tls

package
v1.4.21-pre Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 22, 2025 License: Apache-2.0 Imports: 35 Imported by: 187

Documentation

Overview

Package tls defines and generates the tls assets based on its dependencies.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CSRToPem 

func CSRToPem(cert *x509.CertificateRequest) []byte

CSRToPem converts an x509.CertificateRequest to a pem string

func CertToPem 

func CertToPem(cert *x509.Certificate) []byte

CertToPem converts an x509.Certificate object to a pem string

func GenerateSelfSignedCertificate added in v0.4.15 

func GenerateSelfSignedCertificate(cfg *CertCfg) (*rsa.PrivateKey, *x509.Certificate, error)

GenerateSelfSignedCertificate generates a key/cert pair defined by CertCfg.

func GenerateSignedCertificate added in v0.4.15 

func GenerateSignedCertificate(caKey *rsa.PrivateKey, caCert *x509.Certificate,
	cfg *CertCfg) (*rsa.PrivateKey, *x509.Certificate, error)

GenerateSignedCertificate generate a key and cert defined by CertCfg and signed by CA.

func PemToCertificate 

func PemToCertificate(data []byte) (*x509.Certificate, error)

PemToCertificate converts a data block to x509.Certificate.

func PemToPrivateKey 

func PemToPrivateKey(data []byte) (*rsa.PrivateKey, error)

PemToPrivateKey converts a data block to rsa.PrivateKey.

func PemToPublicKey added in v0.4.15 

func PemToPublicKey(data []byte) (*rsa.PublicKey, error)

PemToPublicKey converts a data block to rsa.PublicKey.

func PrivateKey 

func PrivateKey() (*rsa.PrivateKey, error)

PrivateKey generates an RSA Private key and returns the value

func PrivateKeyToPem 

func PrivateKeyToPem(key *rsa.PrivateKey) []byte

PrivateKeyToPem converts an rsa.PrivateKey object to pem string

func PublicKeyToPem 

func PublicKeyToPem(key *rsa.PublicKey) ([]byte, error)

PublicKeyToPem converts an rsa.PublicKey object to pem string

func RegenerateMCSCertKey 

func RegenerateMCSCertKey(ic *installconfig.InstallConfig, ca *RootCA, privateLBs []string) ([]byte, []byte, error)

RegenerateMCSCertKey generates the cert/key pair based on input values.

func RegenerateSignedCertKey 

func RegenerateSignedCertKey(
	cfg *CertCfg,
	parentCA CertKeyInterface,
	appendParent AppendParentChoice,
) ([]byte, []byte, error)

RegenerateSignedCertKey regenerates a cert/key pair signed by the specified parent CA. It does not write the cert/key pair to an asset file.

func SelfSignedCertificate added in v0.4.15 

func SelfSignedCertificate(cfg *CertCfg, key *rsa.PrivateKey) (*x509.Certificate, error)

SelfSignedCertificate creates a self signed certificate

func SignedCertificate 

func SignedCertificate(
	cfg *CertCfg,
	csr *x509.CertificateRequest,
	key *rsa.PrivateKey,
	caCert *x509.Certificate,
	caKey *rsa.PrivateKey,
) (*x509.Certificate, error)

SignedCertificate creates a new X.509 certificate based on a template.

func ValidityOneDay added in v0.4.15 

func ValidityOneDay(installConfig *installconfig.InstallConfig) time.Duration

ValidityOneDay sets the validity of a cert to 24 hours - or 1 hour when ShortRotationEnabled featuregate is enabled.

func ValidityOneYear added in v0.4.15 

func ValidityOneYear(installConfig *installconfig.InstallConfig) time.Duration

ValidityOneYear sets the validity of a cert to 1 year - or two hours when ShortRotationEnabled featuregate is enabled.

func ValidityTenYears 

func ValidityTenYears() time.Duration

ValidityTenYears sets the validity of a cert to 10 years.

Types

type APIServerProxyCertKey added in v0.2.0 

type APIServerProxyCertKey struct {
	SignedCertKey
}

APIServerProxyCertKey is the asset that generates the API server proxy key/cert pair. [DEPRECATED]

func (*APIServerProxyCertKey) Dependencies added in v0.2.0 

func (a *APIServerProxyCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*APIServerProxyCertKey) Generate added in v0.2.0 

func (a *APIServerProxyCertKey) Generate(ctx context.Context, dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*APIServerProxyCertKey) Name added in v0.2.0 

func (a *APIServerProxyCertKey) Name() string

Name returns the human-friendly name of the asset.

type AdminKubeConfigCABundle added in v0.4.15 

type AdminKubeConfigCABundle struct {
	CertBundle
}

AdminKubeConfigCABundle is the asset the generates the admin-kubeconfig-ca-bundle, which contains all the individual client CAs.

func (*AdminKubeConfigCABundle) Dependencies added in v0.4.15 

func (a *AdminKubeConfigCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*AdminKubeConfigCABundle) Generate added in v0.4.15 

func (a *AdminKubeConfigCABundle) Generate(ctx context.Context, deps asset.Parents) error

Generate generates the cert bundle based on its dependencies.

func (*AdminKubeConfigCABundle) Name added in v0.4.15 

func (a *AdminKubeConfigCABundle) Name() string

Name returns the human-friendly name of the asset.

type AdminKubeConfigClientCertKey added in v0.4.15 

type AdminKubeConfigClientCertKey struct {
	SignedCertKey
}

AdminKubeConfigClientCertKey is the asset that generates the key/cert pair for admin client to apiserver.

func (*AdminKubeConfigClientCertKey) Dependencies added in v0.4.15 

func (a *AdminKubeConfigClientCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*AdminKubeConfigClientCertKey) Generate added in v0.4.15 

func (a *AdminKubeConfigClientCertKey) Generate(ctx context.Context, dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*AdminKubeConfigClientCertKey) Load added in v0.4.15 

func (a *AdminKubeConfigClientCertKey) Load(f asset.FileFetcher) (bool, error)

Load reads the asset files from disk.

func (*AdminKubeConfigClientCertKey) Name added in v0.4.15 

func (a *AdminKubeConfigClientCertKey) Name() string

Name returns the human-friendly name of the asset.

type AdminKubeConfigSignerCertKey added in v0.4.15 

type AdminKubeConfigSignerCertKey struct {
	SelfSignedCertKey
}

AdminKubeConfigSignerCertKey is a key/cert pair that signs the admin kubeconfig client certs.

func (*AdminKubeConfigSignerCertKey) Dependencies added in v0.4.15 

func (c *AdminKubeConfigSignerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the root-ca, which is empty.

func (*AdminKubeConfigSignerCertKey) Generate added in v0.4.15 

func (c *AdminKubeConfigSignerCertKey) Generate(ctx context.Context, parents asset.Parents) error

Generate generates the root-ca key and cert pair.

func (*AdminKubeConfigSignerCertKey) Load added in v0.4.15 

func (c *AdminKubeConfigSignerCertKey) Load(f asset.FileFetcher) (bool, error)

Load reads the asset files from disk.

func (*AdminKubeConfigSignerCertKey) Name added in v0.4.15 

func (c *AdminKubeConfigSignerCertKey) Name() string

Name returns the human-friendly name of the asset.

type AggregatorCA added in v0.2.0 

type AggregatorCA struct {
	SelfSignedCertKey
}

AggregatorCA is the asset that generates the aggregator-ca key/cert pair. [DEPRECATED]

func (*AggregatorCA) Dependencies added in v0.2.0 

func (a *AggregatorCA) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*AggregatorCA) Generate added in v0.2.0 

func (a *AggregatorCA) Generate(ctx context.Context, dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*AggregatorCA) Name added in v0.2.0 

func (a *AggregatorCA) Name() string

Name returns the human-friendly name of the asset.

type AggregatorCABundle added in v0.4.15 

type AggregatorCABundle struct {
	CertBundle
}

AggregatorCABundle is the asset the generates the aggregator-ca-bundle, which contains all the individual client CAs.

func (*AggregatorCABundle) Dependencies added in v0.4.15 

func (a *AggregatorCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*AggregatorCABundle) Generate added in v0.4.15 

func (a *AggregatorCABundle) Generate(ctx context.Context, deps asset.Parents) error

Generate generates the cert bundle based on its dependencies.

func (*AggregatorCABundle) Name added in v0.4.15 

func (a *AggregatorCABundle) Name() string

Name returns the human-friendly name of the asset.

type AggregatorClientCertKey added in v0.4.15 

type AggregatorClientCertKey struct {
	SignedCertKey
}

AggregatorClientCertKey is the asset that generates the API server proxy key/cert pair.

func (*AggregatorClientCertKey) Dependencies added in v0.4.15 

func (a *AggregatorClientCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair

func (*AggregatorClientCertKey) Generate added in v0.4.15 

func (a *AggregatorClientCertKey) Generate(ctx context.Context, dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*AggregatorClientCertKey) Name added in v0.4.15 

func (a *AggregatorClientCertKey) Name() string

Name returns the human-friendly name of the asset.

type AggregatorSignerCertKey added in v0.4.15 

type AggregatorSignerCertKey struct {
	SelfSignedCertKey
}

AggregatorSignerCertKey is a key/cert pair that signs the aggregator client certs.

func (*AggregatorSignerCertKey) Dependencies added in v0.4.15 

func (c *AggregatorSignerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the root-ca, which is empty.

func (*AggregatorSignerCertKey) Generate added in v0.4.15 

func (c *AggregatorSignerCertKey) Generate(ctx context.Context, parents asset.Parents) error

Generate generates the root-ca key and cert pair.

func (*AggregatorSignerCertKey) Name added in v0.4.15 

func (c *AggregatorSignerCertKey) Name() string

Name returns the human-friendly name of the asset.

type AppendParentChoice added in v0.2.0 

type AppendParentChoice bool

AppendParentChoice dictates whether the parent's cert is to be added to the cert. 

const (
	// AppendParent indicates that the parent's cert should be added.
	AppendParent AppendParentChoice = true
	// DoNotAppendParent indicates that the parent's cert should not be added.
	DoNotAppendParent AppendParentChoice = false
)

type BMCVerifyCA 

type BMCVerifyCA struct {
	File *asset.File
}

BMCVerifyCA is the asset for the user-provided BMC verify CA certificate file. This CA certificate is used to verify BMC TLS certificates.

func (*BMCVerifyCA) Dependencies 

func (*BMCVerifyCA) Dependencies() []asset.Asset

Dependencies returns the dependency of the asset.

func (*BMCVerifyCA) Files 

func (a *BMCVerifyCA) Files() []*asset.File

Files returns the files generated by the asset.

func (*BMCVerifyCA) Generate 

func (a *BMCVerifyCA) Generate(_ context.Context, dependencies asset.Parents) error

Generate generates the BMC verify CA file from the install config.

func (*BMCVerifyCA) Load 

func (a *BMCVerifyCA) Load(f asset.FileFetcher) (bool, error)

Load loads the already-generated files back from disk.

func (*BMCVerifyCA) Name 

func (*BMCVerifyCA) Name() string

Name returns the human-friendly name of the asset.

type BootstrapSSHKeyPair added in v0.4.15 

type BootstrapSSHKeyPair struct {
	Priv []byte // private key
	Pub  []byte // public ssh key
}

BootstrapSSHKeyPair generates a private, public key pair for SSH. These keys can use to used to configure the bootstrap-host so that the private key can be used to connect.

func (*BootstrapSSHKeyPair) Dependencies added in v0.4.15 

func (a *BootstrapSSHKeyPair) Dependencies() []asset.Asset

Dependencies lists the assets required to generate the BootstrapSSHKeyPair.

func (*BootstrapSSHKeyPair) Files added in v0.4.15 

func (a *BootstrapSSHKeyPair) Files() []*asset.File

Files returns the files generated by the asset.

func (*BootstrapSSHKeyPair) Generate added in v0.4.15 

func (a *BootstrapSSHKeyPair) Generate(ctx context.Context, dependencies asset.Parents) error

Generate generates the key pair based on its dependencies.

func (*BootstrapSSHKeyPair) Load added in v0.4.15 

func (a *BootstrapSSHKeyPair) Load(asset.FileFetcher) (bool, error)

Load is a no-op because the service account keypair is not written to disk.

func (*BootstrapSSHKeyPair) Name added in v0.4.15 

func (a *BootstrapSSHKeyPair) Name() string

Name defines a user freindly name for BootstrapSSHKeyPair.

func (*BootstrapSSHKeyPair) Private added in v0.4.15 

func (a *BootstrapSSHKeyPair) Private() []byte

Private returns the private key.

func (*BootstrapSSHKeyPair) Public added in v0.4.15 

func (a *BootstrapSSHKeyPair) Public() []byte

Public returns the public SSH key.

type BoundSASigningKey added in v0.4.15 

type BoundSASigningKey struct {
	FileList []*asset.File
}

BoundSASigningKey contains a user provided key and public parts for the service account signing key used by kube-apiserver. This asset does not generate any new content and only loads these files from disk when provided by the user.

func (*BoundSASigningKey) Dependencies added in v0.4.15 

func (*BoundSASigningKey) Dependencies() []asset.Asset

Dependencies returns all of the dependencies directly needed to generate the asset.

func (*BoundSASigningKey) Files added in v0.4.15 

func (sk *BoundSASigningKey) Files() []*asset.File

Files returns the files generated by the asset.

func (*BoundSASigningKey) Generate added in v0.4.15 

func (*BoundSASigningKey) Generate(_ context.Context, dependencies asset.Parents) error

Generate generates the CloudProviderConfig.

func (*BoundSASigningKey) Load added in v0.4.15 

func (sk *BoundSASigningKey) Load(f asset.FileFetcher) (bool, error)

Load reads the private key from the disk. It ensures that the key provided is a valid RSA key.

func (*BoundSASigningKey) Name added in v0.4.15 

func (*BoundSASigningKey) Name() string

Name returns a human friendly name for the asset.

type CertBundle added in v0.4.15 

type CertBundle struct {
	BundleRaw []byte
	FileList  []*asset.File
}

CertBundle contains a multiple certificates in a bundle.

func (*CertBundle) Cert added in v0.4.15 

func (b *CertBundle) Cert() []byte

Cert returns the certificate bundle.

func (*CertBundle) Files added in v0.4.15 

func (b *CertBundle) Files() []*asset.File

Files returns the files generated by the asset.

func (*CertBundle) Generate added in v0.4.15 

func (b *CertBundle) Generate(_ context.Context, filename string, certs ...CertInterface) error

Generate generates the cert bundle from certs.

func (*CertBundle) Load added in v0.4.15 

func (b *CertBundle) Load(asset.FileFetcher) (bool, error)

Load is a no-op because TLS assets are not written to disk.

type CertCfg 

type CertCfg struct {
	DNSNames     []string
	ExtKeyUsages []x509.ExtKeyUsage
	IPAddresses  []net.IP
	KeyUsages    x509.KeyUsage
	Subject      pkix.Name
	Validity     time.Duration
	IsCA         bool
}

CertCfg contains all needed fields to configure a new certificate

type CertInterface added in v0.4.15 

type CertInterface interface {
	// Cert returns the certificate.
	Cert() []byte
}

CertInterface contains cert.

type CertKey 

type CertKey struct {
	CertRaw  []byte
	KeyRaw   []byte
	FileList []*asset.File
}

CertKey contains the private key and the cert.

func (*CertKey) Cert added in v0.2.0 

func (c *CertKey) Cert() []byte

Cert returns the certificate.

func (*CertKey) CertFile added in v0.4.15 

func (c *CertKey) CertFile() *asset.File

CertFile returns the certificate file.

func (*CertKey) Files added in v0.2.0 

func (c *CertKey) Files() []*asset.File

Files returns the files generated by the asset.

func (*CertKey) Key added in v0.2.0 

func (c *CertKey) Key() []byte

Key returns the private key.

func (*CertKey) Load added in v0.3.0 

func (c *CertKey) Load(asset.FileFetcher) (bool, error)

Load is a no-op because TLS assets are not written to disk.

type CertKeyInterface added in v0.2.0 

type CertKeyInterface interface {
	CertInterface
	// Key returns the private key.
	Key() []byte
}

CertKeyInterface contains a private key and the associated cert.

type CloudProviderCABundle added in v0.4.15 

type CloudProviderCABundle struct {
	File *asset.File
}

CloudProviderCABundle is the asset the generates the CA bundle for trusting communication with the cloud provider. This bundle is used by the machine-config-operator on the bootstrap node.

func (*CloudProviderCABundle) Dependencies added in v0.4.15 

func (a *CloudProviderCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the CA bundle.

func (*CloudProviderCABundle) Files added in v0.4.15 

func (a *CloudProviderCABundle) Files() []*asset.File

Files returns the files generated by the asset.

func (*CloudProviderCABundle) Generate added in v0.4.15 

func (a *CloudProviderCABundle) Generate(_ context.Context, deps asset.Parents) error

Generate generates the CA bundle based on its dependencies.

func (*CloudProviderCABundle) Load added in v0.4.15 

func (a *CloudProviderCABundle) Load(asset.FileFetcher) (bool, error)

Load is a no-op because TLS assets are not written to disk.

func (*CloudProviderCABundle) Name added in v0.4.15 

func (a *CloudProviderCABundle) Name() string

Name returns the human-friendly name of the asset.

type IronicTLSCert added in v0.90.0 

type IronicTLSCert struct {
	SelfSignedCertKey
}

IronicTLSCert is the asset that generates the key/cert pair that is used for enabling TLS for virtual media in ironic.

func (*IronicTLSCert) Dependencies added in v0.90.0 

func (a *IronicTLSCert) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*IronicTLSCert) Generate added in v0.90.0 

func (a *IronicTLSCert) Generate(ctx context.Context, dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*IronicTLSCert) Name added in v0.90.0 

func (a *IronicTLSCert) Name() string

Name returns the human-friendly name of the asset.

type JournalCertKey added in v0.4.15 

type JournalCertKey struct {
	SignedCertKey
}

JournalCertKey is the asset that generates the key/cert pair that is used to authenticate with journal-gatewayd on the bootstrap node.

func (*JournalCertKey) Dependencies added in v0.4.15 

func (a *JournalCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*JournalCertKey) Generate added in v0.4.15 

func (a *JournalCertKey) Generate(ctx context.Context, dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*JournalCertKey) Name added in v0.4.15 

func (a *JournalCertKey) Name() string

Name returns the human-friendly name of the asset.

type KeyPair 

type KeyPair struct {
	Pvt      []byte
	Pub      []byte
	FileList []*asset.File
}

KeyPair contains a private key and a public key.

func (*KeyPair) Files added in v0.2.0 

func (k *KeyPair) Files() []*asset.File

Files returns the files generated by the asset.

func (*KeyPair) Generate 

func (k *KeyPair) Generate(_ context.Context, filenameBase string) error

Generate generates the rsa private / public key pair.

func (*KeyPair) Private added in v0.2.0 

func (k *KeyPair) Private() []byte

Private returns the private key.

func (*KeyPair) Public added in v0.2.0 

func (k *KeyPair) Public() []byte

Public returns the public key.

type KeyPairInterface added in v0.2.0 

type KeyPairInterface interface {
	// Private returns the private key.
	Private() []byte
	// Public returns the public key.
	Public() []byte
}

KeyPairInterface contains a private key and a public key.

type KubeAPIServerCompleteCABundle added in v0.4.15 

type KubeAPIServerCompleteCABundle struct {
	CertBundle
}

KubeAPIServerCompleteCABundle is the asset the generates the kube-apiserver-complete-server-ca-bundle, which contains all the certs that are valid to confirm the kube-apiserver identity.

func (*KubeAPIServerCompleteCABundle) Dependencies added in v0.4.15 

func (a *KubeAPIServerCompleteCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*KubeAPIServerCompleteCABundle) Generate added in v0.4.15 

func (a *KubeAPIServerCompleteCABundle) Generate(ctx context.Context, deps asset.Parents) error

Generate generates the cert bundle based on its dependencies.

func (*KubeAPIServerCompleteCABundle) Name added in v0.4.15 

func (a *KubeAPIServerCompleteCABundle) Name() string

Name returns the human-friendly name of the asset.

type KubeAPIServerCompleteClientCABundle added in v0.4.15 

type KubeAPIServerCompleteClientCABundle struct {
	CertBundle
}

KubeAPIServerCompleteClientCABundle is the asset the generates the kube-apiserver-complete-client-ca-bundle, which contains all the certs that are valid for the kube-apiserver to trust for clients.

func (*KubeAPIServerCompleteClientCABundle) Dependencies added in v0.4.15 

func (a *KubeAPIServerCompleteClientCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*KubeAPIServerCompleteClientCABundle) Generate added in v0.4.15 

func (a *KubeAPIServerCompleteClientCABundle) Generate(ctx context.Context, deps asset.Parents) error

Generate generates the cert bundle based on its dependencies.

func (*KubeAPIServerCompleteClientCABundle) Name added in v0.4.15 

func (a *KubeAPIServerCompleteClientCABundle) Name() string

Name returns the human-friendly name of the asset.

type KubeAPIServerExternalLBServerCertKey added in v0.4.15 

type KubeAPIServerExternalLBServerCertKey struct {
	SignedCertKey
}

KubeAPIServerExternalLBServerCertKey is the asset that generates the kube-apiserver serving key/cert pair for SNI external load balancer.

func (*KubeAPIServerExternalLBServerCertKey) Dependencies added in v0.4.15 

func (a *KubeAPIServerExternalLBServerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair

func (*KubeAPIServerExternalLBServerCertKey) Generate added in v0.4.15 

func (a *KubeAPIServerExternalLBServerCertKey) Generate(ctx context.Context, dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*KubeAPIServerExternalLBServerCertKey) Name added in v0.4.15 

func (a *KubeAPIServerExternalLBServerCertKey) Name() string

Name returns the human-friendly name of the asset.

