tls

package
v0.0.0-...-a9d5b60 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 22, 2019 License: Apache-2.0 Imports: 22 Imported by: 0

Documentation

Overview

Package tls defines and generates the tls assets based on its dependencies.

Index

Constants

View Source
const (

	// ValidityOneDay sets the validity of a cert to 24 hours.
	ValidityOneDay = time.Hour * 24

	// ValidityOneYear sets the validity of a cert to 1 year.
	ValidityOneYear = ValidityOneDay * 365

	// ValidityTenYears sets the validity of a cert to 10 years.
	ValidityTenYears = ValidityOneYear * 10
)

Variables

This section is empty.

Functions

func CSRToPem

func CSRToPem(cert *x509.CertificateRequest) []byte

CSRToPem converts an x509.CertificateRequest to a pem string

func CertToPem

func CertToPem(cert *x509.Certificate) []byte

CertToPem converts an x509.Certificate object to a pem string

func GenerateSelfSignedCertificate

func GenerateSelfSignedCertificate(cfg *CertCfg) (*rsa.PrivateKey, *x509.Certificate, error)

GenerateSelfSignedCertificate generates a key/cert pair defined by CertCfg.

func GenerateSignedCertificate

func GenerateSignedCertificate(caKey *rsa.PrivateKey, caCert *x509.Certificate,
	cfg *CertCfg) (*rsa.PrivateKey, *x509.Certificate, error)

GenerateSignedCertificate generate a key and cert defined by CertCfg and signed by CA.

func PemToCertificate

func PemToCertificate(data []byte) (*x509.Certificate, error)

PemToCertificate converts a data block to x509.Certificate.

func PemToPrivateKey

func PemToPrivateKey(data []byte) (*rsa.PrivateKey, error)

PemToPrivateKey converts a data block to rsa.PrivateKey.

func PrivateKey

func PrivateKey() (*rsa.PrivateKey, error)

PrivateKey generates an RSA Private key and returns the value

func PrivateKeyToPem

func PrivateKeyToPem(key *rsa.PrivateKey) []byte

PrivateKeyToPem converts an rsa.PrivateKey object to pem string

func PublicKeyToPem

func PublicKeyToPem(key *rsa.PublicKey) ([]byte, error)

PublicKeyToPem converts an rsa.PublicKey object to pem string

func SelfSignedCertificate

func SelfSignedCertificate(cfg *CertCfg, key *rsa.PrivateKey) (*x509.Certificate, error)

SelfSignedCertificate creates a self signed certificate

func SignedCertificate

func SignedCertificate(
	cfg *CertCfg,
	csr *x509.CertificateRequest,
	key *rsa.PrivateKey,
	caCert *x509.Certificate,
	caKey *rsa.PrivateKey,
) (*x509.Certificate, error)

SignedCertificate creates a new X.509 certificate based on a template.

Types

type APIServerCertKey

type APIServerCertKey struct {
	SignedCertKey
}

APIServerCertKey is the asset that generates the API server key/cert pair. [DEPRECATED]

func (*APIServerCertKey) Dependencies

func (a *APIServerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*APIServerCertKey) Generate

func (a *APIServerCertKey) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*APIServerCertKey) Name

func (a *APIServerCertKey) Name() string

Name returns the human-friendly name of the asset.

type APIServerProxyCertKey

type APIServerProxyCertKey struct {
	SignedCertKey
}

APIServerProxyCertKey is the asset that generates the API server proxy key/cert pair. [DEPRECATED]

func (*APIServerProxyCertKey) Dependencies

func (a *APIServerProxyCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*APIServerProxyCertKey) Generate

func (a *APIServerProxyCertKey) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*APIServerProxyCertKey) Name

func (a *APIServerProxyCertKey) Name() string

Name returns the human-friendly name of the asset.

type AdminKubeConfigCABundle

type AdminKubeConfigCABundle struct {
	CertBundle
}

AdminKubeConfigCABundle is the asset the generates the admin-kubeconfig-ca-bundle, which contains all the individual client CAs.

func (*AdminKubeConfigCABundle) Dependencies

func (a *AdminKubeConfigCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*AdminKubeConfigCABundle) Generate

func (a *AdminKubeConfigCABundle) Generate(deps asset.Parents) error

Generate generates the cert bundle based on its dependencies.

func (*AdminKubeConfigCABundle) Name

func (a *AdminKubeConfigCABundle) Name() string

Name returns the human-friendly name of the asset.

type AdminKubeConfigClientCertKey

type AdminKubeConfigClientCertKey struct {
	SignedCertKey
}

AdminKubeConfigClientCertKey is the asset that generates the key/cert pair for admin client to apiserver.

func (*AdminKubeConfigClientCertKey) Dependencies

func (a *AdminKubeConfigClientCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*AdminKubeConfigClientCertKey) Generate

func (a *AdminKubeConfigClientCertKey) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*AdminKubeConfigClientCertKey) Name

Name returns the human-friendly name of the asset.

type AdminKubeConfigSignerCertKey

type AdminKubeConfigSignerCertKey struct {
	SelfSignedCertKey
}

AdminKubeConfigSignerCertKey is a key/cert pair that signs the admin kubeconfig client certs.

func (*AdminKubeConfigSignerCertKey) Dependencies

func (c *AdminKubeConfigSignerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the root-ca, which is empty.

func (*AdminKubeConfigSignerCertKey) Generate

func (c *AdminKubeConfigSignerCertKey) Generate(parents asset.Parents) error

Generate generates the root-ca key and cert pair.

func (*AdminKubeConfigSignerCertKey) Name

Name returns the human-friendly name of the asset.

type AggregatorCA

type AggregatorCA struct {
	SelfSignedCertKey
}

AggregatorCA is the asset that generates the aggregator-ca key/cert pair. [DEPRECATED]

func (*AggregatorCA) Dependencies

func (a *AggregatorCA) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*AggregatorCA) Generate

func (a *AggregatorCA) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*AggregatorCA) Name

func (a *AggregatorCA) Name() string

Name returns the human-friendly name of the asset.

type AggregatorCABundle

type AggregatorCABundle struct {
	CertBundle
}

AggregatorCABundle is the asset the generates the aggregator-ca-bundle, which contains all the individual client CAs.

func (*AggregatorCABundle) Dependencies

func (a *AggregatorCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*AggregatorCABundle) Generate

func (a *AggregatorCABundle) Generate(deps asset.Parents) error

Generate generates the cert bundle based on its dependencies.

func (*AggregatorCABundle) Name

func (a *AggregatorCABundle) Name() string

Name returns the human-friendly name of the asset.

type AggregatorClientCertKey

type AggregatorClientCertKey struct {
	SignedCertKey
}

AggregatorClientCertKey is the asset that generates the API server proxy key/cert pair.

func (*AggregatorClientCertKey) Dependencies

func (a *AggregatorClientCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair

func (*AggregatorClientCertKey) Generate

func (a *AggregatorClientCertKey) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*AggregatorClientCertKey) Name

func (a *AggregatorClientCertKey) Name() string

Name returns the human-friendly name of the asset.

type AggregatorSignerCertKey

type AggregatorSignerCertKey struct {
	SelfSignedCertKey
}

AggregatorSignerCertKey is a key/cert pair that signs the aggregator client certs.

func (*AggregatorSignerCertKey) Dependencies

func (c *AggregatorSignerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the root-ca, which is empty.

func (*AggregatorSignerCertKey) Generate

func (c *AggregatorSignerCertKey) Generate(parents asset.Parents) error

Generate generates the root-ca key and cert pair.

func (*AggregatorSignerCertKey) Name

func (c *AggregatorSignerCertKey) Name() string

Name returns the human-friendly name of the asset.

type AppendParentChoice

type AppendParentChoice bool

AppendParentChoice dictates whether the parent's cert is to be added to the cert.

const (
	// AppendParent indicates that the parent's cert should be added.
	AppendParent AppendParentChoice = true
	// DoNotAppendParent indicates that the parent's cert should not be added.
	DoNotAppendParent AppendParentChoice = false
)

type CertBundle

type CertBundle struct {
	BundleRaw []byte
	FileList  []*asset.File
}

CertBundle contains a multiple certificates in a bundle.

func (*CertBundle) Cert

func (b *CertBundle) Cert() []byte

Cert returns the certificate bundle.

func (*CertBundle) Files

func (b *CertBundle) Files() []*asset.File

Files returns the files generated by the asset.

func (*CertBundle) Generate

func (b *CertBundle) Generate(filename string, certs ...CertInterface) error

Generate generates the cert bundle from certs.

func (*CertBundle) Load

func (b *CertBundle) Load(asset.FileFetcher) (bool, error)

Load is a no-op because TLS assets are not written to disk.

type CertCfg

type CertCfg struct {
	DNSNames     []string
	ExtKeyUsages []x509.ExtKeyUsage
	IPAddresses  []net.IP
	KeyUsages    x509.KeyUsage
	Subject      pkix.Name
	Validity     time.Duration
	IsCA         bool
}

CertCfg contains all needed fields to configure a new certificate

type CertInterface

type CertInterface interface {
	// Cert returns the certificate.
	Cert() []byte
}

CertInterface contains cert.

type CertKey

type CertKey struct {
	CertRaw  []byte
	KeyRaw   []byte
	FileList []*asset.File
}

CertKey contains the private key and the cert.

func (*CertKey) Cert

func (c *CertKey) Cert() []byte

Cert returns the certificate.

func (*CertKey) CertFile

func (c *CertKey) CertFile() *asset.File

CertFile returns the certificate file.

func (*CertKey) Files

func (c *CertKey) Files() []*asset.File

Files returns the files generated by the asset.

func (*CertKey) Key

func (c *CertKey) Key() []byte

Key returns the private key.

func (*CertKey) Load

func (c *CertKey) Load(asset.FileFetcher) (bool, error)

Load is a no-op because TLS assets are not written to disk.

type CertKeyInterface

type CertKeyInterface interface {
	CertInterface
	// Key returns the private key.
	Key() []byte
}

CertKeyInterface contains a private key and the associated cert.

type EtcdCA

type EtcdCA struct {
	SelfSignedCertKey
}

EtcdCA is the asset that generates the etcd-ca key/cert pair. [DEPRECATED]

func (*EtcdCA) Dependencies

func (a *EtcdCA) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*EtcdCA) Generate

func (a *EtcdCA) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*EtcdCA) Name

func (a *EtcdCA) Name() string

Name returns the human-friendly name of the asset.

type EtcdCABundle

type EtcdCABundle struct {
	CertBundle
}

EtcdCABundle is the asset the generates the etcd-ca-bundle, which contains all the individual client CAs.

func (*EtcdCABundle) Dependencies

func (a *EtcdCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*EtcdCABundle) Generate

func (a *EtcdCABundle) Generate(deps asset.Parents) error

Generate generates the cert bundle based on its dependencies.

func (*EtcdCABundle) Name

func (a *EtcdCABundle) Name() string

Name returns the human-friendly name of the asset.

type EtcdClientCertKey

type EtcdClientCertKey struct {
	SignedCertKey
}

EtcdClientCertKey is the asset that generates the etcd client key/cert pair. [DEPRECATED]

func (*EtcdClientCertKey) Dependencies

func (a *EtcdClientCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*EtcdClientCertKey) Generate

func (a *EtcdClientCertKey) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*EtcdClientCertKey) Name

func (a *EtcdClientCertKey) Name() string

Name returns the human-friendly name of the asset.

type EtcdMetricsCABundle

type EtcdMetricsCABundle struct {
	CertBundle
}

EtcdMetricsCABundle is the asset the generates the etcd-metrics-ca-bundle, which contains all the individual client CAs.

func (*EtcdMetricsCABundle) Dependencies

func (a *EtcdMetricsCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*EtcdMetricsCABundle) Generate

func (a *EtcdMetricsCABundle) Generate(deps asset.Parents) error

Generate generates the cert bundle based on its dependencies.

func (*EtcdMetricsCABundle) Name

func (a *EtcdMetricsCABundle) Name() string

Name returns the human-friendly name of the asset.

type EtcdMetricsSignerCertKey

type EtcdMetricsSignerCertKey struct {
	SelfSignedCertKey
}

EtcdMetricsSignerCertKey is a key/cert pair that signs the etcd-metrics client and peer certs.

func (*EtcdMetricsSignerCertKey) Dependencies

func (c *EtcdMetricsSignerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the root-ca, which is empty.

func (*EtcdMetricsSignerCertKey) Generate

func (c *EtcdMetricsSignerCertKey) Generate(parents asset.Parents) error

Generate generates the root-ca key and cert pair.

func (*EtcdMetricsSignerCertKey) Name

func (c *EtcdMetricsSignerCertKey) Name() string

Name returns the human-friendly name of the asset.

type EtcdMetricsSignerClientCertKey

type EtcdMetricsSignerClientCertKey struct {
	SignedCertKey
}

EtcdMetricsSignerClientCertKey is the asset that generates the etcd-metrics client key/cert pair.

func (*EtcdMetricsSignerClientCertKey) Dependencies

func (a *EtcdMetricsSignerClientCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*EtcdMetricsSignerClientCertKey) Generate

func (a *EtcdMetricsSignerClientCertKey) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*EtcdMetricsSignerClientCertKey) Name

Name returns the human-friendly name of the asset.

type EtcdMetricsSignerServerCertKey

type EtcdMetricsSignerServerCertKey struct {
	SignedCertKey
}

EtcdMetricsSignerServerCertKey is the asset that generates the etcd-metrics server key/cert pair.

func (*EtcdMetricsSignerServerCertKey) Dependencies

func (a *EtcdMetricsSignerServerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*EtcdMetricsSignerServerCertKey) Generate

func (a *EtcdMetricsSignerServerCertKey) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*EtcdMetricsSignerServerCertKey) Name

Name returns the human-friendly name of the asset.

type EtcdSignerCertKey

type EtcdSignerCertKey struct {
	SelfSignedCertKey
}

EtcdSignerCertKey is a key/cert pair that signs the etcd client and peer certs.

func (*EtcdSignerCertKey) Dependencies

func (c *EtcdSignerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the root-ca, which is empty.

func (*EtcdSignerCertKey) Generate

func (c *EtcdSignerCertKey) Generate(parents asset.Parents) error

Generate generates the root-ca key and cert pair.

func (*EtcdSignerCertKey) Name

func (c *EtcdSignerCertKey) Name() string

Name returns the human-friendly name of the asset.

type EtcdSignerClientCertKey

type EtcdSignerClientCertKey struct {
	SignedCertKey
}

EtcdSignerClientCertKey is the asset that generates the etcd client key/cert pair.

func (*EtcdSignerClientCertKey) Dependencies

func (a *EtcdSignerClientCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*EtcdSignerClientCertKey) Generate

func (a *EtcdSignerClientCertKey) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*EtcdSignerClientCertKey) Name

func (a *EtcdSignerClientCertKey) Name() string

Name returns the human-friendly name of the asset.

type JournalCertKey

type JournalCertKey struct {
	SignedCertKey
}

JournalCertKey is the asset that generates the key/cert pair that is used to authenticate with journal-gatewayd on the bootstrap node.

func (*JournalCertKey) Dependencies

func (a *JournalCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*JournalCertKey) Generate

func (a *JournalCertKey) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*JournalCertKey) Name

func (a *JournalCertKey) Name() string

Name returns the human-friendly name of the asset.

type KeyPair

type KeyPair struct {
	Pvt      []byte
	Pub      []byte
	FileList []*asset.File
}

KeyPair contains a private key and a public key.

func (*KeyPair) Files

func (k *KeyPair) Files() []*asset.File

Files returns the files generated by the asset.

func (*KeyPair) Generate

func (k *KeyPair) Generate(filenameBase string) error

Generate generates the rsa private / public key pair.

func (*KeyPair) Private

func (k *KeyPair) Private() []byte

Private returns the private key.

func (*KeyPair) Public

func (k *KeyPair) Public() []byte

Public returns the public key.

type KeyPairInterface

type KeyPairInterface interface {
	// Private returns the private key.
	Private() []byte
	// Public returns the public key.
	Public() []byte
}

KeyPairInterface contains a private key and a public key.

type KubeAPIServerCompleteCABundle

type KubeAPIServerCompleteCABundle struct {
	CertBundle
}

KubeAPIServerCompleteCABundle is the asset the generates the kube-apiserver-complete-server-ca-bundle, which contains all the certs that are valid to confirm the kube-apiserver identity.

func (*KubeAPIServerCompleteCABundle) Dependencies

func (a *KubeAPIServerCompleteCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*KubeAPIServerCompleteCABundle) Generate

Generate generates the cert bundle based on its dependencies.

func (*KubeAPIServerCompleteCABundle) Name

Name returns the human-friendly name of the asset.

type KubeAPIServerCompleteClientCABundle

type KubeAPIServerCompleteClientCABundle struct {
	CertBundle
}

KubeAPIServerCompleteClientCABundle is the asset the generates the kube-apiserver-complete-client-ca-bundle, which contains all the certs that are valid for the kube-apiserver to trust for clients.

func (*KubeAPIServerCompleteClientCABundle) Dependencies

func (a *KubeAPIServerCompleteClientCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*KubeAPIServerCompleteClientCABundle) Generate

Generate generates the cert bundle based on its dependencies.

func (*KubeAPIServerCompleteClientCABundle) Name

Name returns the human-friendly name of the asset.

type KubeAPIServerLBCABundle

type KubeAPIServerLBCABundle struct {
	CertBundle
}

KubeAPIServerLBCABundle is the asset the generates the kube-apiserver-lb-ca-bundle, which contains all the individual client CAs.

func (*KubeAPIServerLBCABundle) Dependencies

func (a *KubeAPIServerLBCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*KubeAPIServerLBCABundle) Generate

func (a *KubeAPIServerLBCABundle) Generate(deps asset.Parents) error

Generate generates the cert bundle based on its dependencies.

func (*KubeAPIServerLBCABundle) Name

func (a *KubeAPIServerLBCABundle) Name() string

Name returns the human-friendly name of the asset.

type KubeAPIServerLBServerCertKey

type KubeAPIServerLBServerCertKey struct {
	SignedCertKey
}

KubeAPIServerLBServerCertKey is the asset that generates the kube-apiserver serving key/cert pair for SNI load balancer.

func (*KubeAPIServerLBServerCertKey) Dependencies

func (a *KubeAPIServerLBServerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair

func (*KubeAPIServerLBServerCertKey) Generate

func (a *KubeAPIServerLBServerCertKey) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*KubeAPIServerLBServerCertKey) Name

Name returns the human-friendly name of the asset.

type KubeAPIServerLBSignerCertKey

type KubeAPIServerLBSignerCertKey struct {
	SelfSignedCertKey
}

KubeAPIServerLBSignerCertKey is a key/cert pair that signs the kube-apiserver server cert for SNI load balancer.

func (*KubeAPIServerLBSignerCertKey) Dependencies

func (c *KubeAPIServerLBSignerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the root-ca, which is empty.

func (*KubeAPIServerLBSignerCertKey) Generate

func (c *KubeAPIServerLBSignerCertKey) Generate(parents asset.Parents) error

Generate generates the root-ca key and cert pair.

func (*KubeAPIServerLBSignerCertKey) Name

Name returns the human-friendly name of the asset.

type KubeAPIServerLocalhostCABundle

type KubeAPIServerLocalhostCABundle struct {
	CertBundle
}

KubeAPIServerLocalhostCABundle is the asset the generates the kube-apiserver-localhost-ca-bundle, which contains all the individual client CAs.

func (*KubeAPIServerLocalhostCABundle) Dependencies

func (a *KubeAPIServerLocalhostCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*KubeAPIServerLocalhostCABundle) Generate

Generate generates the cert bundle based on its dependencies.

func (*KubeAPIServerLocalhostCABundle) Name

Name returns the human-friendly name of the asset.

type KubeAPIServerLocalhostServerCertKey

type KubeAPIServerLocalhostServerCertKey struct {
	SignedCertKey
}

KubeAPIServerLocalhostServerCertKey is the asset that generates the kube-apiserver serving key/cert pair for SNI localhost.

func (*KubeAPIServerLocalhostServerCertKey) Dependencies

func (a *KubeAPIServerLocalhostServerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair

func (*KubeAPIServerLocalhostServerCertKey) Generate

func (a *KubeAPIServerLocalhostServerCertKey) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*KubeAPIServerLocalhostServerCertKey) Name

Name returns the human-friendly name of the asset.

type KubeAPIServerLocalhostSignerCertKey

type KubeAPIServerLocalhostSignerCertKey struct {
	SelfSignedCertKey
}

KubeAPIServerLocalhostSignerCertKey is a key/cert pair that signs the kube-apiserver server cert for SNI localhost.

func (*KubeAPIServerLocalhostSignerCertKey) Dependencies

func (c *KubeAPIServerLocalhostSignerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the root-ca, which is empty.

func (*KubeAPIServerLocalhostSignerCertKey) Generate

Generate generates the root-ca key and cert pair.

func (*KubeAPIServerLocalhostSignerCertKey) Name

Name returns the human-friendly name of the asset.

type KubeAPIServerServiceNetworkCABundle

type KubeAPIServerServiceNetworkCABundle struct {
	CertBundle
}

KubeAPIServerServiceNetworkCABundle is the asset the generates the kube-apiserver-service-network-ca-bundle, which contains all the individual client CAs.

func (*KubeAPIServerServiceNetworkCABundle) Dependencies

func (a *KubeAPIServerServiceNetworkCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*KubeAPIServerServiceNetworkCABundle) Generate

Generate generates the cert bundle based on its dependencies.

func (*KubeAPIServerServiceNetworkCABundle) Name

Name returns the human-friendly name of the asset.

type KubeAPIServerServiceNetworkServerCertKey

type KubeAPIServerServiceNetworkServerCertKey struct {
	SignedCertKey
}

KubeAPIServerServiceNetworkServerCertKey is the asset that generates the kube-apiserver serving key/cert pair for SNI service network.

func (*KubeAPIServerServiceNetworkServerCertKey) Dependencies

Dependencies returns the dependency of the the cert/key pair

func (*KubeAPIServerServiceNetworkServerCertKey) Generate

func (a *KubeAPIServerServiceNetworkServerCertKey) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*KubeAPIServerServiceNetworkServerCertKey) Name

Name returns the human-friendly name of the asset.

type KubeAPIServerServiceNetworkSignerCertKey

type KubeAPIServerServiceNetworkSignerCertKey struct {
	SelfSignedCertKey
}

KubeAPIServerServiceNetworkSignerCertKey is a key/cert pair that signs the kube-apiserver server cert for SNI service network.

func (*KubeAPIServerServiceNetworkSignerCertKey) Dependencies

Dependencies returns the dependency of the root-ca, which is empty.

func (*KubeAPIServerServiceNetworkSignerCertKey) Generate

Generate generates the root-ca key and cert pair.

func (*KubeAPIServerServiceNetworkSignerCertKey) Name

Name returns the human-friendly name of the asset.

type KubeAPIServerToKubeletCABundle

type KubeAPIServerToKubeletCABundle struct {
	CertBundle
}

KubeAPIServerToKubeletCABundle is the asset the generates the kube-apiserver-to-kubelet-ca-bundle, which contains all the individual client CAs.

func (*KubeAPIServerToKubeletCABundle) Dependencies

func (a *KubeAPIServerToKubeletCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*KubeAPIServerToKubeletCABundle) Generate

Generate generates the cert bundle based on its dependencies.

func (*KubeAPIServerToKubeletCABundle) Name

Name returns the human-friendly name of the asset.

type KubeAPIServerToKubeletClientCertKey

type KubeAPIServerToKubeletClientCertKey struct {
	SignedCertKey
}

KubeAPIServerToKubeletClientCertKey is the asset that generates the kube-apiserver to kubelet client key/cert pair.

func (*KubeAPIServerToKubeletClientCertKey) Dependencies

func (a *KubeAPIServerToKubeletClientCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair

func (*KubeAPIServerToKubeletClientCertKey) Generate

func (a *KubeAPIServerToKubeletClientCertKey) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*KubeAPIServerToKubeletClientCertKey) Name

Name returns the human-friendly name of the asset.

type KubeAPIServerToKubeletSignerCertKey

type KubeAPIServerToKubeletSignerCertKey struct {
	SelfSignedCertKey
}

KubeAPIServerToKubeletSignerCertKey is a key/cert pair that signs the kube-apiserver to kubelet client certs.

func (*KubeAPIServerToKubeletSignerCertKey) Dependencies

func (c *KubeAPIServerToKubeletSignerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the root-ca, which is empty.

func (*KubeAPIServerToKubeletSignerCertKey) Generate

Generate generates the root-ca key and cert pair.

func (*KubeAPIServerToKubeletSignerCertKey) Name

Name returns the human-friendly name of the asset.

type KubeCA

type KubeCA struct {
	SelfSignedCertKey
}

KubeCA is the asset that generates the kube-ca key/cert pair. [DEPRECATED]

func (*KubeCA) Dependencies

func (a *KubeCA) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*KubeCA) Generate

func (a *KubeCA) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*KubeCA) Name

func (a *KubeCA) Name() string

Name returns the human-friendly name of the asset.

type KubeControlPlaneCABundle

type KubeControlPlaneCABundle struct {
	CertBundle
}

KubeControlPlaneCABundle is the asset the generates the kube-control-plane-ca-bundle, which contains all the individual client CAs.

func (*KubeControlPlaneCABundle) Dependencies

func (a *KubeControlPlaneCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*KubeControlPlaneCABundle) Generate

func (a *KubeControlPlaneCABundle) Generate(deps asset.Parents) error

Generate generates the cert bundle based on its dependencies.

func (*KubeControlPlaneCABundle) Name

func (a *KubeControlPlaneCABundle) Name() string

Name returns the human-friendly name of the asset.

type KubeControlPlaneKubeControllerManagerClientCertKey

type KubeControlPlaneKubeControllerManagerClientCertKey struct {
	SignedCertKey
}

KubeControlPlaneKubeControllerManagerClientCertKey is the asset that generates the kube-controller-manger client key/cert pair.

func (*KubeControlPlaneKubeControllerManagerClientCertKey) Dependencies

Dependencies returns the dependency of the the cert/key pair

func (*KubeControlPlaneKubeControllerManagerClientCertKey) Generate

Generate generates the cert/key pair based on its dependencies.

func (*KubeControlPlaneKubeControllerManagerClientCertKey) Name

Name returns the human-friendly name of the asset.

type KubeControlPlaneKubeSchedulerClientCertKey

type KubeControlPlaneKubeSchedulerClientCertKey struct {
	SignedCertKey
}

KubeControlPlaneKubeSchedulerClientCertKey is the asset that generates the kube-scheduler client key/cert pair.

func (*KubeControlPlaneKubeSchedulerClientCertKey) Dependencies

Dependencies returns the dependency of the the cert/key pair

func (*KubeControlPlaneKubeSchedulerClientCertKey) Generate

Generate generates the cert/key pair based on its dependencies.

func (*KubeControlPlaneKubeSchedulerClientCertKey) Name

Name returns the human-friendly name of the asset.

type KubeControlPlaneSignerCertKey

type KubeControlPlaneSignerCertKey struct {
	SelfSignedCertKey
}

KubeControlPlaneSignerCertKey is a key/cert pair that signs the kube control-plane client certs.

func (*KubeControlPlaneSignerCertKey) Dependencies

func (c *KubeControlPlaneSignerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the root-ca, which is empty.

func (*KubeControlPlaneSignerCertKey) Generate

func (c *KubeControlPlaneSignerCertKey) Generate(parents asset.Parents) error

Generate generates the root-ca key and cert pair.

func (*KubeControlPlaneSignerCertKey) Name

Name returns the human-friendly name of the asset.

type KubeletBootstrapCABundle

type KubeletBootstrapCABundle struct {
	CertBundle
}

KubeletBootstrapCABundle is the asset the generates the admin-kubeconfig-ca-bundle, which contains all the individual client CAs.

func (*KubeletBootstrapCABundle) Dependencies

func (a *KubeletBootstrapCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*KubeletBootstrapCABundle) Generate

func (a *KubeletBootstrapCABundle) Generate(deps asset.Parents) error

Generate generates the cert bundle based on its dependencies.

func (*KubeletBootstrapCABundle) Name

func (a *KubeletBootstrapCABundle) Name() string

Name returns the human-friendly name of the asset.

type KubeletBootstrapCertSigner

type KubeletBootstrapCertSigner struct {
	SelfSignedCertKey
}

KubeletBootstrapCertSigner is a key/cert pair that signs the kubelet bootstrap kubeconfig client certs that the kubelet uses to create CSRs for it's real certificates

func (*KubeletBootstrapCertSigner) Dependencies

func (c *KubeletBootstrapCertSigner) Dependencies() []asset.Asset

Dependencies returns the dependency of the root-ca, which is empty.

func (*KubeletBootstrapCertSigner) Generate

func (c *KubeletBootstrapCertSigner) Generate(parents asset.Parents) error

Generate generates the root-ca key and cert pair.

func (*KubeletBootstrapCertSigner) Name

Name returns the human-friendly name of the asset.

type KubeletCSRSignerCertKey

type KubeletCSRSignerCertKey struct {
	SelfSignedCertKey
}

KubeletCSRSignerCertKey is a key/cert pair that signs the kubelet client certs.

func (*KubeletCSRSignerCertKey) Dependencies

func (c *KubeletCSRSignerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the root-ca, which is empty.

func (*KubeletCSRSignerCertKey) Generate

func (c *KubeletCSRSignerCertKey) Generate(parents asset.Parents) error

Generate generates the root-ca key and cert pair.

func (*KubeletCSRSignerCertKey) Name

func (c *KubeletCSRSignerCertKey) Name() string

Name returns the human-friendly name of the asset.

type KubeletClientCABundle

type KubeletClientCABundle struct {
	CertBundle
}

KubeletClientCABundle is the asset the generates the kubelet-client-ca-bundle, which contains all the individual client CAs.

func (*KubeletClientCABundle) Dependencies

func (a *KubeletClientCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*KubeletClientCABundle) Generate

func (a *KubeletClientCABundle) Generate(deps asset.Parents) error

Generate generates the cert bundle based on its dependencies.

func (*KubeletClientCABundle) Name

func (a *KubeletClientCABundle) Name() string

Name returns the human-friendly name of the asset.

type KubeletClientCertKey

type KubeletClientCertKey struct {
	SignedCertKey
}

KubeletClientCertKey is the asset that generates the key/cert pair for kubelet client to apiserver.

func (*KubeletClientCertKey) Dependencies

func (a *KubeletClientCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*KubeletClientCertKey) Generate

func (a *KubeletClientCertKey) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*KubeletClientCertKey) Name

func (a *KubeletClientCertKey) Name() string

Name returns the human-friendly name of the asset.

type KubeletServingCABundle

type KubeletServingCABundle struct {
	CertBundle
}

KubeletServingCABundle is the asset the generates the kubelet-serving-ca-bundle, which contains all the individual client CAs.

func (*KubeletServingCABundle) Dependencies

func (a *KubeletServingCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*KubeletServingCABundle) Generate

func (a *KubeletServingCABundle) Generate(deps asset.Parents) error

Generate generates the cert bundle based on its dependencies.

func (*KubeletServingCABundle) Name

func (a *KubeletServingCABundle) Name() string

Name returns the human-friendly name of the asset.

type MCSCertKey

type MCSCertKey struct {
	SignedCertKey
}

MCSCertKey is the asset that generates the MCS key/cert pair.

func (*MCSCertKey) Dependencies

func (a *MCSCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*MCSCertKey) Generate

func (a *MCSCertKey) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*MCSCertKey) Name

func (a *MCSCertKey) Name() string

Name returns the human-friendly name of the asset.

type RootCA

type RootCA struct {
	SelfSignedCertKey
}

RootCA contains the private key and the cert that's self-signed as the root CA.

func (*RootCA) Dependencies

func (c *RootCA) Dependencies() []asset.Asset

Dependencies returns the dependency of the root-ca, which is empty.

func (*RootCA) Generate

func (c *RootCA) Generate(parents asset.Parents) error

Generate generates the root-ca key and cert pair.

func (*RootCA) Name

func (c *RootCA) Name() string

Name returns the human-friendly name of the asset.

type SelfSignedCertKey

type SelfSignedCertKey struct {
	CertKey
}

SelfSignedCertKey contains the private key and the cert that's self-signed.

func (*SelfSignedCertKey) Generate

func (c *SelfSignedCertKey) Generate(
	cfg *CertCfg,
	filenameBase string,
) error

Generate generates a cert/key pair signed by the specified parent CA.

type ServiceAccountKeyPair

type ServiceAccountKeyPair struct {
	KeyPair
}

ServiceAccountKeyPair is the asset that generates the service-account public/private key pair.

func (*ServiceAccountKeyPair) Dependencies

func (a *ServiceAccountKeyPair) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*ServiceAccountKeyPair) Generate

func (a *ServiceAccountKeyPair) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*ServiceAccountKeyPair) Load

Load is a no-op because the service account keypair is not written to disk.

func (*ServiceAccountKeyPair) Name

func (a *ServiceAccountKeyPair) Name() string

Name returns the human-friendly name of the asset.

type SignedCertKey

type SignedCertKey struct {
	CertKey
}

SignedCertKey contains the private key and the cert that's signed by the parent CA.

func (*SignedCertKey) Generate

func (c *SignedCertKey) Generate(
	cfg *CertCfg,
	parentCA CertKeyInterface,
	filenameBase string,
	appendParent AppendParentChoice,
) error

Generate generates a cert/key pair signed by the specified parent CA.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL