tls

package
v0.0.0-...-c53fdc3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 3, 2023 License: Apache-2.0 Imports: 26 Imported by: 0

Documentation

Overview

Package tls defines and generates the tls assets based on its dependencies.

Index

Constants

View Source 
const (

	// ValidityOneDay sets the validity of a cert to 24 hours.
	ValidityOneDay = time.Hour * 24

	// ValidityOneYear sets the validity of a cert to 1 year.
	ValidityOneYear = ValidityOneDay * 365

	// ValidityTenYears sets the validity of a cert to 10 years.
	ValidityTenYears = ValidityOneYear * 10
)

Variables

This section is empty.

Functions

func CSRToPem 

func CSRToPem(cert *x509.CertificateRequest) []byte

CSRToPem converts an x509.CertificateRequest to a pem string

func CertToPem 

func CertToPem(cert *x509.Certificate) []byte

CertToPem converts an x509.Certificate object to a pem string

func GenerateSelfSignedCertificate 

func GenerateSelfSignedCertificate(cfg *CertCfg) (*rsa.PrivateKey, *x509.Certificate, error)

GenerateSelfSignedCertificate generates a key/cert pair defined by CertCfg.

func GenerateSignedCertificate 

func GenerateSignedCertificate(caKey *rsa.PrivateKey, caCert *x509.Certificate,
	cfg *CertCfg) (*rsa.PrivateKey, *x509.Certificate, error)

GenerateSignedCertificate generate a key and cert defined by CertCfg and signed by CA.

func PemToCertificate 

func PemToCertificate(data []byte) (*x509.Certificate, error)

PemToCertificate converts a data block to x509.Certificate.

func PemToPrivateKey 

func PemToPrivateKey(data []byte) (*rsa.PrivateKey, error)

PemToPrivateKey converts a data block to rsa.PrivateKey.

func PemToPublicKey 

func PemToPublicKey(data []byte) (*rsa.PublicKey, error)

PemToPublicKey converts a data block to rsa.PublicKey.

func PrivateKey 

func PrivateKey() (*rsa.PrivateKey, error)

PrivateKey generates an RSA Private key and returns the value

func PrivateKeyToPem 

func PrivateKeyToPem(key *rsa.PrivateKey) []byte

PrivateKeyToPem converts an rsa.PrivateKey object to pem string

func PublicKeyToPem 

func PublicKeyToPem(key *rsa.PublicKey) ([]byte, error)

PublicKeyToPem converts an rsa.PublicKey object to pem string

func SelfSignedCertificate 

func SelfSignedCertificate(cfg *CertCfg, key *rsa.PrivateKey) (*x509.Certificate, error)

SelfSignedCertificate creates a self signed certificate

func SignedCertificate 

func SignedCertificate(
	cfg *CertCfg,
	csr *x509.CertificateRequest,
	key *rsa.PrivateKey,
	caCert *x509.Certificate,
	caKey *rsa.PrivateKey,
) (*x509.Certificate, error)

SignedCertificate creates a new X.509 certificate based on a template.

Types

type APIServerProxyCertKey 

type APIServerProxyCertKey struct {
	SignedCertKey
}

APIServerProxyCertKey is the asset that generates the API server proxy key/cert pair. [DEPRECATED]

func (*APIServerProxyCertKey) Dependencies 

func (a *APIServerProxyCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*APIServerProxyCertKey) Generate 

func (a *APIServerProxyCertKey) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*APIServerProxyCertKey) Name 

func (a *APIServerProxyCertKey) Name() string

Name returns the human-friendly name of the asset.

type AdminKubeConfigCABundle 

type AdminKubeConfigCABundle struct {
	CertBundle
}

AdminKubeConfigCABundle is the asset the generates the admin-kubeconfig-ca-bundle, which contains all the individual client CAs.

func (*AdminKubeConfigCABundle) Dependencies 

func (a *AdminKubeConfigCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*AdminKubeConfigCABundle) Generate 

func (a *AdminKubeConfigCABundle) Generate(deps asset.Parents) error

Generate generates the cert bundle based on its dependencies.

func (*AdminKubeConfigCABundle) Name 

func (a *AdminKubeConfigCABundle) Name() string

Name returns the human-friendly name of the asset.

type AdminKubeConfigClientCertKey 

type AdminKubeConfigClientCertKey struct {
	SignedCertKey
}

AdminKubeConfigClientCertKey is the asset that generates the key/cert pair for admin client to apiserver.

func (*AdminKubeConfigClientCertKey) Dependencies 

func (a *AdminKubeConfigClientCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*AdminKubeConfigClientCertKey) Generate 

func (a *AdminKubeConfigClientCertKey) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*AdminKubeConfigClientCertKey) Load 

func (a *AdminKubeConfigClientCertKey) Load(f asset.FileFetcher) (bool, error)

Load reads the asset files from disk.

func (*AdminKubeConfigClientCertKey) Name 

func (a *AdminKubeConfigClientCertKey) Name() string

Name returns the human-friendly name of the asset.

type AdminKubeConfigSignerCertKey 

type AdminKubeConfigSignerCertKey struct {
	SelfSignedCertKey
}

AdminKubeConfigSignerCertKey is a key/cert pair that signs the admin kubeconfig client certs.

func (*AdminKubeConfigSignerCertKey) Dependencies 

func (c *AdminKubeConfigSignerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the root-ca, which is empty.

func (*AdminKubeConfigSignerCertKey) Generate 

func (c *AdminKubeConfigSignerCertKey) Generate(parents asset.Parents) error

Generate generates the root-ca key and cert pair.

func (*AdminKubeConfigSignerCertKey) Load 

func (c *AdminKubeConfigSignerCertKey) Load(f asset.FileFetcher) (bool, error)

Load reads the asset files from disk.

func (*AdminKubeConfigSignerCertKey) Name 

func (c *AdminKubeConfigSignerCertKey) Name() string

Name returns the human-friendly name of the asset.

type AggregatorCA 

type AggregatorCA struct {
	SelfSignedCertKey
}

AggregatorCA is the asset that generates the aggregator-ca key/cert pair. [DEPRECATED]

func (*AggregatorCA) Dependencies 

func (a *AggregatorCA) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*AggregatorCA) Generate 

func (a *AggregatorCA) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*AggregatorCA) Name 

func (a *AggregatorCA) Name() string

Name returns the human-friendly name of the asset.

type AggregatorCABundle 

type AggregatorCABundle struct {
	CertBundle
}

AggregatorCABundle is the asset the generates the aggregator-ca-bundle, which contains all the individual client CAs.

func (*AggregatorCABundle) Dependencies 

func (a *AggregatorCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*AggregatorCABundle) Generate 

func (a *AggregatorCABundle) Generate(deps asset.Parents) error

Generate generates the cert bundle based on its dependencies.

func (*AggregatorCABundle) Name 

func (a *AggregatorCABundle) Name() string

Name returns the human-friendly name of the asset.

type AggregatorClientCertKey 

type AggregatorClientCertKey struct {
	SignedCertKey
}

AggregatorClientCertKey is the asset that generates the API server proxy key/cert pair.

func (*AggregatorClientCertKey) Dependencies 

func (a *AggregatorClientCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair

func (*AggregatorClientCertKey) Generate 

func (a *AggregatorClientCertKey) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*AggregatorClientCertKey) Name 

func (a *AggregatorClientCertKey) Name() string

Name returns the human-friendly name of the asset.

type AggregatorSignerCertKey 

type AggregatorSignerCertKey struct {
	SelfSignedCertKey
}

AggregatorSignerCertKey is a key/cert pair that signs the aggregator client certs.

func (*AggregatorSignerCertKey) Dependencies 

func (c *AggregatorSignerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the root-ca, which is empty.

func (*AggregatorSignerCertKey) Generate 

func (c *AggregatorSignerCertKey) Generate(parents asset.Parents) error

Generate generates the root-ca key and cert pair.

func (*AggregatorSignerCertKey) Name 

func (c *AggregatorSignerCertKey) Name() string

Name returns the human-friendly name of the asset.

type AppendParentChoice 

type AppendParentChoice bool

AppendParentChoice dictates whether the parent's cert is to be added to the cert. 

const (
	// AppendParent indicates that the parent's cert should be added.
	AppendParent AppendParentChoice = true
	// DoNotAppendParent indicates that the parent's cert should not be added.
	DoNotAppendParent AppendParentChoice = false
)

type BootstrapSSHKeyPair 

type BootstrapSSHKeyPair struct {
	Priv []byte // private key
	Pub  []byte // public ssh key
}

BootstrapSSHKeyPair generates a private, public key pair for SSH. These keys can use to used to configure the bootstrap-host so that the private key can be used to connect.

func (*BootstrapSSHKeyPair) Dependencies 

func (a *BootstrapSSHKeyPair) Dependencies() []asset.Asset

Dependencies lists the assets required to generate the BootstrapSSHKeyPair.

func (*BootstrapSSHKeyPair) Files 

func (a *BootstrapSSHKeyPair) Files() []*asset.File

Files returns the files generated by the asset.

func (*BootstrapSSHKeyPair) Generate 

func (a *BootstrapSSHKeyPair) Generate(dependencies asset.Parents) error

Generate generates the key pair based on its dependencies.

func (*BootstrapSSHKeyPair) Load 

func (a *BootstrapSSHKeyPair) Load(asset.FileFetcher) (bool, error)

Load is a no-op because the service account keypair is not written to disk.

func (*BootstrapSSHKeyPair) Name 

func (a *BootstrapSSHKeyPair) Name() string

Name defines a user freindly name for BootstrapSSHKeyPair.

func (*BootstrapSSHKeyPair) Private 

func (a *BootstrapSSHKeyPair) Private() []byte

Private returns the private key.

func (*BootstrapSSHKeyPair) Public 

func (a *BootstrapSSHKeyPair) Public() []byte

Public returns the public SSH key.

type BoundSASigningKey 

type BoundSASigningKey struct {
	FileList []*asset.File
}

BoundSASigningKey contains a user provided key and public parts for the service account signing key used by kube-apiserver. This asset does not generate any new content and only loads these files from disk when provided by the user.

func (*BoundSASigningKey) Dependencies 

func (*BoundSASigningKey) Dependencies() []asset.Asset

Dependencies returns all of the dependencies directly needed to generate the asset.

func (*BoundSASigningKey) Files 

func (sk *BoundSASigningKey) Files() []*asset.File

Files returns the files generated by the asset.

func (*BoundSASigningKey) Generate 

func (*BoundSASigningKey) Generate(dependencies asset.Parents) error

Generate generates the CloudProviderConfig.

func (*BoundSASigningKey) Load 

func (sk *BoundSASigningKey) Load(f asset.FileFetcher) (bool, error)

Load reads the private key from the disk. It ensures that the key provided is a valid RSA key.

func (*BoundSASigningKey) Name 

func (*BoundSASigningKey) Name() string

Name returns a human friendly name for the asset.

type CertBundle 

type CertBundle struct {
	BundleRaw []byte
	FileList  []*asset.File
}

CertBundle contains a multiple certificates in a bundle.

func (*CertBundle) Cert 

func (b *CertBundle) Cert() []byte

Cert returns the certificate bundle.

func (*CertBundle) Files 

func (b *CertBundle) Files() []*asset.File

Files returns the files generated by the asset.

func (*CertBundle) Generate 

func (b *CertBundle) Generate(filename string, certs ...CertInterface) error

Generate generates the cert bundle from certs.

func (*CertBundle) Load 

func (b *CertBundle) Load(asset.FileFetcher) (bool, error)

Load is a no-op because TLS assets are not written to disk.

type CertCfg 

type CertCfg struct {
	DNSNames     []string
	ExtKeyUsages []x509.ExtKeyUsage
	IPAddresses  []net.IP
	KeyUsages    x509.KeyUsage
	Subject      pkix.Name
	Validity     time.Duration
	IsCA         bool
}

CertCfg contains all needed fields to configure a new certificate

type CertInterface 

type CertInterface interface {
	// Cert returns the certificate.
	Cert() []byte
}

CertInterface contains cert.

type CertKey 

type CertKey struct {
	CertRaw  []byte
	KeyRaw   []byte
	FileList []*asset.File
}

CertKey contains the private key and the cert.

func (*CertKey) Cert 

func (c *CertKey) Cert() []byte

Cert returns the certificate.

func (*CertKey) CertFile 

func (c *CertKey) CertFile() *asset.File

CertFile returns the certificate file.

func (*CertKey) Files 

func (c *CertKey) Files() []*asset.File

Files returns the files generated by the asset.

func (*CertKey) Key 

func (c *CertKey) Key() []byte

Key returns the private key.

func (*CertKey) Load 

func (c *CertKey) Load(asset.FileFetcher) (bool, error)

Load is a no-op because TLS assets are not written to disk.

type CertKeyInterface 

type CertKeyInterface interface {
	CertInterface
	// Key returns the private key.
	Key() []byte
}

CertKeyInterface contains a private key and the associated cert.

type CloudProviderCABundle 

type CloudProviderCABundle struct {
	File *asset.File
}

CloudProviderCABundle is the asset the generates the CA bundle for trusting communication with the cloud provider. This bundle is used by the machine-config-operator on the bootstrap node.

func (*CloudProviderCABundle) Dependencies 

func (a *CloudProviderCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the CA bundle.

func (*CloudProviderCABundle) Files 

func (a *CloudProviderCABundle) Files() []*asset.File

Files returns the files generated by the asset.

func (*CloudProviderCABundle) Generate 

func (a *CloudProviderCABundle) Generate(deps asset.Parents) error

Generate generates the CA bundle based on its dependencies.

func (*CloudProviderCABundle) Load 

func (a *CloudProviderCABundle) Load(asset.FileFetcher) (bool, error)

Load is a no-op because TLS assets are not written to disk.

func (*CloudProviderCABundle) Name 

func (a *CloudProviderCABundle) Name() string

Name returns the human-friendly name of the asset.

type JournalCertKey 

type JournalCertKey struct {
	SignedCertKey
}

JournalCertKey is the asset that generates the key/cert pair that is used to authenticate with journal-gatewayd on the bootstrap node.

func (*JournalCertKey) Dependencies 

func (a *JournalCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*JournalCertKey) Generate 

func (a *JournalCertKey) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*JournalCertKey) Name 

func (a *JournalCertKey) Name() string

Name returns the human-friendly name of the asset.

type KeyPair 

type KeyPair struct {
	Pvt      []byte
	Pub      []byte
	FileList []*asset.File
}

KeyPair contains a private key and a public key.

func (*KeyPair) Files 

func (k *KeyPair) Files() []*asset.File

Files returns the files generated by the asset.

func (*KeyPair) Generate 

func (k *KeyPair) Generate(filenameBase string) error

Generate generates the rsa private / public key pair.

func (*KeyPair) Private 

func (k *KeyPair) Private() []byte

Private returns the private key.

func (*KeyPair) Public 

func (k *KeyPair) Public() []byte

Public returns the public key.

type KeyPairInterface 

type KeyPairInterface interface {
	// Private returns the private key.
	Private() []byte
	// Public returns the public key.
	Public() []byte
}

KeyPairInterface contains a private key and a public key.

type KubeAPIServerCompleteCABundle 

type KubeAPIServerCompleteCABundle struct {
	CertBundle
}

KubeAPIServerCompleteCABundle is the asset the generates the kube-apiserver-complete-server-ca-bundle, which contains all the certs that are valid to confirm the kube-apiserver identity.

func (*KubeAPIServerCompleteCABundle) Dependencies 

func (a *KubeAPIServerCompleteCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*KubeAPIServerCompleteCABundle) Generate 

func (a *KubeAPIServerCompleteCABundle) Generate(deps asset.Parents) error

Generate generates the cert bundle based on its dependencies.

func (*KubeAPIServerCompleteCABundle) Name 

func (a *KubeAPIServerCompleteCABundle) Name() string

Name returns the human-friendly name of the asset.

type KubeAPIServerCompleteClientCABundle 

type KubeAPIServerCompleteClientCABundle struct {
	CertBundle
}

KubeAPIServerCompleteClientCABundle is the asset the generates the kube-apiserver-complete-client-ca-bundle, which contains all the certs that are valid for the kube-apiserver to trust for clients.

func (*KubeAPIServerCompleteClientCABundle) Dependencies 

func (a *KubeAPIServerCompleteClientCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*KubeAPIServerCompleteClientCABundle) Generate 

func (a *KubeAPIServerCompleteClientCABundle) Generate(deps asset.Parents) error

Generate generates the cert bundle based on its dependencies.

func (*KubeAPIServerCompleteClientCABundle) Name 

func (a *KubeAPIServerCompleteClientCABundle) Name() string

Name returns the human-friendly name of the asset.

type KubeAPIServerExternalLBServerCertKey 

type KubeAPIServerExternalLBServerCertKey struct {
	SignedCertKey
}

KubeAPIServerExternalLBServerCertKey is the asset that generates the kube-apiserver serving key/cert pair for SNI external load balancer.

func (*KubeAPIServerExternalLBServerCertKey) Dependencies 

func (a *KubeAPIServerExternalLBServerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair

func (*KubeAPIServerExternalLBServerCertKey) Generate 

func (a *KubeAPIServerExternalLBServerCertKey) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*KubeAPIServerExternalLBServerCertKey) Name 

func (a *KubeAPIServerExternalLBServerCertKey) Name() string

Name returns the human-friendly name of the asset.

type KubeAPIServerInternalLBServerCertKey 

type KubeAPIServerInternalLBServerCertKey struct {
	SignedCertKey
}

KubeAPIServerInternalLBServerCertKey is the asset that generates the kube-apiserver serving key/cert pair for SNI internal load balancer.

func (*KubeAPIServerInternalLBServerCertKey) Dependencies 

func (a *KubeAPIServerInternalLBServerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair

func (*KubeAPIServerInternalLBServerCertKey) Generate 

func (a *KubeAPIServerInternalLBServerCertKey) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*KubeAPIServerInternalLBServerCertKey) Name 

func (a *KubeAPIServerInternalLBServerCertKey) Name() string

Name returns the human-friendly name of the asset.

type KubeAPIServerLBCABundle 

type KubeAPIServerLBCABundle struct {
	CertBundle
}

KubeAPIServerLBCABundle is the asset the generates the kube-apiserver-lb-ca-bundle, which contains all the individual client CAs.

func (*KubeAPIServerLBCABundle) Dependencies 

func (a *KubeAPIServerLBCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*KubeAPIServerLBCABundle) Generate 

func (a *KubeAPIServerLBCABundle) Generate(deps asset.Parents) error

Generate generates the cert bundle based on its dependencies.

func (*KubeAPIServerLBCABundle) Name 

func (a *KubeAPIServerLBCABundle) Name() string

Name returns the human-friendly name of the asset.

type KubeAPIServerLBSignerCertKey 

type KubeAPIServerLBSignerCertKey struct {
	SelfSignedCertKey
}

KubeAPIServerLBSignerCertKey is a key/cert pair that signs the kube-apiserver server cert for SNI load balancer.

func (*KubeAPIServerLBSignerCertKey) Dependencies 

func (c *KubeAPIServerLBSignerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the root-ca, which is empty.

func (*KubeAPIServerLBSignerCertKey) Generate 

func (c *KubeAPIServerLBSignerCertKey) Generate(parents asset.Parents) error

Generate generates the root-ca key and cert pair.

func (*KubeAPIServerLBSignerCertKey) Load 

func (c *KubeAPIServerLBSignerCertKey) Load(f asset.FileFetcher) (bool, error)

Load reads the asset files from disk.

func (*KubeAPIServerLBSignerCertKey) Name 

func (c *KubeAPIServerLBSignerCertKey) Name() string

Name returns the human-friendly name of the asset.

type KubeAPIServerLocalhostCABundle 

type KubeAPIServerLocalhostCABundle struct {
	CertBundle
}

KubeAPIServerLocalhostCABundle is the asset the generates the kube-apiserver-localhost-ca-bundle, which contains all the individual client CAs.

func (*KubeAPIServerLocalhostCABundle) Dependencies 

func (a *KubeAPIServerLocalhostCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*KubeAPIServerLocalhostCABundle) Generate 

func (a *KubeAPIServerLocalhostCABundle) Generate(deps asset.Parents) error

Generate generates the cert bundle based on its dependencies.

func (*KubeAPIServerLocalhostCABundle) Name 

func (a *KubeAPIServerLocalhostCABundle) Name() string

Name returns the human-friendly name of the asset.

type KubeAPIServerLocalhostServerCertKey 

type KubeAPIServerLocalhostServerCertKey struct {
	SignedCertKey
}

KubeAPIServerLocalhostServerCertKey is the asset that generates the kube-apiserver serving key/cert pair for SNI localhost.

func (*KubeAPIServerLocalhostServerCertKey) Dependencies 

func (a *KubeAPIServerLocalhostServerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair

func (*KubeAPIServerLocalhostServerCertKey) Generate 

func (a *KubeAPIServerLocalhostServerCertKey) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*KubeAPIServerLocalhostServerCertKey) Name 

func (a *KubeAPIServerLocalhostServerCertKey) Name() string

Name returns the human-friendly name of the asset.

type KubeAPIServerLocalhostSignerCertKey 

type KubeAPIServerLocalhostSignerCertKey struct {
	SelfSignedCertKey
}

KubeAPIServerLocalhostSignerCertKey is a key/cert pair that signs the kube-apiserver server cert for SNI localhost.

func (*KubeAPIServerLocalhostSignerCertKey) Dependencies 

func (c *KubeAPIServerLocalhostSignerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the root-ca, which is empty.

func (*KubeAPIServerLocalhostSignerCertKey) Generate 

func (c *KubeAPIServerLocalhostSignerCertKey) Generate(parents asset.Parents) error

Generate generates the root-ca key and cert pair.

func (*KubeAPIServerLocalhostSignerCertKey) Load 

func (c *KubeAPIServerLocalhostSignerCertKey) Load(f asset.FileFetcher) (bool, error)

Load reads the asset files from disk.

func (*KubeAPIServerLocalhostSignerCertKey) Name 

func (c *KubeAPIServerLocalhostSignerCertKey) Name() string

Name returns the human-friendly name of the asset.

type KubeAPIServerServiceNetworkCABundle 

type KubeAPIServerServiceNetworkCABundle struct {
	CertBundle
}

KubeAPIServerServiceNetworkCABundle is the asset the generates the kube-apiserver-service-network-ca-bundle, which contains all the individual client CAs.

func (*KubeAPIServerServiceNetworkCABundle) Dependencies 

func (a *KubeAPIServerServiceNetworkCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*KubeAPIServerServiceNetworkCABundle) Generate 

func (a *KubeAPIServerServiceNetworkCABundle) Generate(deps asset.Parents) error

Generate generates the cert bundle based on its dependencies.

func (*KubeAPIServerServiceNetworkCABundle) Name 

func (a *KubeAPIServerServiceNetworkCABundle) Name() string

Name returns the human-friendly name of the asset.

type KubeAPIServerServiceNetworkServerCertKey 

type KubeAPIServerServiceNetworkServerCertKey struct {
	SignedCertKey
}

KubeAPIServerServiceNetworkServerCertKey is the asset that generates the kube-apiserver serving key/cert pair for SNI service network.

func (*KubeAPIServerServiceNetworkServerCertKey) Dependencies 

func (a *KubeAPIServerServiceNetworkServerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair

func (*KubeAPIServerServiceNetworkServerCertKey) Generate 

func (a *KubeAPIServerServiceNetworkServerCertKey) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*KubeAPIServerServiceNetworkServerCertKey) Name 

func (a *KubeAPIServerServiceNetworkServerCertKey) Name() string

Name returns the human-friendly name of the asset.

type KubeAPIServerServiceNetworkSignerCertKey 

type KubeAPIServerServiceNetworkSignerCertKey struct {
	SelfSignedCertKey
}

KubeAPIServerServiceNetworkSignerCertKey is a key/cert pair that signs the kube-apiserver server cert for SNI service network.

func (*KubeAPIServerServiceNetworkSignerCertKey) Dependencies 

func (c *KubeAPIServerServiceNetworkSignerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the root-ca, which is empty.

func (*KubeAPIServerServiceNetworkSignerCertKey) Generate 

func (c *KubeAPIServerServiceNetworkSignerCertKey) Generate(parents asset.Parents) error

Generate generates the root-ca key and cert pair.

func (*KubeAPIServerServiceNetworkSignerCertKey) Load 

func (c *KubeAPIServerServiceNetworkSignerCertKey) Load(f asset.FileFetcher) (bool, error)

Load reads the asset files from disk.

func (*KubeAPIServerServiceNetworkSignerCertKey) Name 

func (c *KubeAPIServerServiceNetworkSignerCertKey) Name() string

Name returns the human-friendly name of the asset.

type KubeAPIServerToKubeletCABundle 

type KubeAPIServerToKubeletCABundle struct {
	CertBundle
}

KubeAPIServerToKubeletCABundle is the asset the generates the kube-apiserver-to-kubelet-ca-bundle, which contains all the individual client CAs.

func (*KubeAPIServerToKubeletCABundle) Dependencies 

func (a *KubeAPIServerToKubeletCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*KubeAPIServerToKubeletCABundle) Generate 

func (a *KubeAPIServerToKubeletCABundle) Generate(deps asset.Parents) error

Generate generates the cert bundle based on its dependencies.

func (*KubeAPIServerToKubeletCABundle) Name 

func (a *KubeAPIServerToKubeletCABundle) Name() string

Name returns the human-friendly name of the asset.

type KubeAPIServerToKubeletClientCertKey 

type KubeAPIServerToKubeletClientCertKey struct {
	SignedCertKey
}

KubeAPIServerToKubeletClientCertKey is the asset that generates the kube-apiserver to kubelet client key/cert pair.

func (*KubeAPIServerToKubeletClientCertKey) Dependencies 

func (a *KubeAPIServerToKubeletClientCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair

func (*KubeAPIServerToKubeletClientCertKey) Generate 

func (a *KubeAPIServerToKubeletClientCertKey) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*KubeAPIServerToKubeletClientCertKey) Name 

func (a *KubeAPIServerToKubeletClientCertKey) Name() string

Name returns the human-friendly name of the asset.

type KubeAPIServerToKubeletSignerCertKey 

type KubeAPIServerToKubeletSignerCertKey struct {
	SelfSignedCertKey
}

KubeAPIServerToKubeletSignerCertKey is a key/cert pair that signs the kube-apiserver to kubelet client certs.

func (*KubeAPIServerToKubeletSignerCertKey) Dependencies 

func (c *KubeAPIServerToKubeletSignerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the root-ca, which is empty.

func (*KubeAPIServerToKubeletSignerCertKey) Generate 

func (c *KubeAPIServerToKubeletSignerCertKey) Generate(parents asset.Parents) error

Generate generates the root-ca key and cert pair.

func (*KubeAPIServerToKubeletSignerCertKey) Name 

func (c *KubeAPIServerToKubeletSignerCertKey) Name() string

Name returns the human-friendly name of the asset.

type KubeControlPlaneCABundle 

type KubeControlPlaneCABundle struct {
	CertBundle
}

KubeControlPlaneCABundle is the asset the generates the kube-control-plane-ca-bundle, which contains all the individual client CAs.

func (*KubeControlPlaneCABundle) Dependencies 

func (a *KubeControlPlaneCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*KubeControlPlaneCABundle) Generate 

func (a *KubeControlPlaneCABundle) Generate(deps asset.Parents) error

Generate generates the cert bundle based on its dependencies.

func (*KubeControlPlaneCABundle) Name 

func (a *KubeControlPlaneCABundle) Name() string

Name returns the human-friendly name of the asset.

type KubeControlPlaneKubeControllerManagerClientCertKey 

type KubeControlPlaneKubeControllerManagerClientCertKey struct {
	SignedCertKey
}

KubeControlPlaneKubeControllerManagerClientCertKey is the asset that generates the kube-controller-manger client key/cert pair.

func (*KubeControlPlaneKubeControllerManagerClientCertKey) Dependencies 

func (a *KubeControlPlaneKubeControllerManagerClientCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair

func (*KubeControlPlaneKubeControllerManagerClientCertKey) Generate 

func (a *KubeControlPlaneKubeControllerManagerClientCertKey) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*KubeControlPlaneKubeControllerManagerClientCertKey) Name 

func (a *KubeControlPlaneKubeControllerManagerClientCertKey) Name() string

Name returns the human-friendly name of the asset.

type KubeControlPlaneKubeSchedulerClientCertKey 

type KubeControlPlaneKubeSchedulerClientCertKey struct {
	SignedCertKey
}

KubeControlPlaneKubeSchedulerClientCertKey is the asset that generates the kube-scheduler client key/cert pair.

func (*KubeControlPlaneKubeSchedulerClientCertKey) Dependencies 

func (a *KubeControlPlaneKubeSchedulerClientCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair

func (*KubeControlPlaneKubeSchedulerClientCertKey) Generate 

func (a *KubeControlPlaneKubeSchedulerClientCertKey) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*KubeControlPlaneKubeSchedulerClientCertKey) Name 

func (a *KubeControlPlaneKubeSchedulerClientCertKey) Name() string

Name returns the human-friendly name of the asset.

type KubeControlPlaneSignerCertKey 

type KubeControlPlaneSignerCertKey struct {
	SelfSignedCertKey
}

KubeControlPlaneSignerCertKey is a key/cert pair that signs the kube control-plane client certs.

func (*KubeControlPlaneSignerCertKey) Dependencies 

func (c *KubeControlPlaneSignerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the root-ca, which is empty.

func (*KubeControlPlaneSignerCertKey) Generate 

func (c *KubeControlPlaneSignerCertKey) Generate(parents asset.Parents) error

Generate generates the root-ca key and cert pair.

func (*KubeControlPlaneSignerCertKey) Name 

func (c *KubeControlPlaneSignerCertKey) Name() string

Name returns the human-friendly name of the asset.

type KubeletBootstrapCABundle 

type KubeletBootstrapCABundle struct {
	CertBundle
}

KubeletBootstrapCABundle is the asset the generates the admin-kubeconfig-ca-bundle, which contains all the individual client CAs.

func (*KubeletBootstrapCABundle) Dependencies 

func (a *KubeletBootstrapCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*KubeletBootstrapCABundle) Generate 

func (a *KubeletBootstrapCABundle) Generate(deps asset.Parents) error

Generate generates the cert bundle based on its dependencies.

func (*KubeletBootstrapCABundle) Name 

func (a *KubeletBootstrapCABundle) Name() string

Name returns the human-friendly name of the asset.

type KubeletBootstrapCertSigner 

type KubeletBootstrapCertSigner struct {
	SelfSignedCertKey
}

KubeletBootstrapCertSigner is a key/cert pair that signs the kubelet bootstrap kubeconfig client certs that the kubelet uses to create CSRs for it's real certificates

func (*KubeletBootstrapCertSigner) Dependencies 

func (c *KubeletBootstrapCertSigner) Dependencies() []asset.Asset

Dependencies returns the dependency of the root-ca, which is empty.

func (*KubeletBootstrapCertSigner) Generate 

func (c *KubeletBootstrapCertSigner) Generate(parents asset.Parents) error

Generate generates the root-ca key and cert pair.

func (*KubeletBootstrapCertSigner) Name 

func (c *KubeletBootstrapCertSigner) Name() string

Name returns the human-friendly name of the asset.

type KubeletCSRSignerCertKey 

type KubeletCSRSignerCertKey struct {
	SelfSignedCertKey
}

KubeletCSRSignerCertKey is a key/cert pair that signs the kubelet client certs.

func (*KubeletCSRSignerCertKey) Dependencies 

func (c *KubeletCSRSignerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the root-ca, which is empty.

func (*KubeletCSRSignerCertKey) Generate 

func (c *KubeletCSRSignerCertKey) Generate(parents asset.Parents) error

Generate generates the root-ca key and cert pair.

func (*KubeletCSRSignerCertKey) Name 

func (c *KubeletCSRSignerCertKey) Name() string

Name returns the human-friendly name of the asset.

type KubeletClientCABundle 

type KubeletClientCABundle struct {
	CertBundle
}

KubeletClientCABundle is the asset the generates the kubelet-client-ca-bundle, which contains all the individual client CAs.

func (*KubeletClientCABundle) Dependencies 

func (a *KubeletClientCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*KubeletClientCABundle) Generate 

func (a *KubeletClientCABundle) Generate(deps asset.Parents) error

Generate generates the cert bundle based on its dependencies.

func (*KubeletClientCABundle) Name 

func (a *KubeletClientCABundle) Name() string

Name returns the human-friendly name of the asset.

type KubeletClientCertKey 

type KubeletClientCertKey struct {
	SignedCertKey
}

KubeletClientCertKey is the asset that generates the key/cert pair for kubelet client to apiserver. This credential can be revoked by deleting the configmap containing its signer.

func (*KubeletClientCertKey) Dependencies 

func (a *KubeletClientCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*KubeletClientCertKey) Generate 

func (a *KubeletClientCertKey) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*KubeletClientCertKey) Name 

func (a *KubeletClientCertKey) Name() string

Name returns the human-friendly name of the asset.

type KubeletServingCABundle 

type KubeletServingCABundle struct {
	CertBundle
}

KubeletServingCABundle is the asset the generates the kubelet-serving-ca-bundle, which contains all the individual client CAs.

func (*KubeletServingCABundle) Dependencies 

func (a *KubeletServingCABundle) Dependencies() []asset.Asset

Dependencies returns the dependency of the cert bundle.

func (*KubeletServingCABundle) Generate 

func (a *KubeletServingCABundle) Generate(deps asset.Parents) error

Generate generates the cert bundle based on its dependencies.

func (*KubeletServingCABundle) Name 

func (a *KubeletServingCABundle) Name() string

Name returns the human-friendly name of the asset.

type MCSCertKey 

type MCSCertKey struct {
	SignedCertKey
}

MCSCertKey is the asset that generates the MCS key/cert pair.

func (*MCSCertKey) Dependencies 

func (a *MCSCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*MCSCertKey) Generate 

func (a *MCSCertKey) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*MCSCertKey) Name 

func (a *MCSCertKey) Name() string

Name returns the human-friendly name of the asset.

type RootCA 

type RootCA struct {
	SelfSignedCertKey
}

RootCA contains the private key and the cert that acts as a certificate authority, which is in turn really only used to generate a certificate for the Machine Config Server. More in https://docs.openshift.com/container-platform/4.13/security/certificate_types_descriptions/machine-config-operator-certificates.html and https://github.com/openshift/api/tree/master/tls/docs/MachineConfig%20Operator%20Certificates This logic dates back to the very creation of OpenShift 4 and the initial code for this project. The private key is (as best we know) completely discarded after an installation is complete.

func (*RootCA) Dependencies 

func (c *RootCA) Dependencies() []asset.Asset

Dependencies returns nothing.

func (*RootCA) Generate 

func (c *RootCA) Generate(parents asset.Parents) error

Generate generates the MCS/Ignition CA.

func (*RootCA) Name 

func (c *RootCA) Name() string

Name returns the human-friendly name of the asset.

type SelfSignedCertKey 

type SelfSignedCertKey struct {
	CertKey
}

SelfSignedCertKey contains the private key and the cert that's self-signed.

func (*SelfSignedCertKey) Generate 

func (c *SelfSignedCertKey) Generate(
	cfg *CertCfg,
	filenameBase string,
) error

Generate generates a cert/key pair signed by the specified parent CA.

type ServiceAccountKeyPair 

type ServiceAccountKeyPair struct {
	KeyPair
}

ServiceAccountKeyPair is the asset that generates the service-account public/private key pair.

func (*ServiceAccountKeyPair) Dependencies 

func (a *ServiceAccountKeyPair) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*ServiceAccountKeyPair) Generate 

func (a *ServiceAccountKeyPair) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*ServiceAccountKeyPair) Load 

func (a *ServiceAccountKeyPair) Load(asset.FileFetcher) (bool, error)

Load is a no-op because the service account keypair is not written to disk.

func (*ServiceAccountKeyPair) Name 

func (a *ServiceAccountKeyPair) Name() string

Name returns the human-friendly name of the asset.

type SignedCertKey 

type SignedCertKey struct {
	CertKey
}

SignedCertKey contains the private key and the cert that's signed by the parent CA.

func (*SignedCertKey) Generate 

func (c *SignedCertKey) Generate(
	cfg *CertCfg,
	parentCA CertKeyInterface,
	filenameBase string,
	appendParent AppendParentChoice,
) error

Generate generates a cert/key pair signed by the specified parent CA.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.