type KubeAPIServerInternalLBServerCertKey added in v0.4.15 

type KubeAPIServerInternalLBServerCertKey struct {
	SignedCertKey
}

KubeAPIServerInternalLBServerCertKey is the asset that generates the kube-apiserver serving key/cert pair for SNI internal load balancer.

func (*KubeAPIServerInternalLBServerCertKey) Dependencies added in v0.4.15 

func (a *KubeAPIServerInternalLBServerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair

func (*KubeAPIServerInternalLBServerCertKey) Generate added in v0.4.15 

func (a *KubeAPIServerInternalLBServerCertKey) Generate(ctx context.Context, dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*KubeAPIServerInternalLBServerCertKey) Name added in v0.4.15 

func (a *KubeAPIServerInternalLBServerCertKey) Name() string

Name returns the human-friendly name of the asset.

type KubeAPIServerLBCABundle added in v0.4.15 

type KubeAPIServerLBCABundle struct {
	CertBundle
}

KubeAPIServerLBCABundle is the asset the generates the kube-apiserver-lb-ca-bundle, which contains all the individual client CAs.

func (*KubeAPIServerLBCABundle) Dependencies added in v0.4.15 

func (a *KubeAPIServerLBCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*KubeAPIServerLBCABundle) Generate added in v0.4.15 

func (a *KubeAPIServerLBCABundle) Generate(ctx context.Context, deps asset.Parents) error

Generate generates the cert bundle based on its dependencies.

func (*KubeAPIServerLBCABundle) Name added in v0.4.15 

func (a *KubeAPIServerLBCABundle) Name() string

Name returns the human-friendly name of the asset.

type KubeAPIServerLBSignerCertKey added in v0.4.15 

type KubeAPIServerLBSignerCertKey struct {
	SelfSignedCertKey
}

KubeAPIServerLBSignerCertKey is a key/cert pair that signs the kube-apiserver server cert for SNI load balancer.

func (*KubeAPIServerLBSignerCertKey) Dependencies added in v0.4.15 

func (c *KubeAPIServerLBSignerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the root-ca, which is empty.

func (*KubeAPIServerLBSignerCertKey) Generate added in v0.4.15 

func (c *KubeAPIServerLBSignerCertKey) Generate(ctx context.Context, parents asset.Parents) error

Generate generates the root-ca key and cert pair.

func (*KubeAPIServerLBSignerCertKey) Load added in v0.4.15 

func (c *KubeAPIServerLBSignerCertKey) Load(f asset.FileFetcher) (bool, error)

Load reads the asset files from disk.

func (*KubeAPIServerLBSignerCertKey) Name added in v0.4.15 

func (c *KubeAPIServerLBSignerCertKey) Name() string

Name returns the human-friendly name of the asset.

type KubeAPIServerLocalhostCABundle added in v0.4.15 

type KubeAPIServerLocalhostCABundle struct {
	CertBundle
}

KubeAPIServerLocalhostCABundle is the asset the generates the kube-apiserver-localhost-ca-bundle, which contains all the individual client CAs.

func (*KubeAPIServerLocalhostCABundle) Dependencies added in v0.4.15 

func (a *KubeAPIServerLocalhostCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*KubeAPIServerLocalhostCABundle) Generate added in v0.4.15 

func (a *KubeAPIServerLocalhostCABundle) Generate(ctx context.Context, deps asset.Parents) error

Generate generates the cert bundle based on its dependencies.

func (*KubeAPIServerLocalhostCABundle) Name added in v0.4.15 

func (a *KubeAPIServerLocalhostCABundle) Name() string

Name returns the human-friendly name of the asset.

type KubeAPIServerLocalhostServerCertKey added in v0.4.15 

type KubeAPIServerLocalhostServerCertKey struct {
	SignedCertKey
}

KubeAPIServerLocalhostServerCertKey is the asset that generates the kube-apiserver serving key/cert pair for SNI localhost.

func (*KubeAPIServerLocalhostServerCertKey) Dependencies added in v0.4.15 

func (a *KubeAPIServerLocalhostServerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair

func (*KubeAPIServerLocalhostServerCertKey) Generate added in v0.4.15 

func (a *KubeAPIServerLocalhostServerCertKey) Generate(ctx context.Context, dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*KubeAPIServerLocalhostServerCertKey) Name added in v0.4.15 

func (a *KubeAPIServerLocalhostServerCertKey) Name() string

Name returns the human-friendly name of the asset.

type KubeAPIServerLocalhostSignerCertKey added in v0.4.15 

type KubeAPIServerLocalhostSignerCertKey struct {
	SelfSignedCertKey
}

KubeAPIServerLocalhostSignerCertKey is a key/cert pair that signs the kube-apiserver server cert for SNI localhost.

func (*KubeAPIServerLocalhostSignerCertKey) Dependencies added in v0.4.15 

func (c *KubeAPIServerLocalhostSignerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the root-ca, which is empty.

func (*KubeAPIServerLocalhostSignerCertKey) Generate added in v0.4.15 

func (c *KubeAPIServerLocalhostSignerCertKey) Generate(ctx context.Context, parents asset.Parents) error

Generate generates the root-ca key and cert pair.

func (*KubeAPIServerLocalhostSignerCertKey) Load added in v0.4.15 

func (c *KubeAPIServerLocalhostSignerCertKey) Load(f asset.FileFetcher) (bool, error)

Load reads the asset files from disk.

func (*KubeAPIServerLocalhostSignerCertKey) Name added in v0.4.15 

func (c *KubeAPIServerLocalhostSignerCertKey) Name() string

Name returns the human-friendly name of the asset.

type KubeAPIServerServiceNetworkCABundle added in v0.4.15 

type KubeAPIServerServiceNetworkCABundle struct {
	CertBundle
}

KubeAPIServerServiceNetworkCABundle is the asset the generates the kube-apiserver-service-network-ca-bundle, which contains all the individual client CAs.

func (*KubeAPIServerServiceNetworkCABundle) Dependencies added in v0.4.15 

func (a *KubeAPIServerServiceNetworkCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*KubeAPIServerServiceNetworkCABundle) Generate added in v0.4.15 

func (a *KubeAPIServerServiceNetworkCABundle) Generate(ctx context.Context, deps asset.Parents) error

Generate generates the cert bundle based on its dependencies.

func (*KubeAPIServerServiceNetworkCABundle) Name added in v0.4.15 

func (a *KubeAPIServerServiceNetworkCABundle) Name() string

Name returns the human-friendly name of the asset.

type KubeAPIServerServiceNetworkServerCertKey added in v0.4.15 

type KubeAPIServerServiceNetworkServerCertKey struct {
	SignedCertKey
}

KubeAPIServerServiceNetworkServerCertKey is the asset that generates the kube-apiserver serving key/cert pair for SNI service network.

func (*KubeAPIServerServiceNetworkServerCertKey) Dependencies added in v0.4.15 

func (a *KubeAPIServerServiceNetworkServerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair

func (*KubeAPIServerServiceNetworkServerCertKey) Generate added in v0.4.15 

func (a *KubeAPIServerServiceNetworkServerCertKey) Generate(ctx context.Context, dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*KubeAPIServerServiceNetworkServerCertKey) Name added in v0.4.15 

func (a *KubeAPIServerServiceNetworkServerCertKey) Name() string

Name returns the human-friendly name of the asset.

type KubeAPIServerServiceNetworkSignerCertKey added in v0.4.15 

type KubeAPIServerServiceNetworkSignerCertKey struct {
	SelfSignedCertKey
}

KubeAPIServerServiceNetworkSignerCertKey is a key/cert pair that signs the kube-apiserver server cert for SNI service network.

func (*KubeAPIServerServiceNetworkSignerCertKey) Dependencies added in v0.4.15 

func (c *KubeAPIServerServiceNetworkSignerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the root-ca, which is empty.

func (*KubeAPIServerServiceNetworkSignerCertKey) Generate added in v0.4.15 

func (c *KubeAPIServerServiceNetworkSignerCertKey) Generate(ctx context.Context, parents asset.Parents) error

Generate generates the root-ca key and cert pair.

func (*KubeAPIServerServiceNetworkSignerCertKey) Load added in v0.4.15 

func (c *KubeAPIServerServiceNetworkSignerCertKey) Load(f asset.FileFetcher) (bool, error)

Load reads the asset files from disk.

func (*KubeAPIServerServiceNetworkSignerCertKey) Name added in v0.4.15 

func (c *KubeAPIServerServiceNetworkSignerCertKey) Name() string

Name returns the human-friendly name of the asset.

type KubeAPIServerToKubeletCABundle added in v0.4.15 

type KubeAPIServerToKubeletCABundle struct {
	CertBundle
}

KubeAPIServerToKubeletCABundle is the asset the generates the kube-apiserver-to-kubelet-ca-bundle, which contains all the individual client CAs.

func (*KubeAPIServerToKubeletCABundle) Dependencies added in v0.4.15 

func (a *KubeAPIServerToKubeletCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*KubeAPIServerToKubeletCABundle) Generate added in v0.4.15 

func (a *KubeAPIServerToKubeletCABundle) Generate(ctx context.Context, deps asset.Parents) error

Generate generates the cert bundle based on its dependencies.

func (*KubeAPIServerToKubeletCABundle) Name added in v0.4.15 

func (a *KubeAPIServerToKubeletCABundle) Name() string

Name returns the human-friendly name of the asset.

type KubeAPIServerToKubeletClientCertKey added in v0.4.15 

type KubeAPIServerToKubeletClientCertKey struct {
	SignedCertKey
}

KubeAPIServerToKubeletClientCertKey is the asset that generates the kube-apiserver to kubelet client key/cert pair.

func (*KubeAPIServerToKubeletClientCertKey) Dependencies added in v0.4.15 

func (a *KubeAPIServerToKubeletClientCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair

func (*KubeAPIServerToKubeletClientCertKey) Generate added in v0.4.15 

func (a *KubeAPIServerToKubeletClientCertKey) Generate(ctx context.Context, dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*KubeAPIServerToKubeletClientCertKey) Name added in v0.4.15 

func (a *KubeAPIServerToKubeletClientCertKey) Name() string

Name returns the human-friendly name of the asset.

type KubeAPIServerToKubeletSignerCertKey added in v0.4.15 

type KubeAPIServerToKubeletSignerCertKey struct {
	SelfSignedCertKey
}

KubeAPIServerToKubeletSignerCertKey is a key/cert pair that signs the kube-apiserver to kubelet client certs.

func (*KubeAPIServerToKubeletSignerCertKey) Dependencies added in v0.4.15 

func (c *KubeAPIServerToKubeletSignerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the root-ca, which is empty.

func (*KubeAPIServerToKubeletSignerCertKey) Generate added in v0.4.15 

func (c *KubeAPIServerToKubeletSignerCertKey) Generate(ctx context.Context, parents asset.Parents) error

Generate generates the root-ca key and cert pair.

func (*KubeAPIServerToKubeletSignerCertKey) Name added in v0.4.15 

func (c *KubeAPIServerToKubeletSignerCertKey) Name() string

Name returns the human-friendly name of the asset.

type KubeControlPlaneCABundle added in v0.4.15 

type KubeControlPlaneCABundle struct {
	CertBundle
}

KubeControlPlaneCABundle is the asset the generates the kube-control-plane-ca-bundle, which contains all the individual client CAs.

func (*KubeControlPlaneCABundle) Dependencies added in v0.4.15 

func (a *KubeControlPlaneCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*KubeControlPlaneCABundle) Generate added in v0.4.15 

func (a *KubeControlPlaneCABundle) Generate(ctx context.Context, deps asset.Parents) error

Generate generates the cert bundle based on its dependencies.

func (*KubeControlPlaneCABundle) Name added in v0.4.15 

func (a *KubeControlPlaneCABundle) Name() string

Name returns the human-friendly name of the asset.

type KubeControlPlaneKubeControllerManagerClientCertKey added in v0.4.15 

type KubeControlPlaneKubeControllerManagerClientCertKey struct {
	SignedCertKey
}

KubeControlPlaneKubeControllerManagerClientCertKey is the asset that generates the kube-controller-manger client key/cert pair.

func (*KubeControlPlaneKubeControllerManagerClientCertKey) Dependencies added in v0.4.15 

func (a *KubeControlPlaneKubeControllerManagerClientCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair

func (*KubeControlPlaneKubeControllerManagerClientCertKey) Generate added in v0.4.15 

func (a *KubeControlPlaneKubeControllerManagerClientCertKey) Generate(ctx context.Context, dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*KubeControlPlaneKubeControllerManagerClientCertKey) Name added in v0.4.15 

func (a *KubeControlPlaneKubeControllerManagerClientCertKey) Name() string

Name returns the human-friendly name of the asset.

type KubeControlPlaneKubeSchedulerClientCertKey added in v0.4.15 

type KubeControlPlaneKubeSchedulerClientCertKey struct {
	SignedCertKey
}

KubeControlPlaneKubeSchedulerClientCertKey is the asset that generates the kube-scheduler client key/cert pair.

func (*KubeControlPlaneKubeSchedulerClientCertKey) Dependencies added in v0.4.15 

func (a *KubeControlPlaneKubeSchedulerClientCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair

func (*KubeControlPlaneKubeSchedulerClientCertKey) Generate added in v0.4.15 

func (a *KubeControlPlaneKubeSchedulerClientCertKey) Generate(ctx context.Context, dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*KubeControlPlaneKubeSchedulerClientCertKey) Name added in v0.4.15 

func (a *KubeControlPlaneKubeSchedulerClientCertKey) Name() string

Name returns the human-friendly name of the asset.

type KubeControlPlaneSignerCertKey added in v0.4.15 

type KubeControlPlaneSignerCertKey struct {
	SelfSignedCertKey
}

KubeControlPlaneSignerCertKey is a key/cert pair that signs the kube control-plane client certs.

func (*KubeControlPlaneSignerCertKey) Dependencies added in v0.4.15 

func (c *KubeControlPlaneSignerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the root-ca, which is empty.

func (*KubeControlPlaneSignerCertKey) Generate added in v0.4.15 

func (c *KubeControlPlaneSignerCertKey) Generate(ctx context.Context, parents asset.Parents) error

Generate generates the root-ca key and cert pair.

func (*KubeControlPlaneSignerCertKey) Name added in v0.4.15 

func (c *KubeControlPlaneSignerCertKey) Name() string

Name returns the human-friendly name of the asset.

type KubeletBootstrapCABundle added in v0.4.15 

type KubeletBootstrapCABundle struct {
	CertBundle
}

KubeletBootstrapCABundle is the asset the generates the admin-kubeconfig-ca-bundle, which contains all the individual client CAs.

func (*KubeletBootstrapCABundle) Dependencies added in v0.4.15 

func (a *KubeletBootstrapCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*KubeletBootstrapCABundle) Generate added in v0.4.15 

func (a *KubeletBootstrapCABundle) Generate(ctx context.Context, deps asset.Parents) error

Generate generates the cert bundle based on its dependencies.

func (*KubeletBootstrapCABundle) Name added in v0.4.15 

func (a *KubeletBootstrapCABundle) Name() string

Name returns the human-friendly name of the asset.

type KubeletBootstrapCertSigner added in v0.4.15 

type KubeletBootstrapCertSigner struct {
	SelfSignedCertKey
}

KubeletBootstrapCertSigner is a key/cert pair that signs the kubelet bootstrap kubeconfig client certs that the kubelet uses to create CSRs for it's real certificates

func (*KubeletBootstrapCertSigner) Dependencies added in v0.4.15 

func (c *KubeletBootstrapCertSigner) Dependencies() []asset.Asset

Dependencies returns the dependency of the root-ca, which is empty.

func (*KubeletBootstrapCertSigner) Generate added in v0.4.15 

func (c *KubeletBootstrapCertSigner) Generate(ctx context.Context, parents asset.Parents) error

Generate generates the root-ca key and cert pair.

func (*KubeletBootstrapCertSigner) Name added in v0.4.15 

func (c *KubeletBootstrapCertSigner) Name() string

Name returns the human-friendly name of the asset.

type KubeletCSRSignerCertKey added in v0.4.15 

type KubeletCSRSignerCertKey struct {
	SelfSignedCertKey
}

KubeletCSRSignerCertKey is a key/cert pair that signs the kubelet client certs.

func (*KubeletCSRSignerCertKey) Dependencies added in v0.4.15 

func (c *KubeletCSRSignerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the root-ca, which is empty.

func (*KubeletCSRSignerCertKey) Generate added in v0.4.15 

func (c *KubeletCSRSignerCertKey) Generate(ctx context.Context, parents asset.Parents) error

Generate generates the root-ca key and cert pair.

func (*KubeletCSRSignerCertKey) Name added in v0.4.15 

func (c *KubeletCSRSignerCertKey) Name() string

Name returns the human-friendly name of the asset.

type KubeletClientCABundle added in v0.4.15 

type KubeletClientCABundle struct {
	CertBundle
}

KubeletClientCABundle is the asset the generates the kubelet-client-ca-bundle, which contains all the individual client CAs.

func (*KubeletClientCABundle) Dependencies added in v0.4.15 

func (a *KubeletClientCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*KubeletClientCABundle) Generate added in v0.4.15 

func (a *KubeletClientCABundle) Generate(ctx context.Context, deps asset.Parents) error

Generate generates the cert bundle based on its dependencies.

func (*KubeletClientCABundle) Name added in v0.4.15 

func (a *KubeletClientCABundle) Name() string

Name returns the human-friendly name of the asset.

type KubeletClientCertKey added in v0.4.15 

type KubeletClientCertKey struct {
	SignedCertKey
}

KubeletClientCertKey is the asset that generates the key/cert pair for kubelet client to apiserver. This credential can be revoked by deleting the configmap containing its signer.

func (*KubeletClientCertKey) Dependencies added in v0.4.15 

func (a *KubeletClientCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*KubeletClientCertKey) Generate added in v0.4.15 

func (a *KubeletClientCertKey) Generate(ctx context.Context, dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*KubeletClientCertKey) Name added in v0.4.15 

func (a *KubeletClientCertKey) Name() string

Name returns the human-friendly name of the asset.

type KubeletServingCABundle added in v0.4.15 

type KubeletServingCABundle struct {
	CertBundle
}

KubeletServingCABundle is the asset the generates the kubelet-serving-ca-bundle, which contains all the individual client CAs.

func (*KubeletServingCABundle) Dependencies added in v0.4.15 

func (a *KubeletServingCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*KubeletServingCABundle) Generate added in v0.4.15 

func (a *KubeletServingCABundle) Generate(ctx context.Context, deps asset.Parents) error

Generate generates the cert bundle based on its dependencies.

func (*KubeletServingCABundle) Name added in v0.4.15 

func (a *KubeletServingCABundle) Name() string

Name returns the human-friendly name of the asset.

type MCSCertKey added in v0.2.0 

type MCSCertKey struct {
	SignedCertKey
}

MCSCertKey is the asset that generates the MCS key/cert pair.

func (*MCSCertKey) Dependencies added in v0.2.0 

func (a *MCSCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*MCSCertKey) Generate added in v0.2.0 

func (a *MCSCertKey) Generate(ctx context.Context, dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*MCSCertKey) Name added in v0.2.0 

func (a *MCSCertKey) Name() string

Name returns the human-friendly name of the asset.

type RootCA 

type RootCA struct {
	SelfSignedCertKey
}

RootCA contains the private key and the cert that acts as a certificate authority, which is in turn really only used to generate a certificate for the Machine Config Server. More in https://docs.openshift.com/container-platform/4.13/security/certificate_types_descriptions/machine-config-operator-certificates.html and https://github.com/openshift/api/tree/master/tls/docs/MachineConfig%20Operator%20Certificates This logic dates back to the very creation of OpenShift 4 and the initial code for this project. The private key is (as best we know) completely discarded after an installation is complete.

func (*RootCA) Dependencies 

func (c *RootCA) Dependencies() []asset.Asset

Dependencies returns nothing.

func (*RootCA) Generate 

func (c *RootCA) Generate(ctx context.Context, parents asset.Parents) error

Generate generates the MCS/Ignition CA.

func (*RootCA) Name 

func (c *RootCA) Name() string

Name returns the human-friendly name of the asset.

type SelfSignedCertKey added in v0.4.15 

type SelfSignedCertKey struct {
	CertKey
}

SelfSignedCertKey contains the private key and the cert that's self-signed.

func (*SelfSignedCertKey) Generate added in v0.4.15 

func (c *SelfSignedCertKey) Generate(_ context.Context,
	cfg *CertCfg,
	filenameBase string,
) error

Generate generates a cert/key pair signed by the specified parent CA.

type ServiceAccountKeyPair added in v0.2.0 

type ServiceAccountKeyPair struct {
	KeyPair
}

ServiceAccountKeyPair is the asset that generates the service-account public/private key pair.

func (*ServiceAccountKeyPair) Dependencies added in v0.2.0 

func (a *ServiceAccountKeyPair) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*ServiceAccountKeyPair) Generate added in v0.2.0 

func (a *ServiceAccountKeyPair) Generate(ctx context.Context, dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*ServiceAccountKeyPair) Load added in v0.3.0 

func (a *ServiceAccountKeyPair) Load(asset.FileFetcher) (bool, error)

Load is a no-op because the service account keypair is not written to disk.

func (*ServiceAccountKeyPair) Name added in v0.2.0 

func (a *ServiceAccountKeyPair) Name() string

Name returns the human-friendly name of the asset.

type SignedCertKey added in v0.4.15 

type SignedCertKey struct {
	CertKey
}

SignedCertKey contains the private key and the cert that's signed by the parent CA.

func (*SignedCertKey) Generate added in v0.4.15 

func (c *SignedCertKey) Generate(_ context.Context,
	cfg *CertCfg,
	parentCA CertKeyInterface,
	filenameBase string,
	appendParent AppendParentChoice,
) error

Generate generates a cert/key pair signed by the specified parent CA.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.