Documentation
¶
Index ¶
- Constants
- func CreateClusterCACertificate(ctx context.Context, logger logr.Logger, cl client.Client, ...) error
- func CreatePrivateKey(keyConfig KeyConfig) (crypto.Signer, *pem.Block, x509.SignatureAlgorithm, error)
- func EnsureCertificate[T interface{ ... }](ctx context.Context, owner T, subject string, ...) (op.Result, *corev1.Secret, error)
- func GetManagedLabelForServiceSecret(svcNN types.NamespacedName) client.MatchingLabels
- func IsTLSSecretValid(secret *corev1.Secret) bool
- func ParseKey(keyType x509.PublicKeyAlgorithm, pemBlock *pem.Block) (crypto.Signer, error)
- func ParsePrivateKey(pemBlock *pem.Block) (crypto.Signer, x509.SignatureAlgorithm, error)
- func SetCALogger(logger logr.Logger)
- func SignatureAlgorithmForKeyType(keyType x509.PublicKeyAlgorithm) x509.SignatureAlgorithm
- type KeyConfig
Constants ¶
const ( // SignatureAlgorithmForECDSA is the default signature algorithm for ECDSA keys. SignatureAlgorithmForECDSA x509.SignatureAlgorithm = x509.ECDSAWithSHA256 // SignatureAlgorithmForRSA is the default signature algorithm for RSA keys. SignatureAlgorithmForRSA x509.SignatureAlgorithm = x509.SHA256WithRSA )
Variables ¶
This section is empty.
Functions ¶
func CreateClusterCACertificate ¶
func CreateClusterCACertificate(ctx context.Context, logger logr.Logger, cl client.Client, secretNN types.NamespacedName, secretLabels map[string]string, keyConfig KeyConfig) error
CreateClusterCACertificate creates a cluster CA certificate Secret.
func CreatePrivateKey ¶
func CreatePrivateKey( keyConfig KeyConfig, ) (crypto.Signer, *pem.Block, x509.SignatureAlgorithm, error)
CreatePrivateKey generates a private key based on the provided keyConfig.
func EnsureCertificate ¶
func EnsureCertificate[
T interface {
k8sresources.ControlPlaneOrDataPlaneOrKonnectExtension
client.Object
},
](
ctx context.Context,
owner T,
subject string,
mtlsCASecretNN types.NamespacedName,
usages []certificatesv1.KeyUsage,
keyConfig KeyConfig,
cl client.Client,
additionalMatchingLabels client.MatchingLabels,
) (op.Result, *corev1.Secret, error)
EnsureCertificate creates a namespace/name Secret for subject signed by the CA in the mtlsCASecretNamespace/mtlsCASecretName Secret, or does nothing if a namespace/name Secret is already present. It returns a boolean indicating if it created a Secret and an error indicating any failures it encountered.
func GetManagedLabelForServiceSecret ¶
func GetManagedLabelForServiceSecret(svcNN types.NamespacedName) client.MatchingLabels
GetManagedLabelForServiceSecret returns a label selector for the ServiceSecret.
func IsTLSSecretValid ¶
IsTLSSecretValid checks if a Secret contains a valid TLS certificate and key.
func ParsePrivateKey ¶
ParsePrivateKey parses a PEM block and returns a crypto.Signer and x509.SignatureAlgorithm.
func SetCALogger ¶
SetCALogger sets the logger for the CFSSL signer. Call it once at the start of the program to ensure that CFSSL logs are captured by the operator's logger. Subsequent calls to this function will have no effect.
func SignatureAlgorithmForKeyType ¶
func SignatureAlgorithmForKeyType(keyType x509.PublicKeyAlgorithm) x509.SignatureAlgorithm
SignatureAlgorithmForKeyType returns the default signature algorithm for the provided key type.
Types ¶
type KeyConfig ¶
type KeyConfig struct {
// Type is the type of the key to generate
Type x509.PublicKeyAlgorithm
// Size is the size of the key to generate in bits.
// This is only used for RSA keys.
Size int
}
KeyConfig is the configuration for generating a private key.
Source Files
Directories