})
	certmanager.SetClusterIssuerACME(issuer, acme)
	certmanager.AddClusterIssuerLabel(issuer, "env", "production")

	// --- Certificate referencing the ClusterIssuer ---
	cert := certmanager.CreateCertificate("app-tls", "default", certv1.CertificateSpec{
		SecretName: "app-tls-secret",
	})
	certmanager.SetCertificateIssuerRef(cert, cmmeta.IssuerReference{
		Name:  issuer.Name,
		Kind:  "ClusterIssuer",
		Group: "cert-manager.io",
	})
	certmanager.AddCertificateDNSName(cert, "app.example.com")
	certmanager.AddCertificateDNSName(cert, "www.example.com")
	certmanager.AddCertificateLabel(cert, "env", "production")

	fmt.Println("Issuer:", issuer.Name)
	fmt.Println("Issuer Kind:", issuer.Kind)
	fmt.Println("ACME Server:", issuer.Spec.ACME.Server)
	fmt.Println("Certificate:", cert.Name)
	fmt.Println("Certificate Namespace:", cert.Namespace)
	fmt.Println("Secret:", cert.Spec.SecretName)
	fmt.Println("DNS Names:", cert.Spec.DNSNames)
	fmt.Println("Issuer Ref:", cert.Spec.IssuerRef.Name)
}

Output:
Issuer: letsencrypt-prod
Issuer Kind: ClusterIssuer
ACME Server: https://acme-v02.api.letsencrypt.org/directory
Certificate: app-tls
Certificate Namespace: default
Secret: app-tls-secret
DNS Names: [app.example.com www.example.com]
Issuer Ref: letsencrypt-prod

Index ¶

func AddACMEIssuerSolver(issuer *cmacme.ACMEIssuer, solver cmacme.ACMEChallengeSolver)
func AddCertificateAnnotation(obj *certv1.Certificate, key, value string)
func AddCertificateDNSName(obj *certv1.Certificate, dns string)
func AddCertificateLabel(obj *certv1.Certificate, key, value string)
func AddClusterIssuerAnnotation(obj *certv1.ClusterIssuer, key, value string)
func AddClusterIssuerLabel(obj *certv1.ClusterIssuer, key, value string)
func AddIssuerAnnotation(obj *certv1.Issuer, key, value string)
func AddIssuerLabel(obj *certv1.Issuer, key, value string)
func CreateACMEDNS01SolverCloudflare(email string, token cmmeta.SecretKeySelector) cmacme.ACMEChallengeSolver
func CreateACMEDNS01SolverGoogle(project string, sa *cmmeta.SecretKeySelector) cmacme.ACMEChallengeSolver
func CreateACMEDNS01SolverRoute53(region string, key cmmeta.SecretKeySelector) cmacme.ACMEChallengeSolver
func CreateACMEHTTP01Solver(serviceType corev1.ServiceType, class string) cmacme.ACMEChallengeSolver
func CreateACMEIssuer(server, email string, key cmmeta.SecretKeySelector) *cmacme.ACMEIssuer
func CreateCertificate(name, namespace string, spec certv1.CertificateSpec) *certv1.Certificate
func CreateClusterIssuer(name string, spec certv1.IssuerSpec) *certv1.ClusterIssuer
func CreateIssuer(name, namespace string, spec certv1.IssuerSpec) *certv1.Issuer
func SetCertificateDuration(obj *certv1.Certificate, dur *metav1.Duration)
func SetCertificateIssuerRef(obj *certv1.Certificate, ref cmmeta.IssuerReference)
func SetCertificateRenewBefore(obj *certv1.Certificate, dur *metav1.Duration)
func SetClusterIssuerACME(obj *certv1.ClusterIssuer, acme *cmacme.ACMEIssuer)
func SetClusterIssuerCA(obj *certv1.ClusterIssuer, ca *certv1.CAIssuer)
func SetIssuerACME(obj *certv1.Issuer, acme *cmacme.ACMEIssuer)
func SetIssuerCA(obj *certv1.Issuer, ca *certv1.CAIssuer)

Examples ¶

Package (ComposeClusterIssuerAndCertificate)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func AddACMEIssuerSolver ¶

func AddACMEIssuerSolver(issuer *cmacme.ACMEIssuer, solver cmacme.ACMEChallengeSolver)

AddACMEIssuerSolver appends a challenge solver to the issuer.

func AddCertificateAnnotation ¶

func AddCertificateAnnotation(obj *certv1.Certificate, key, value string)

AddCertificateAnnotation adds or updates an annotation on the Certificate metadata.

func AddCertificateDNSName ¶

func AddCertificateDNSName(obj *certv1.Certificate, dns string)

AddCertificateDNSName appends a DNS name to the Certificate spec.

func AddCertificateLabel ¶

func AddCertificateLabel(obj *certv1.Certificate, key, value string)

AddCertificateLabel adds or updates a label on the Certificate metadata.

func AddClusterIssuerAnnotation ¶

func AddClusterIssuerAnnotation(obj *certv1.ClusterIssuer, key, value string)

AddClusterIssuerAnnotation adds or updates an annotation on the ClusterIssuer metadata.

func AddClusterIssuerLabel ¶

func AddClusterIssuerLabel(obj *certv1.ClusterIssuer, key, value string)

AddClusterIssuerLabel adds or updates a label on the ClusterIssuer metadata.

func AddIssuerAnnotation ¶

func AddIssuerAnnotation(obj *certv1.Issuer, key, value string)

AddIssuerAnnotation adds or updates an annotation on the Issuer metadata.

func AddIssuerLabel ¶

func AddIssuerLabel(obj *certv1.Issuer, key, value string)

AddIssuerLabel adds or updates a label on the Issuer metadata.

func CreateACMEDNS01SolverCloudflare ¶

func CreateACMEDNS01SolverCloudflare(email string, token cmmeta.SecretKeySelector) cmacme.ACMEChallengeSolver

CreateACMEDNS01SolverCloudflare creates a DNS01 solver for Cloudflare.

func CreateACMEDNS01SolverGoogle ¶

func CreateACMEDNS01SolverGoogle(project string, sa *cmmeta.SecretKeySelector) cmacme.ACMEChallengeSolver

CreateACMEDNS01SolverGoogle creates a DNS01 solver for Google CloudDNS.

func CreateACMEDNS01SolverRoute53 ¶

func CreateACMEDNS01SolverRoute53(region string, key cmmeta.SecretKeySelector) cmacme.ACMEChallengeSolver

CreateACMEDNS01SolverRoute53 creates a DNS01 solver for AWS Route53.

func CreateACMEHTTP01Solver ¶

func CreateACMEHTTP01Solver(serviceType corev1.ServiceType, class string) cmacme.ACMEChallengeSolver

CreateACMEHTTP01Solver creates a solver using HTTP01 via ingress class.

func CreateACMEIssuer ¶

func CreateACMEIssuer(server, email string, key cmmeta.SecretKeySelector) *cmacme.ACMEIssuer

CreateACMEIssuer returns an ACMEIssuer with the mandatory fields set.

func CreateCertificate ¶

func CreateCertificate(name, namespace string, spec certv1.CertificateSpec) *certv1.Certificate

CreateCertificate returns a new Certificate object with the provided name, namespace and spec.

func CreateClusterIssuer ¶

func CreateClusterIssuer(name string, spec certv1.IssuerSpec) *certv1.ClusterIssuer

CreateClusterIssuer returns a new ClusterIssuer with the provided name and spec.

func CreateIssuer ¶

func CreateIssuer(name, namespace string, spec certv1.IssuerSpec) *certv1.Issuer

CreateIssuer returns a new Issuer object with the provided name, namespace and spec.

func SetCertificateDuration ¶

func SetCertificateDuration(obj *certv1.Certificate, dur *metav1.Duration)

SetCertificateDuration sets the desired certificate duration.

func SetCertificateIssuerRef ¶

func SetCertificateIssuerRef(obj *certv1.Certificate, ref cmmeta.IssuerReference)

SetCertificateIssuerRef sets the issuer reference for the certificate.

func SetCertificateRenewBefore ¶

func SetCertificateRenewBefore(obj *certv1.Certificate, dur *metav1.Duration)

SetCertificateRenewBefore sets the renewBefore field of the certificate spec.

func SetClusterIssuerACME ¶

func SetClusterIssuerACME(obj *certv1.ClusterIssuer, acme *cmacme.ACMEIssuer)

SetClusterIssuerACME sets the ACME config on the ClusterIssuer.

func SetClusterIssuerCA ¶

func SetClusterIssuerCA(obj *certv1.ClusterIssuer, ca *certv1.CAIssuer)

SetClusterIssuerCA sets the CA configuration on the ClusterIssuer spec.

func SetIssuerACME ¶

func SetIssuerACME(obj *certv1.Issuer, acme *cmacme.ACMEIssuer)

SetIssuerACME sets the ACME configuration on the issuer spec.

func SetIssuerCA ¶

func SetIssuerCA(obj *certv1.Issuer, ca *certv1.CAIssuer)

SetIssuerCA sets the CA configuration on the issuer spec.

Types ¶

This section is empty.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL