cert

package

v0.3.0 Latest Latest Go to latest Published: Jan 31, 2026 License: Apache-2.0 Imports: 15 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/volcano-sh/kthena

Links

Documentation ¶

Index ¶

Constants
func EnsureCertificate(ctx context.Context, kubeClient kubernetes.Interface, ...) ([]byte, error)
func UpdateMutatingWebhookCABundle(ctx context.Context, kubeClient kubernetes.Interface, webhookName string, ...) error
func UpdateValidatingWebhookCABundle(ctx context.Context, kubeClient kubernetes.Interface, webhookName string, ...) error
type CertBundle
- func GenerateSelfSignedCertificate(dnsNames []string) (*CertBundle, error)
- func LoadCertBundleFromSecret(ctx context.Context, kubeClient kubernetes.Interface, ...) (*CertBundle, error)

Constants ¶

View Source

const (
	// RSAKeySize is the size of the RSA key for certificate generation
	RSAKeySize = 2048
	// CertValidityYears is the number of years the certificate is valid
	CertValidityYears = 10
)

View Source

const (
	// TLSCertKey is the key for the TLS certificate in the secret
	TLSCertKey = "tls.crt"
	// TLSKeyKey is the key for the TLS private key in the secret
	TLSKeyKey = "tls.key"
	// CAKey is the key for the CA certificate in the secret
	CAKey = "ca.crt"
)

Variables ¶

This section is empty.

Functions ¶

func EnsureCertificate ¶

func EnsureCertificate(ctx context.Context, kubeClient kubernetes.Interface, namespace, secretName string, dnsNames []string) ([]byte, error)

EnsureCertificate ensures that a certificate exists for the webhook server. If the secret doesn't exist, it generates a new certificate and creates the secret. If the secret already exists, it returns without error (reusing existing certificate). Returns the CA bundle bytes that can be used to update webhook configurations.

func UpdateMutatingWebhookCABundle ¶

func UpdateMutatingWebhookCABundle(ctx context.Context, kubeClient kubernetes.Interface, webhookName string, caBundle []byte) error

UpdateMutatingWebhookCABundle updates the MutatingWebhookConfiguration with the provided CA bundle

func UpdateValidatingWebhookCABundle ¶

func UpdateValidatingWebhookCABundle(ctx context.Context, kubeClient kubernetes.Interface, webhookName string, caBundle []byte) error

UpdateValidatingWebhookCABundle updates the ValidatingWebhookConfiguration with the provided CA bundle

Types ¶

type CertBundle ¶

type CertBundle struct {
	// CertPEM is the PEM-encoded certificate
	CertPEM []byte
	// KeyPEM is the PEM-encoded private key
	KeyPEM []byte
	// CAPEM is the PEM-encoded CA certificate
	CAPEM []byte
}

CertBundle contains the certificate, key, and CA certificate

func GenerateSelfSignedCertificate ¶

func GenerateSelfSignedCertificate(dnsNames []string) (*CertBundle, error)

GenerateSelfSignedCertificate generates a self-signed certificate for webhook server

func LoadCertBundleFromSecret ¶

func LoadCertBundleFromSecret(ctx context.Context, kubeClient kubernetes.Interface, namespace, secretName string) (*CertBundle, error)

LoadCertBundleFromSecret tries to read key cert bundle from a Kubernetes Secret.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL