secrets

package

v2.1.1 Latest Latest Go to latest Published: Feb 19, 2026 License: Apache-2.0 Imports: 36 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/kong/kong-operator

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func CreatePrivateKey(keyConfig KeyConfig) (crypto.Signer, *pem.Block, x509.SignatureAlgorithm, error)
func EnsureCertificate[T interface{ ... }](ctx context.Context, owner T, subject string, ...) (op.Result, *corev1.Secret, error)
func GetManagedLabelForServiceSecret(svcNN types.NamespacedName) client.MatchingLabels
func IsTLSSecretValid(secret *corev1.Secret) bool
func ParsePrivateKey(pemBlock *pem.Block) (crypto.Signer, x509.SignatureAlgorithm, error)
func SetCALogger(logger logr.Logger)
func SignatureAlgorithmForKeyType(keyType x509.PublicKeyAlgorithm) x509.SignatureAlgorithm
type KeyConfig
- func DetectCertType(certPEM []byte) (KeyConfig, error)

Constants ¶

View Source

const (
	// SignatureAlgorithmForECDSA is the default signature algorithm for ECDSA keys.
	SignatureAlgorithmForECDSA x509.SignatureAlgorithm = x509.ECDSAWithSHA256
	// SignatureAlgorithmForRSA is the default signature algorithm for RSA keys.
	SignatureAlgorithmForRSA x509.SignatureAlgorithm = x509.SHA256WithRSA
)

Variables ¶

This section is empty.

Functions ¶

func CreatePrivateKey ¶

func CreatePrivateKey(
	keyConfig KeyConfig,
) (crypto.Signer, *pem.Block, x509.SignatureAlgorithm, error)

CreatePrivateKey generates a private key based on the provided keyConfig.

func EnsureCertificate ¶

func EnsureCertificate[
	T interface {
		k8sresources.ControlPlaneOrDataPlaneOrKonnectExtension
		client.Object
	},
](
	ctx context.Context,
	owner T,
	subject string,
	mtlsCASecretNN types.NamespacedName,
	usages []certificatesv1.KeyUsage,
	cl client.Client,
	additionalMatchingLabels client.MatchingLabels,
) (op.Result, *corev1.Secret, error)

EnsureCertificate creates a namespace/name Secret for subject signed by the CA in the mtlsCASecretNamespace/mtlsCASecretName Secret, or does nothing if a namespace/name Secret is already present. It returns a boolean indicating if it created a Secret and an error indicating any failures it encountered.

func GetManagedLabelForServiceSecret ¶

func GetManagedLabelForServiceSecret(svcNN types.NamespacedName) client.MatchingLabels

GetManagedLabelForServiceSecret returns a label selector for the ServiceSecret.

func IsTLSSecretValid ¶

func IsTLSSecretValid(secret *corev1.Secret) bool

IsTLSSecretValid checks if a Secret contains a valid TLS certificate and key.

func ParsePrivateKey ¶

func ParsePrivateKey(pemBlock *pem.Block) (crypto.Signer, x509.SignatureAlgorithm, error)

ParsePrivateKey parses a PEM block and returns a crypto.Signer and x509.SignatureAlgorithm.

func SetCALogger ¶

func SetCALogger(logger logr.Logger)

SetCALogger sets the logger for the CFSSL signer. Call it once at the start of the program to ensure that CFSSL logs are captured by the operator's logger. Subsequent calls to this function will have no effect.

func SignatureAlgorithmForKeyType ¶

func SignatureAlgorithmForKeyType(keyType x509.PublicKeyAlgorithm) x509.SignatureAlgorithm

SignatureAlgorithmForKeyType returns the default signature algorithm for the provided key type.

Types ¶

type KeyConfig ¶

type KeyConfig struct {
	// Type is the type of the key to generate
	Type x509.PublicKeyAlgorithm

	// Size is the size of the key to generate in bits.
	// This is only used for RSA keys.
	Size int
}

KeyConfig is the configuration for generating a private key.

func DetectCertType ¶ added in v2.1.1

func DetectCertType(certPEM []byte) (KeyConfig, error)

DetectCertType inspects a PEM-encoded certificate and returns its KeyConfig.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
ref

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL