pki

package

v0.25.1 Latest Latest Go to latest Published: Jul 12, 2023 License: Apache-2.0 Imports: 17 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/banzaicloud/koperator

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func BrokerUserForCluster(cluster *v1beta1.KafkaCluster, ...) *v1alpha1.KafkaUser
func ControllerUserForCluster(cluster *v1beta1.KafkaCluster) *v1alpha1.KafkaUser
func EnsureControllerReference(ctx context.Context, user *v1alpha1.KafkaUser, secret *corev1.Secret, ...) error
func EnsureValidCommonNameLen(s string) string
func GetCommonName(cluster *v1beta1.KafkaCluster) string
func GetInternalDNSNames(cluster *v1beta1.KafkaCluster) (dnsNames []string)
func LabelsForKafkaPKI(name, namespace string) map[string]string
type Manager
type UserCertificate
- func (u *UserCertificate) GetDistinguishedName() (string, error)

Constants ¶

View Source

const (
	// BrokerSelfSignerTemplate is the template used for self-signer resources
	BrokerSelfSignerTemplate = "%s-self-signer"
	// BrokerCACertTemplate is the template used for CA certificate resources
	BrokerCACertTemplate = "%s-ca-certificate"
	// BrokerServerCertTemplate is the template used for broker certificate resources
	BrokerServerCertTemplate = "%s-server-certificate"
	// BrokerClusterIssuerTemplate is the template used for broker issuer resources
	BrokerClusterIssuerTemplate = "%s-%s-issuer"
	// LegacyBrokerClusterIssuerTemplate is the template used earlier for broker issuer resources
	LegacyBrokerClusterIssuerTemplate = "%s-issuer"
	// BrokerControllerTemplate is the template used for operator certificate resources
	BrokerControllerTemplate = "%s-controller"
	// BrokerControllerFQDNTemplate is combined with the above and cluster namespace
	// to create a 'fake' full-name for the controller user
	BrokerControllerFQDNTemplate = "%s.%s.mgt.%s"
	// CAFQDNTemplate is the template used for the FQDN of a CA
	CAFQDNTemplate = "%s-ca.%s.cluster.local"
	// KafkaUserAnnotationName used in case of PKIbackend is k8s-csr to find the appropriate kafkauser in case of
	// signing request event
	KafkaUserAnnotationName = "banzaicloud.io/owner"
	// MaxCNLen specifies the number of chars that the longest common name can have
	MaxCNLen = 64
)

Variables ¶

This section is empty.

Functions ¶

func BrokerUserForCluster ¶

func BrokerUserForCluster(cluster *v1beta1.KafkaCluster, extListenerStatuses map[string]v1beta1.ListenerStatusList) *v1alpha1.KafkaUser

BrokerUserForCluster returns a KafkaUser CR for the broker certificates in a KafkaCluster

func ControllerUserForCluster ¶

func ControllerUserForCluster(cluster *v1beta1.KafkaCluster) *v1alpha1.KafkaUser

ControllerUserForCluster returns a KafkaUser CR for the controller/cc certificates in a KafkaCluster

func EnsureControllerReference ¶

func EnsureControllerReference(ctx context.Context, user *v1alpha1.KafkaUser,
	secret *corev1.Secret, scheme *runtime.Scheme, client client.Client) error

EnsureControllerReference ensures that a KafkaUser owns a given Secret

func EnsureValidCommonNameLen ¶ added in v0.22.0

func EnsureValidCommonNameLen(s string) string

EnsureValidCommonNameLen ensures that the passed-in common name doesn't exceed the longest supported length

func GetCommonName ¶

func GetCommonName(cluster *v1beta1.KafkaCluster) string

GetCommonName returns the full FQDN for the internal Kafka listener

func GetInternalDNSNames ¶

func GetInternalDNSNames(cluster *v1beta1.KafkaCluster) (dnsNames []string)

GetInternalDNSNames returns all potential DNS names for a kafka cluster - including brokers

func LabelsForKafkaPKI ¶

func LabelsForKafkaPKI(name, namespace string) map[string]string

LabelsForKafkaPKI returns kubernetes labels for a PKI object

Types ¶

type Manager ¶

type Manager interface {
	// ReconcilePKI ensures a PKI for a kafka cluster - should be idempotent.
	// This method should at least setup any issuer needed for user certificates
	// as well as broker/cruise-control secrets
	ReconcilePKI(ctx context.Context, externalHostnames map[string]v1beta1.ListenerStatusList) error

	// FinalizePKI performs any cleanup steps necessary for a PKI backend
	FinalizePKI(ctx context.Context) error

	// ReconcileUserCertificate ensures and returns a user certificate - should be idempotent
	ReconcileUserCertificate(
		ctx context.Context, user *v1alpha1.KafkaUser, scheme *runtime.Scheme, clusterDomain string) (*UserCertificate, error)

	// FinalizeUserCertificate removes/revokes a user certificate
	FinalizeUserCertificate(ctx context.Context, user *v1alpha1.KafkaUser) error

	// GetControllerTLSConfig retrieves a TLS configuration for a controller kafka client
	GetControllerTLSConfig() (*tls.Config, error)
}

Manager is the main interface for objects performing PKI operations

type UserCertificate ¶

type UserCertificate struct {
	CA          []byte
	Certificate []byte
	Key         []byte
	JKS         []byte
	Password    []byte
}

UserCertificate is a struct representing the key components of a user TLS certificate for use across operations from other packages and internally.

func (*UserCertificate) GetDistinguishedName ¶ added in v0.22.0

func (u *UserCertificate) GetDistinguishedName() (string, error)

GetDistinguishedName returns the Distinguished Name of a TLS certificate

Source Files ¶

View all Source files

common.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL