ktls

package module
v0.1.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 5, 2020 License: Apache-2.0 Imports: 21 Imported by: 0

README

go-ktls

A small library that manages a TLS secret in Kubernetes.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetDefaultKubeClient added in v0.1.2 

func GetDefaultKubeClient() (kubernetes.Interface, error)

func GetDefaultRESTConfig added in v0.1.4 

func GetDefaultRESTConfig() (*rest.Config, error)

Types

type CertificateKeyPair 

type CertificateKeyPair struct {
	CertPem []byte
	KeyPem  []byte
	// contains filtered or unexported fields
}

func GenerateCert 

func GenerateCert(name string, dnsNames []string, parent *CertificateKeyPair, duration time.Duration) (*CertificateKeyPair, error)

func (*CertificateKeyPair) CopyFrom 

func (ckp *CertificateKeyPair) CopyFrom(c *CertificateKeyPair)

func (*CertificateKeyPair) GetCACertPem 

func (ckp *CertificateKeyPair) GetCACertPem() []byte

func (*CertificateKeyPair) GetParsedCertificate 

func (ckp *CertificateKeyPair) GetParsedCertificate() (*x509.Certificate, error)

func (*CertificateKeyPair) GetTLSCertificateChain 

func (ckp *CertificateKeyPair) GetTLSCertificateChain() *tls.Certificate

func (*CertificateKeyPair) IsValid 

func (ckp *CertificateKeyPair) IsValid(d time.Duration) bool

type TLSSecret 

type TLSSecret struct {
	// Explicitly provide a KubeClient to lookup a TLS secret and possibly generate
	// a certificate on-the-fly.  If unset TLSSecret will try and get one
	// for you.
	ExplicitKubeClient kubernetes.Interface
	// The namespace for the certificate
	Namespace string
	// The name of the secret
	Name string
	// The name of the CA secret, defaults to Name-ca
	CAName string
	// If non-empty, persist an opaque secret with the public
	// CA certificate.  This duplicates the CAName secret but
	// is missing the "tls.key" entry.
	CAPublicName string
	// The duration of the CA certifcate, defaults to 10 years
	CADuration time.Duration
	// The duration of the TLS certificate, defaults to 8 hours
	Duration time.Duration
	// The DNSNames of the certificate.  If unset, then DNSNames will be Name,
	// Name.Namespace.svc, and Name.Namespace.svc.cluster.local (these values)
	// are appropriate for a service with the name "Name".
	DNSNames []string
	// Enable background refresh
	EnableBackgroundRefresh bool
	// The field manager for update and create operations
	FieldManager string
	// The cluster domain name.  If unset, then "cluster.local"
	ClusterDomainName string

	// Custom log output
	Log func(string, ...interface{})
	// contains filtered or unexported fields
}

TLSSecret retrieves a TLS certificate from a kubernetes secret. If the secret doesn't exist, it will generate it.

func (*TLSSecret) Create added in v0.1.2 

func (t *TLSSecret) Create() error

func (*TLSSecret) Delete added in v0.1.2 

func (t *TLSSecret) Delete() error

func (*TLSSecret) GetCertificateKeyPair 

func (t *TLSSecret) GetCertificateKeyPair() (*CertificateKeyPair, error)

func (*TLSSecret) GetTLSConfig 

func (t *TLSSecret) GetTLSConfig() (*tls.Config, error)

func (*TLSSecret) MustGetTLSConfig 

func (t *TLSSecret) MustGetTLSConfig() *tls.Config

Source Files

View all Source files

Directories

Path Synopsis
cmd
ktls

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.