secrets

package

v1.6.3 Latest Latest Go to latest Published: Sep 3, 2025 License: Apache-2.0 Imports: 37 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/kong/gateway-operator

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func CreateClusterCACertificate(ctx context.Context, cl client.Client, secretNN types.NamespacedName, ...) error
func CreatePrivateKey(keyConfig KeyConfig) (crypto.Signer, *pem.Block, x509.SignatureAlgorithm, error)
func EnsureCertificate[T interface{ ... }](ctx context.Context, owner T, subject string, ...) (op.Result, *corev1.Secret, error)
func GetManagedLabelForServiceSecret(svcNN types.NamespacedName) client.MatchingLabels
func IsTLSSecretValid(secret *corev1.Secret) bool
func ParseKey(keyType x509.PublicKeyAlgorithm, pemBlock *pem.Block) (crypto.Signer, error)
func SignatureAlgorithmForKeyType(keyType x509.PublicKeyAlgorithm) x509.SignatureAlgorithm
type KeyConfig

Constants ¶

View Source

const (
	// SignatureAlgorithmForECDSA is the default signature algorithm for ECDSA keys.
	SignatureAlgorithmForECDSA x509.SignatureAlgorithm = x509.ECDSAWithSHA256
	// SignatureAlgorithmForRSA is the default signature algorithm for RSA keys.
	SignatureAlgorithmForRSA x509.SignatureAlgorithm = x509.SHA256WithRSA
)

Variables ¶

This section is empty.

Functions ¶

func CreateClusterCACertificate ¶ added in v1.6.0

func CreateClusterCACertificate(ctx context.Context, cl client.Client, secretNN types.NamespacedName, keyConfig KeyConfig) error

CreateClusterCACertificate creates a cluster CA certificate Secret.

func CreatePrivateKey ¶ added in v1.5.0

func CreatePrivateKey(
	keyConfig KeyConfig,
) (crypto.Signer, *pem.Block, x509.SignatureAlgorithm, error)

CreatePrivateKey generates a private key based on the provided keyConfig.

func EnsureCertificate ¶

func EnsureCertificate[
	T interface {
		k8sresources.ControlPlaneOrDataPlaneOrKonnectExtension
		client.Object
	},
](
	ctx context.Context,
	owner T,
	subject string,
	mtlsCASecretNN types.NamespacedName,
	usages []certificatesv1.KeyUsage,
	keyConfig KeyConfig,
	cl client.Client,
	additionalMatchingLabels client.MatchingLabels,
) (op.Result, *corev1.Secret, error)

EnsureCertificate creates a namespace/name Secret for subject signed by the CA in the mtlsCASecretNamespace/mtlsCASecretName Secret, or does nothing if a namespace/name Secret is already present. It returns a boolean indicating if it created a Secret and an error indicating any failures it encountered.

func GetManagedLabelForServiceSecret ¶

func GetManagedLabelForServiceSecret(svcNN types.NamespacedName) client.MatchingLabels

GetManagedLabelForServiceSecret returns a label selector for the ServiceSecret.

func IsTLSSecretValid ¶ added in v1.3.0

func IsTLSSecretValid(secret *corev1.Secret) bool

IsTLSSecretValid checks if a Secret contains a valid TLS certificate and key.

func ParseKey ¶ added in v1.5.0

func ParseKey(
	keyType x509.PublicKeyAlgorithm,
	pemBlock *pem.Block,
) (crypto.Signer, error)

ParseKey parses a private key from a PEM block based on the provided keyType.

func SignatureAlgorithmForKeyType ¶ added in v1.5.0

func SignatureAlgorithmForKeyType(keyType x509.PublicKeyAlgorithm) x509.SignatureAlgorithm

SignatureAlgorithmForKeyType returns the default signature algorithm for the provided key type.

Types ¶

type KeyConfig ¶ added in v1.5.0

type KeyConfig struct {
	// Type is the type of the key to generate
	Type x509.PublicKeyAlgorithm

	// Size is the size of the key to generate in bits.
	// This is only used for RSA keys.
	Size int
}

KeyConfig is the configuration for generating a private key.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
ref

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL