Documentation ¶
Overview ¶
Package tls defines and generates the tls assets based on its dependencies.
Index ¶
- Constants
- func CSRToPem(cert *x509.CertificateRequest) []byte
- func CertToPem(cert *x509.Certificate) []byte
- func GenerateSelfSignedCertificate(cfg *CertCfg) (*rsa.PrivateKey, *x509.Certificate, error)
- func GenerateSignedCertificate(caKey *rsa.PrivateKey, caCert *x509.Certificate, cfg *CertCfg) (*rsa.PrivateKey, *x509.Certificate, error)
- func PemToCertificate(data []byte) (*x509.Certificate, error)
- func PemToPrivateKey(data []byte) (*rsa.PrivateKey, error)
- func PrivateKey() (*rsa.PrivateKey, error)
- func PrivateKeyToPem(key *rsa.PrivateKey) []byte
- func PublicKeyToPem(key *rsa.PublicKey) ([]byte, error)
- func SelfSignedCertificate(cfg *CertCfg, key *rsa.PrivateKey) (*x509.Certificate, error)
- func SignedCertificate(cfg *CertCfg, csr *x509.CertificateRequest, key *rsa.PrivateKey, ...) (*x509.Certificate, error)
- type APIServerCertKey
- type APIServerProxyCertKey
- type AdminKubeConfigCABundle
- type AdminKubeConfigClientCertKey
- type AdminKubeConfigSignerCertKey
- type AggregatorCA
- type AggregatorCABundle
- type AggregatorClientCertKey
- type AggregatorSignerCertKey
- type AppendParentChoice
- type CertBundle
- type CertCfg
- type CertInterface
- type CertKey
- type CertKeyInterface
- type EtcdCA
- type EtcdCABundle
- type EtcdClientCertKey
- type EtcdMetricsCABundle
- type EtcdMetricsSignerCertKey
- type EtcdMetricsSignerClientCertKey
- type EtcdMetricsSignerServerCertKey
- type EtcdSignerCertKey
- type EtcdSignerClientCertKey
- type JournalCertKey
- type KeyPair
- type KeyPairInterface
- type KubeAPIServerCompleteCABundle
- type KubeAPIServerCompleteClientCABundle
- type KubeAPIServerLBCABundle
- type KubeAPIServerLBServerCertKey
- type KubeAPIServerLBSignerCertKey
- type KubeAPIServerLocalhostCABundle
- type KubeAPIServerLocalhostServerCertKey
- type KubeAPIServerLocalhostSignerCertKey
- type KubeAPIServerServiceNetworkCABundle
- type KubeAPIServerServiceNetworkServerCertKey
- type KubeAPIServerServiceNetworkSignerCertKey
- type KubeAPIServerToKubeletCABundle
- type KubeAPIServerToKubeletClientCertKey
- type KubeAPIServerToKubeletSignerCertKey
- type KubeCA
- type KubeControlPlaneCABundle
- type KubeControlPlaneKubeControllerManagerClientCertKey
- type KubeControlPlaneKubeSchedulerClientCertKey
- type KubeControlPlaneSignerCertKey
- type KubeletBootstrapCABundle
- type KubeletBootstrapCertSigner
- type KubeletCSRSignerCertKey
- type KubeletClientCABundle
- type KubeletClientCertKey
- type KubeletServingCABundle
- type MCSCertKey
- type RootCA
- type SelfSignedCertKey
- type ServiceAccountKeyPair
- type SignedCertKey
Constants ¶
const ( // ValidityOneDay sets the validity of a cert to 24 hours. ValidityOneDay = time.Hour * 24 // ValidityOneYear sets the validity of a cert to 1 year. ValidityOneYear = ValidityOneDay * 365 // ValidityTenYears sets the validity of a cert to 10 years. ValidityTenYears = ValidityOneYear * 10 )
Variables ¶
This section is empty.
Functions ¶
func CSRToPem ¶
func CSRToPem(cert *x509.CertificateRequest) []byte
CSRToPem converts an x509.CertificateRequest to a pem string
func CertToPem ¶
func CertToPem(cert *x509.Certificate) []byte
CertToPem converts an x509.Certificate object to a pem string
func GenerateSelfSignedCertificate ¶
func GenerateSelfSignedCertificate(cfg *CertCfg) (*rsa.PrivateKey, *x509.Certificate, error)
GenerateSelfSignedCertificate generates a key/cert pair defined by CertCfg.
func GenerateSignedCertificate ¶
func GenerateSignedCertificate(caKey *rsa.PrivateKey, caCert *x509.Certificate, cfg *CertCfg) (*rsa.PrivateKey, *x509.Certificate, error)
GenerateSignedCertificate generate a key and cert defined by CertCfg and signed by CA.
func PemToCertificate ¶
func PemToCertificate(data []byte) (*x509.Certificate, error)
PemToCertificate converts a data block to x509.Certificate.
func PemToPrivateKey ¶
func PemToPrivateKey(data []byte) (*rsa.PrivateKey, error)
PemToPrivateKey converts a data block to rsa.PrivateKey.
func PrivateKey ¶
func PrivateKey() (*rsa.PrivateKey, error)
PrivateKey generates an RSA Private key and returns the value
func PrivateKeyToPem ¶
func PrivateKeyToPem(key *rsa.PrivateKey) []byte
PrivateKeyToPem converts an rsa.PrivateKey object to pem string
func PublicKeyToPem ¶
PublicKeyToPem converts an rsa.PublicKey object to pem string
func SelfSignedCertificate ¶
func SelfSignedCertificate(cfg *CertCfg, key *rsa.PrivateKey) (*x509.Certificate, error)
SelfSignedCertificate creates a self signed certificate
func SignedCertificate ¶
func SignedCertificate( cfg *CertCfg, csr *x509.CertificateRequest, key *rsa.PrivateKey, caCert *x509.Certificate, caKey *rsa.PrivateKey, ) (*x509.Certificate, error)
SignedCertificate creates a new X.509 certificate based on a template.
Types ¶
type APIServerCertKey ¶
type APIServerCertKey struct {
SignedCertKey
}
APIServerCertKey is the asset that generates the API server key/cert pair. [DEPRECATED]
func (*APIServerCertKey) Dependencies ¶
func (a *APIServerCertKey) Dependencies() []asset.Asset
Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.
func (*APIServerCertKey) Generate ¶
func (a *APIServerCertKey) Generate(dependencies asset.Parents) error
Generate generates the cert/key pair based on its dependencies.
func (*APIServerCertKey) Name ¶
func (a *APIServerCertKey) Name() string
Name returns the human-friendly name of the asset.
type APIServerProxyCertKey ¶
type APIServerProxyCertKey struct {
SignedCertKey
}
APIServerProxyCertKey is the asset that generates the API server proxy key/cert pair. [DEPRECATED]
func (*APIServerProxyCertKey) Dependencies ¶
func (a *APIServerProxyCertKey) Dependencies() []asset.Asset
Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.
func (*APIServerProxyCertKey) Generate ¶
func (a *APIServerProxyCertKey) Generate(dependencies asset.Parents) error
Generate generates the cert/key pair based on its dependencies.
func (*APIServerProxyCertKey) Name ¶
func (a *APIServerProxyCertKey) Name() string
Name returns the human-friendly name of the asset.
type AdminKubeConfigCABundle ¶
type AdminKubeConfigCABundle struct {
CertBundle
}
AdminKubeConfigCABundle is the asset the generates the admin-kubeconfig-ca-bundle, which contains all the individual client CAs.
func (*AdminKubeConfigCABundle) Dependencies ¶
func (a *AdminKubeConfigCABundle) Dependencies() []asset.Asset
Dependencies returns the dependency of the cert bundle.
func (*AdminKubeConfigCABundle) Generate ¶
func (a *AdminKubeConfigCABundle) Generate(deps asset.Parents) error
Generate generates the cert bundle based on its dependencies.
func (*AdminKubeConfigCABundle) Name ¶
func (a *AdminKubeConfigCABundle) Name() string
Name returns the human-friendly name of the asset.
type AdminKubeConfigClientCertKey ¶
type AdminKubeConfigClientCertKey struct {
SignedCertKey
}
AdminKubeConfigClientCertKey is the asset that generates the key/cert pair for admin client to apiserver.
func (*AdminKubeConfigClientCertKey) Dependencies ¶
func (a *AdminKubeConfigClientCertKey) Dependencies() []asset.Asset
Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.
func (*AdminKubeConfigClientCertKey) Generate ¶
func (a *AdminKubeConfigClientCertKey) Generate(dependencies asset.Parents) error
Generate generates the cert/key pair based on its dependencies.
func (*AdminKubeConfigClientCertKey) Name ¶
func (a *AdminKubeConfigClientCertKey) Name() string
Name returns the human-friendly name of the asset.
type AdminKubeConfigSignerCertKey ¶
type AdminKubeConfigSignerCertKey struct {
SelfSignedCertKey
}
AdminKubeConfigSignerCertKey is a key/cert pair that signs the admin kubeconfig client certs.
func (*AdminKubeConfigSignerCertKey) Dependencies ¶
func (c *AdminKubeConfigSignerCertKey) Dependencies() []asset.Asset
Dependencies returns the dependency of the root-ca, which is empty.
func (*AdminKubeConfigSignerCertKey) Generate ¶
func (c *AdminKubeConfigSignerCertKey) Generate(parents asset.Parents) error
Generate generates the root-ca key and cert pair.
func (*AdminKubeConfigSignerCertKey) Name ¶
func (c *AdminKubeConfigSignerCertKey) Name() string
Name returns the human-friendly name of the asset.
type AggregatorCA ¶
type AggregatorCA struct {
SelfSignedCertKey
}
AggregatorCA is the asset that generates the aggregator-ca key/cert pair. [DEPRECATED]
func (*AggregatorCA) Dependencies ¶
func (a *AggregatorCA) Dependencies() []asset.Asset
Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.
func (*AggregatorCA) Generate ¶
func (a *AggregatorCA) Generate(dependencies asset.Parents) error
Generate generates the cert/key pair based on its dependencies.
func (*AggregatorCA) Name ¶
func (a *AggregatorCA) Name() string
Name returns the human-friendly name of the asset.
type AggregatorCABundle ¶
type AggregatorCABundle struct {
CertBundle
}
AggregatorCABundle is the asset the generates the aggregator-ca-bundle, which contains all the individual client CAs.
func (*AggregatorCABundle) Dependencies ¶
func (a *AggregatorCABundle) Dependencies() []asset.Asset
Dependencies returns the dependency of the cert bundle.
func (*AggregatorCABundle) Generate ¶
func (a *AggregatorCABundle) Generate(deps asset.Parents) error
Generate generates the cert bundle based on its dependencies.
func (*AggregatorCABundle) Name ¶
func (a *AggregatorCABundle) Name() string
Name returns the human-friendly name of the asset.
type AggregatorClientCertKey ¶
type AggregatorClientCertKey struct {
SignedCertKey
}
AggregatorClientCertKey is the asset that generates the API server proxy key/cert pair.
func (*AggregatorClientCertKey) Dependencies ¶
func (a *AggregatorClientCertKey) Dependencies() []asset.Asset
Dependencies returns the dependency of the the cert/key pair
func (*AggregatorClientCertKey) Generate ¶
func (a *AggregatorClientCertKey) Generate(dependencies asset.Parents) error
Generate generates the cert/key pair based on its dependencies.
func (*AggregatorClientCertKey) Name ¶
func (a *AggregatorClientCertKey) Name() string
Name returns the human-friendly name of the asset.
type AggregatorSignerCertKey ¶
type AggregatorSignerCertKey struct {
SelfSignedCertKey
}
AggregatorSignerCertKey is a key/cert pair that signs the aggregator client certs.
func (*AggregatorSignerCertKey) Dependencies ¶
func (c *AggregatorSignerCertKey) Dependencies() []asset.Asset
Dependencies returns the dependency of the root-ca, which is empty.
func (*AggregatorSignerCertKey) Generate ¶
func (c *AggregatorSignerCertKey) Generate(parents asset.Parents) error
Generate generates the root-ca key and cert pair.
func (*AggregatorSignerCertKey) Name ¶
func (c *AggregatorSignerCertKey) Name() string
Name returns the human-friendly name of the asset.
type AppendParentChoice ¶
type AppendParentChoice bool
AppendParentChoice dictates whether the parent's cert is to be added to the cert.
const ( // AppendParent indicates that the parent's cert should be added. AppendParent AppendParentChoice = true // DoNotAppendParent indicates that the parent's cert should not be added. DoNotAppendParent AppendParentChoice = false )
type CertBundle ¶
CertBundle contains a multiple certificates in a bundle.
func (*CertBundle) Files ¶
func (b *CertBundle) Files() []*asset.File
Files returns the files generated by the asset.
func (*CertBundle) Generate ¶
func (b *CertBundle) Generate(filename string, certs ...CertInterface) error
Generate generates the cert bundle from certs.
func (*CertBundle) Load ¶
func (b *CertBundle) Load(asset.FileFetcher) (bool, error)
Load is a no-op because TLS assets are not written to disk.
type CertCfg ¶
type CertCfg struct { DNSNames []string ExtKeyUsages []x509.ExtKeyUsage IPAddresses []net.IP KeyUsages x509.KeyUsage Subject pkix.Name Validity time.Duration IsCA bool }
CertCfg contains all needed fields to configure a new certificate
type CertInterface ¶
type CertInterface interface { // Cert returns the certificate. Cert() []byte }
CertInterface contains cert.
type CertKey ¶
CertKey contains the private key and the cert.
type CertKeyInterface ¶
type CertKeyInterface interface { CertInterface // Key returns the private key. Key() []byte }
CertKeyInterface contains a private key and the associated cert.
type EtcdCA ¶
type EtcdCA struct {
SelfSignedCertKey
}
EtcdCA is the asset that generates the etcd-ca key/cert pair. [DEPRECATED]
func (*EtcdCA) Dependencies ¶
Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.
type EtcdCABundle ¶
type EtcdCABundle struct {
CertBundle
}
EtcdCABundle is the asset the generates the etcd-ca-bundle, which contains all the individual client CAs.
func (*EtcdCABundle) Dependencies ¶
func (a *EtcdCABundle) Dependencies() []asset.Asset
Dependencies returns the dependency of the cert bundle.
func (*EtcdCABundle) Generate ¶
func (a *EtcdCABundle) Generate(deps asset.Parents) error
Generate generates the cert bundle based on its dependencies.
func (*EtcdCABundle) Name ¶
func (a *EtcdCABundle) Name() string
Name returns the human-friendly name of the asset.
type EtcdClientCertKey ¶
type EtcdClientCertKey struct {
SignedCertKey
}
EtcdClientCertKey is the asset that generates the etcd client key/cert pair. [DEPRECATED]
func (*EtcdClientCertKey) Dependencies ¶
func (a *EtcdClientCertKey) Dependencies() []asset.Asset
Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.
func (*EtcdClientCertKey) Generate ¶
func (a *EtcdClientCertKey) Generate(dependencies asset.Parents) error
Generate generates the cert/key pair based on its dependencies.
func (*EtcdClientCertKey) Name ¶
func (a *EtcdClientCertKey) Name() string
Name returns the human-friendly name of the asset.
type EtcdMetricsCABundle ¶
type EtcdMetricsCABundle struct {
CertBundle
}
EtcdMetricsCABundle is the asset the generates the etcd-metrics-ca-bundle, which contains all the individual client CAs.
func (*EtcdMetricsCABundle) Dependencies ¶
func (a *EtcdMetricsCABundle) Dependencies() []asset.Asset
Dependencies returns the dependency of the cert bundle.
func (*EtcdMetricsCABundle) Generate ¶
func (a *EtcdMetricsCABundle) Generate(deps asset.Parents) error
Generate generates the cert bundle based on its dependencies.
func (*EtcdMetricsCABundle) Name ¶
func (a *EtcdMetricsCABundle) Name() string
Name returns the human-friendly name of the asset.
type EtcdMetricsSignerCertKey ¶
type EtcdMetricsSignerCertKey struct {
SelfSignedCertKey
}
EtcdMetricsSignerCertKey is a key/cert pair that signs the etcd-metrics client and peer certs.
func (*EtcdMetricsSignerCertKey) Dependencies ¶
func (c *EtcdMetricsSignerCertKey) Dependencies() []asset.Asset
Dependencies returns the dependency of the root-ca, which is empty.
func (*EtcdMetricsSignerCertKey) Generate ¶
func (c *EtcdMetricsSignerCertKey) Generate(parents asset.Parents) error
Generate generates the root-ca key and cert pair.
func (*EtcdMetricsSignerCertKey) Name ¶
func (c *EtcdMetricsSignerCertKey) Name() string
Name returns the human-friendly name of the asset.
type EtcdMetricsSignerClientCertKey ¶
type EtcdMetricsSignerClientCertKey struct {
SignedCertKey
}
EtcdMetricsSignerClientCertKey is the asset that generates the etcd-metrics client key/cert pair.
func (*EtcdMetricsSignerClientCertKey) Dependencies ¶
func (a *EtcdMetricsSignerClientCertKey) Dependencies() []asset.Asset
Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.
func (*EtcdMetricsSignerClientCertKey) Generate ¶
func (a *EtcdMetricsSignerClientCertKey) Generate(dependencies asset.Parents) error
Generate generates the cert/key pair based on its dependencies.
func (*EtcdMetricsSignerClientCertKey) Name ¶
func (a *EtcdMetricsSignerClientCertKey) Name() string
Name returns the human-friendly name of the asset.
type EtcdMetricsSignerServerCertKey ¶
type EtcdMetricsSignerServerCertKey struct {
SignedCertKey
}
EtcdMetricsSignerServerCertKey is the asset that generates the etcd-metrics server key/cert pair.
func (*EtcdMetricsSignerServerCertKey) Dependencies ¶
func (a *EtcdMetricsSignerServerCertKey) Dependencies() []asset.Asset
Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.
func (*EtcdMetricsSignerServerCertKey) Generate ¶
func (a *EtcdMetricsSignerServerCertKey) Generate(dependencies asset.Parents) error
Generate generates the cert/key pair based on its dependencies.
func (*EtcdMetricsSignerServerCertKey) Name ¶
func (a *EtcdMetricsSignerServerCertKey) Name() string
Name returns the human-friendly name of the asset.
type EtcdSignerCertKey ¶
type EtcdSignerCertKey struct {
SelfSignedCertKey
}
EtcdSignerCertKey is a key/cert pair that signs the etcd client and peer certs.
func (*EtcdSignerCertKey) Dependencies ¶
func (c *EtcdSignerCertKey) Dependencies() []asset.Asset
Dependencies returns the dependency of the root-ca, which is empty.
func (*EtcdSignerCertKey) Generate ¶
func (c *EtcdSignerCertKey) Generate(parents asset.Parents) error
Generate generates the root-ca key and cert pair.
func (*EtcdSignerCertKey) Name ¶
func (c *EtcdSignerCertKey) Name() string
Name returns the human-friendly name of the asset.
type EtcdSignerClientCertKey ¶
type EtcdSignerClientCertKey struct {
SignedCertKey
}
EtcdSignerClientCertKey is the asset that generates the etcd client key/cert pair.
func (*EtcdSignerClientCertKey) Dependencies ¶
func (a *EtcdSignerClientCertKey) Dependencies() []asset.Asset
Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.
func (*EtcdSignerClientCertKey) Generate ¶
func (a *EtcdSignerClientCertKey) Generate(dependencies asset.Parents) error
Generate generates the cert/key pair based on its dependencies.
func (*EtcdSignerClientCertKey) Name ¶
func (a *EtcdSignerClientCertKey) Name() string
Name returns the human-friendly name of the asset.
type JournalCertKey ¶
type JournalCertKey struct {
SignedCertKey
}
JournalCertKey is the asset that generates the key/cert pair that is used to authenticate with journal-gatewayd on the bootstrap node.
func (*JournalCertKey) Dependencies ¶
func (a *JournalCertKey) Dependencies() []asset.Asset
Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.
func (*JournalCertKey) Generate ¶
func (a *JournalCertKey) Generate(dependencies asset.Parents) error
Generate generates the cert/key pair based on its dependencies.
func (*JournalCertKey) Name ¶
func (a *JournalCertKey) Name() string
Name returns the human-friendly name of the asset.
type KeyPair ¶
KeyPair contains a private key and a public key.
type KeyPairInterface ¶
type KeyPairInterface interface { // Private returns the private key. Private() []byte // Public returns the public key. Public() []byte }
KeyPairInterface contains a private key and a public key.
type KubeAPIServerCompleteCABundle ¶
type KubeAPIServerCompleteCABundle struct {
CertBundle
}
KubeAPIServerCompleteCABundle is the asset the generates the kube-apiserver-complete-server-ca-bundle, which contains all the certs that are valid to confirm the kube-apiserver identity.
func (*KubeAPIServerCompleteCABundle) Dependencies ¶
func (a *KubeAPIServerCompleteCABundle) Dependencies() []asset.Asset
Dependencies returns the dependency of the cert bundle.
func (*KubeAPIServerCompleteCABundle) Generate ¶
func (a *KubeAPIServerCompleteCABundle) Generate(deps asset.Parents) error
Generate generates the cert bundle based on its dependencies.
func (*KubeAPIServerCompleteCABundle) Name ¶
func (a *KubeAPIServerCompleteCABundle) Name() string
Name returns the human-friendly name of the asset.
type KubeAPIServerCompleteClientCABundle ¶
type KubeAPIServerCompleteClientCABundle struct {
CertBundle
}
KubeAPIServerCompleteClientCABundle is the asset the generates the kube-apiserver-complete-client-ca-bundle, which contains all the certs that are valid for the kube-apiserver to trust for clients.
func (*KubeAPIServerCompleteClientCABundle) Dependencies ¶
func (a *KubeAPIServerCompleteClientCABundle) Dependencies() []asset.Asset
Dependencies returns the dependency of the cert bundle.
func (*KubeAPIServerCompleteClientCABundle) Generate ¶
func (a *KubeAPIServerCompleteClientCABundle) Generate(deps asset.Parents) error
Generate generates the cert bundle based on its dependencies.
func (*KubeAPIServerCompleteClientCABundle) Name ¶
func (a *KubeAPIServerCompleteClientCABundle) Name() string
Name returns the human-friendly name of the asset.
type KubeAPIServerLBCABundle ¶
type KubeAPIServerLBCABundle struct {
CertBundle
}
KubeAPIServerLBCABundle is the asset the generates the kube-apiserver-lb-ca-bundle, which contains all the individual client CAs.
func (*KubeAPIServerLBCABundle) Dependencies ¶
func (a *KubeAPIServerLBCABundle) Dependencies() []asset.Asset
Dependencies returns the dependency of the cert bundle.
func (*KubeAPIServerLBCABundle) Generate ¶
func (a *KubeAPIServerLBCABundle) Generate(deps asset.Parents) error
Generate generates the cert bundle based on its dependencies.
func (*KubeAPIServerLBCABundle) Name ¶
func (a *KubeAPIServerLBCABundle) Name() string
Name returns the human-friendly name of the asset.
type KubeAPIServerLBServerCertKey ¶
type KubeAPIServerLBServerCertKey struct {
SignedCertKey
}
KubeAPIServerLBServerCertKey is the asset that generates the kube-apiserver serving key/cert pair for SNI load balancer.
func (*KubeAPIServerLBServerCertKey) Dependencies ¶
func (a *KubeAPIServerLBServerCertKey) Dependencies() []asset.Asset
Dependencies returns the dependency of the the cert/key pair
func (*KubeAPIServerLBServerCertKey) Generate ¶
func (a *KubeAPIServerLBServerCertKey) Generate(dependencies asset.Parents) error
Generate generates the cert/key pair based on its dependencies.
func (*KubeAPIServerLBServerCertKey) Name ¶
func (a *KubeAPIServerLBServerCertKey) Name() string
Name returns the human-friendly name of the asset.
type KubeAPIServerLBSignerCertKey ¶
type KubeAPIServerLBSignerCertKey struct {
SelfSignedCertKey
}
KubeAPIServerLBSignerCertKey is a key/cert pair that signs the kube-apiserver server cert for SNI load balancer.
func (*KubeAPIServerLBSignerCertKey) Dependencies ¶
func (c *KubeAPIServerLBSignerCertKey) Dependencies() []asset.Asset
Dependencies returns the dependency of the root-ca, which is empty.
func (*KubeAPIServerLBSignerCertKey) Generate ¶
func (c *KubeAPIServerLBSignerCertKey) Generate(parents asset.Parents) error
Generate generates the root-ca key and cert pair.
func (*KubeAPIServerLBSignerCertKey) Name ¶
func (c *KubeAPIServerLBSignerCertKey) Name() string
Name returns the human-friendly name of the asset.
type KubeAPIServerLocalhostCABundle ¶
type KubeAPIServerLocalhostCABundle struct {
CertBundle
}
KubeAPIServerLocalhostCABundle is the asset the generates the kube-apiserver-localhost-ca-bundle, which contains all the individual client CAs.
func (*KubeAPIServerLocalhostCABundle) Dependencies ¶
func (a *KubeAPIServerLocalhostCABundle) Dependencies() []asset.Asset
Dependencies returns the dependency of the cert bundle.
func (*KubeAPIServerLocalhostCABundle) Generate ¶
func (a *KubeAPIServerLocalhostCABundle) Generate(deps asset.Parents) error
Generate generates the cert bundle based on its dependencies.
func (*KubeAPIServerLocalhostCABundle) Name ¶
func (a *KubeAPIServerLocalhostCABundle) Name() string
Name returns the human-friendly name of the asset.
type KubeAPIServerLocalhostServerCertKey ¶
type KubeAPIServerLocalhostServerCertKey struct {
SignedCertKey
}
KubeAPIServerLocalhostServerCertKey is the asset that generates the kube-apiserver serving key/cert pair for SNI localhost.
func (*KubeAPIServerLocalhostServerCertKey) Dependencies ¶
func (a *KubeAPIServerLocalhostServerCertKey) Dependencies() []asset.Asset
Dependencies returns the dependency of the the cert/key pair
func (*KubeAPIServerLocalhostServerCertKey) Generate ¶
func (a *KubeAPIServerLocalhostServerCertKey) Generate(dependencies asset.Parents) error
Generate generates the cert/key pair based on its dependencies.
func (*KubeAPIServerLocalhostServerCertKey) Name ¶
func (a *KubeAPIServerLocalhostServerCertKey) Name() string
Name returns the human-friendly name of the asset.
type KubeAPIServerLocalhostSignerCertKey ¶
type KubeAPIServerLocalhostSignerCertKey struct {
SelfSignedCertKey
}
KubeAPIServerLocalhostSignerCertKey is a key/cert pair that signs the kube-apiserver server cert for SNI localhost.
func (*KubeAPIServerLocalhostSignerCertKey) Dependencies ¶
func (c *KubeAPIServerLocalhostSignerCertKey) Dependencies() []asset.Asset
Dependencies returns the dependency of the root-ca, which is empty.
func (*KubeAPIServerLocalhostSignerCertKey) Generate ¶
func (c *KubeAPIServerLocalhostSignerCertKey) Generate(parents asset.Parents) error
Generate generates the root-ca key and cert pair.
func (*KubeAPIServerLocalhostSignerCertKey) Name ¶
func (c *KubeAPIServerLocalhostSignerCertKey) Name() string
Name returns the human-friendly name of the asset.
type KubeAPIServerServiceNetworkCABundle ¶
type KubeAPIServerServiceNetworkCABundle struct {
CertBundle
}
KubeAPIServerServiceNetworkCABundle is the asset the generates the kube-apiserver-service-network-ca-bundle, which contains all the individual client CAs.
func (*KubeAPIServerServiceNetworkCABundle) Dependencies ¶
func (a *KubeAPIServerServiceNetworkCABundle) Dependencies() []asset.Asset
Dependencies returns the dependency of the cert bundle.
func (*KubeAPIServerServiceNetworkCABundle) Generate ¶
func (a *KubeAPIServerServiceNetworkCABundle) Generate(deps asset.Parents) error
Generate generates the cert bundle based on its dependencies.
func (*KubeAPIServerServiceNetworkCABundle) Name ¶
func (a *KubeAPIServerServiceNetworkCABundle) Name() string
Name returns the human-friendly name of the asset.
type KubeAPIServerServiceNetworkServerCertKey ¶
type KubeAPIServerServiceNetworkServerCertKey struct {
SignedCertKey
}
KubeAPIServerServiceNetworkServerCertKey is the asset that generates the kube-apiserver serving key/cert pair for SNI service network.
func (*KubeAPIServerServiceNetworkServerCertKey) Dependencies ¶
func (a *KubeAPIServerServiceNetworkServerCertKey) Dependencies() []asset.Asset
Dependencies returns the dependency of the the cert/key pair
func (*KubeAPIServerServiceNetworkServerCertKey) Generate ¶
func (a *KubeAPIServerServiceNetworkServerCertKey) Generate(dependencies asset.Parents) error
Generate generates the cert/key pair based on its dependencies.
func (*KubeAPIServerServiceNetworkServerCertKey) Name ¶
func (a *KubeAPIServerServiceNetworkServerCertKey) Name() string
Name returns the human-friendly name of the asset.
type KubeAPIServerServiceNetworkSignerCertKey ¶
type KubeAPIServerServiceNetworkSignerCertKey struct {
SelfSignedCertKey
}
KubeAPIServerServiceNetworkSignerCertKey is a key/cert pair that signs the kube-apiserver server cert for SNI service network.
func (*KubeAPIServerServiceNetworkSignerCertKey) Dependencies ¶
func (c *KubeAPIServerServiceNetworkSignerCertKey) Dependencies() []asset.Asset
Dependencies returns the dependency of the root-ca, which is empty.
func (*KubeAPIServerServiceNetworkSignerCertKey) Generate ¶
func (c *KubeAPIServerServiceNetworkSignerCertKey) Generate(parents asset.Parents) error
Generate generates the root-ca key and cert pair.
func (*KubeAPIServerServiceNetworkSignerCertKey) Name ¶
func (c *KubeAPIServerServiceNetworkSignerCertKey) Name() string
Name returns the human-friendly name of the asset.
type KubeAPIServerToKubeletCABundle ¶
type KubeAPIServerToKubeletCABundle struct {
CertBundle
}
KubeAPIServerToKubeletCABundle is the asset the generates the kube-apiserver-to-kubelet-ca-bundle, which contains all the individual client CAs.
func (*KubeAPIServerToKubeletCABundle) Dependencies ¶
func (a *KubeAPIServerToKubeletCABundle) Dependencies() []asset.Asset
Dependencies returns the dependency of the cert bundle.
func (*KubeAPIServerToKubeletCABundle) Generate ¶
func (a *KubeAPIServerToKubeletCABundle) Generate(deps asset.Parents) error
Generate generates the cert bundle based on its dependencies.
func (*KubeAPIServerToKubeletCABundle) Name ¶
func (a *KubeAPIServerToKubeletCABundle) Name() string
Name returns the human-friendly name of the asset.
type KubeAPIServerToKubeletClientCertKey ¶
type KubeAPIServerToKubeletClientCertKey struct {
SignedCertKey
}
KubeAPIServerToKubeletClientCertKey is the asset that generates the kube-apiserver to kubelet client key/cert pair.
func (*KubeAPIServerToKubeletClientCertKey) Dependencies ¶
func (a *KubeAPIServerToKubeletClientCertKey) Dependencies() []asset.Asset
Dependencies returns the dependency of the the cert/key pair
func (*KubeAPIServerToKubeletClientCertKey) Generate ¶
func (a *KubeAPIServerToKubeletClientCertKey) Generate(dependencies asset.Parents) error
Generate generates the cert/key pair based on its dependencies.
func (*KubeAPIServerToKubeletClientCertKey) Name ¶
func (a *KubeAPIServerToKubeletClientCertKey) Name() string
Name returns the human-friendly name of the asset.
type KubeAPIServerToKubeletSignerCertKey ¶
type KubeAPIServerToKubeletSignerCertKey struct {
SelfSignedCertKey
}
KubeAPIServerToKubeletSignerCertKey is a key/cert pair that signs the kube-apiserver to kubelet client certs.
func (*KubeAPIServerToKubeletSignerCertKey) Dependencies ¶
func (c *KubeAPIServerToKubeletSignerCertKey) Dependencies() []asset.Asset
Dependencies returns the dependency of the root-ca, which is empty.
func (*KubeAPIServerToKubeletSignerCertKey) Generate ¶
func (c *KubeAPIServerToKubeletSignerCertKey) Generate(parents asset.Parents) error
Generate generates the root-ca key and cert pair.
func (*KubeAPIServerToKubeletSignerCertKey) Name ¶
func (c *KubeAPIServerToKubeletSignerCertKey) Name() string
Name returns the human-friendly name of the asset.
type KubeCA ¶
type KubeCA struct {
SelfSignedCertKey
}
KubeCA is the asset that generates the kube-ca key/cert pair. [DEPRECATED]
func (*KubeCA) Dependencies ¶
Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.
type KubeControlPlaneCABundle ¶
type KubeControlPlaneCABundle struct {
CertBundle
}
KubeControlPlaneCABundle is the asset the generates the kube-control-plane-ca-bundle, which contains all the individual client CAs.
func (*KubeControlPlaneCABundle) Dependencies ¶
func (a *KubeControlPlaneCABundle) Dependencies() []asset.Asset
Dependencies returns the dependency of the cert bundle.
func (*KubeControlPlaneCABundle) Generate ¶
func (a *KubeControlPlaneCABundle) Generate(deps asset.Parents) error
Generate generates the cert bundle based on its dependencies.
func (*KubeControlPlaneCABundle) Name ¶
func (a *KubeControlPlaneCABundle) Name() string
Name returns the human-friendly name of the asset.
type KubeControlPlaneKubeControllerManagerClientCertKey ¶
type KubeControlPlaneKubeControllerManagerClientCertKey struct {
SignedCertKey
}
KubeControlPlaneKubeControllerManagerClientCertKey is the asset that generates the kube-controller-manger client key/cert pair.
func (*KubeControlPlaneKubeControllerManagerClientCertKey) Dependencies ¶
func (a *KubeControlPlaneKubeControllerManagerClientCertKey) Dependencies() []asset.Asset
Dependencies returns the dependency of the the cert/key pair
func (*KubeControlPlaneKubeControllerManagerClientCertKey) Generate ¶
func (a *KubeControlPlaneKubeControllerManagerClientCertKey) Generate(dependencies asset.Parents) error
Generate generates the cert/key pair based on its dependencies.
func (*KubeControlPlaneKubeControllerManagerClientCertKey) Name ¶
func (a *KubeControlPlaneKubeControllerManagerClientCertKey) Name() string
Name returns the human-friendly name of the asset.
type KubeControlPlaneKubeSchedulerClientCertKey ¶
type KubeControlPlaneKubeSchedulerClientCertKey struct {
SignedCertKey
}
KubeControlPlaneKubeSchedulerClientCertKey is the asset that generates the kube-scheduler client key/cert pair.
func (*KubeControlPlaneKubeSchedulerClientCertKey) Dependencies ¶
func (a *KubeControlPlaneKubeSchedulerClientCertKey) Dependencies() []asset.Asset
Dependencies returns the dependency of the the cert/key pair
func (*KubeControlPlaneKubeSchedulerClientCertKey) Generate ¶
func (a *KubeControlPlaneKubeSchedulerClientCertKey) Generate(dependencies asset.Parents) error
Generate generates the cert/key pair based on its dependencies.
func (*KubeControlPlaneKubeSchedulerClientCertKey) Name ¶
func (a *KubeControlPlaneKubeSchedulerClientCertKey) Name() string
Name returns the human-friendly name of the asset.
type KubeControlPlaneSignerCertKey ¶
type KubeControlPlaneSignerCertKey struct {
SelfSignedCertKey
}
KubeControlPlaneSignerCertKey is a key/cert pair that signs the kube control-plane client certs.
func (*KubeControlPlaneSignerCertKey) Dependencies ¶
func (c *KubeControlPlaneSignerCertKey) Dependencies() []asset.Asset
Dependencies returns the dependency of the root-ca, which is empty.
func (*KubeControlPlaneSignerCertKey) Generate ¶
func (c *KubeControlPlaneSignerCertKey) Generate(parents asset.Parents) error
Generate generates the root-ca key and cert pair.
func (*KubeControlPlaneSignerCertKey) Name ¶
func (c *KubeControlPlaneSignerCertKey) Name() string
Name returns the human-friendly name of the asset.
type KubeletBootstrapCABundle ¶
type KubeletBootstrapCABundle struct {
CertBundle
}
KubeletBootstrapCABundle is the asset the generates the admin-kubeconfig-ca-bundle, which contains all the individual client CAs.
func (*KubeletBootstrapCABundle) Dependencies ¶
func (a *KubeletBootstrapCABundle) Dependencies() []asset.Asset
Dependencies returns the dependency of the cert bundle.
func (*KubeletBootstrapCABundle) Generate ¶
func (a *KubeletBootstrapCABundle) Generate(deps asset.Parents) error
Generate generates the cert bundle based on its dependencies.
func (*KubeletBootstrapCABundle) Name ¶
func (a *KubeletBootstrapCABundle) Name() string
Name returns the human-friendly name of the asset.
type KubeletBootstrapCertSigner ¶
type KubeletBootstrapCertSigner struct {
SelfSignedCertKey
}
KubeletBootstrapCertSigner is a key/cert pair that signs the kubelet bootstrap kubeconfig client certs that the kubelet uses to create CSRs for it's real certificates
func (*KubeletBootstrapCertSigner) Dependencies ¶
func (c *KubeletBootstrapCertSigner) Dependencies() []asset.Asset
Dependencies returns the dependency of the root-ca, which is empty.
func (*KubeletBootstrapCertSigner) Generate ¶
func (c *KubeletBootstrapCertSigner) Generate(parents asset.Parents) error
Generate generates the root-ca key and cert pair.
func (*KubeletBootstrapCertSigner) Name ¶
func (c *KubeletBootstrapCertSigner) Name() string
Name returns the human-friendly name of the asset.
type KubeletCSRSignerCertKey ¶
type KubeletCSRSignerCertKey struct {
SelfSignedCertKey
}
KubeletCSRSignerCertKey is a key/cert pair that signs the kubelet client certs.
func (*KubeletCSRSignerCertKey) Dependencies ¶
func (c *KubeletCSRSignerCertKey) Dependencies() []asset.Asset
Dependencies returns the dependency of the root-ca, which is empty.
func (*KubeletCSRSignerCertKey) Generate ¶
func (c *KubeletCSRSignerCertKey) Generate(parents asset.Parents) error
Generate generates the root-ca key and cert pair.
func (*KubeletCSRSignerCertKey) Name ¶
func (c *KubeletCSRSignerCertKey) Name() string
Name returns the human-friendly name of the asset.
type KubeletClientCABundle ¶
type KubeletClientCABundle struct {
CertBundle
}
KubeletClientCABundle is the asset the generates the kubelet-client-ca-bundle, which contains all the individual client CAs.
func (*KubeletClientCABundle) Dependencies ¶
func (a *KubeletClientCABundle) Dependencies() []asset.Asset
Dependencies returns the dependency of the cert bundle.
func (*KubeletClientCABundle) Generate ¶
func (a *KubeletClientCABundle) Generate(deps asset.Parents) error
Generate generates the cert bundle based on its dependencies.
func (*KubeletClientCABundle) Name ¶
func (a *KubeletClientCABundle) Name() string
Name returns the human-friendly name of the asset.
type KubeletClientCertKey ¶
type KubeletClientCertKey struct {
SignedCertKey
}
KubeletClientCertKey is the asset that generates the key/cert pair for kubelet client to apiserver.
func (*KubeletClientCertKey) Dependencies ¶
func (a *KubeletClientCertKey) Dependencies() []asset.Asset
Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.
func (*KubeletClientCertKey) Generate ¶
func (a *KubeletClientCertKey) Generate(dependencies asset.Parents) error
Generate generates the cert/key pair based on its dependencies.
func (*KubeletClientCertKey) Name ¶
func (a *KubeletClientCertKey) Name() string
Name returns the human-friendly name of the asset.
type KubeletServingCABundle ¶
type KubeletServingCABundle struct {
CertBundle
}
KubeletServingCABundle is the asset the generates the kubelet-serving-ca-bundle, which contains all the individual client CAs.
func (*KubeletServingCABundle) Dependencies ¶
func (a *KubeletServingCABundle) Dependencies() []asset.Asset
Dependencies returns the dependency of the cert bundle.
func (*KubeletServingCABundle) Generate ¶
func (a *KubeletServingCABundle) Generate(deps asset.Parents) error
Generate generates the cert bundle based on its dependencies.
func (*KubeletServingCABundle) Name ¶
func (a *KubeletServingCABundle) Name() string
Name returns the human-friendly name of the asset.
type MCSCertKey ¶
type MCSCertKey struct {
SignedCertKey
}
MCSCertKey is the asset that generates the MCS key/cert pair.
func (*MCSCertKey) Dependencies ¶
func (a *MCSCertKey) Dependencies() []asset.Asset
Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.
func (*MCSCertKey) Generate ¶
func (a *MCSCertKey) Generate(dependencies asset.Parents) error
Generate generates the cert/key pair based on its dependencies.
func (*MCSCertKey) Name ¶
func (a *MCSCertKey) Name() string
Name returns the human-friendly name of the asset.
type RootCA ¶
type RootCA struct {
SelfSignedCertKey
}
RootCA contains the private key and the cert that's self-signed as the root CA.
func (*RootCA) Dependencies ¶
Dependencies returns the dependency of the root-ca, which is empty.
type SelfSignedCertKey ¶
type SelfSignedCertKey struct {
CertKey
}
SelfSignedCertKey contains the private key and the cert that's self-signed.
type ServiceAccountKeyPair ¶
type ServiceAccountKeyPair struct {
KeyPair
}
ServiceAccountKeyPair is the asset that generates the service-account public/private key pair.
func (*ServiceAccountKeyPair) Dependencies ¶
func (a *ServiceAccountKeyPair) Dependencies() []asset.Asset
Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.
func (*ServiceAccountKeyPair) Generate ¶
func (a *ServiceAccountKeyPair) Generate(dependencies asset.Parents) error
Generate generates the cert/key pair based on its dependencies.
func (*ServiceAccountKeyPair) Load ¶
func (a *ServiceAccountKeyPair) Load(asset.FileFetcher) (bool, error)
Load is a no-op because the service account keypair is not written to disk.
func (*ServiceAccountKeyPair) Name ¶
func (a *ServiceAccountKeyPair) Name() string
Name returns the human-friendly name of the asset.
type SignedCertKey ¶
type SignedCertKey struct {
CertKey
}
SignedCertKey contains the private key and the cert that's signed by the parent CA.
func (*SignedCertKey) Generate ¶
func (c *SignedCertKey) Generate( cfg *CertCfg, parentCA CertKeyInterface, filenameBase string, appendParent AppendParentChoice, ) error
Generate generates a cert/key pair signed by the specified parent CA.