pki

package

v0.0.0-...-4d19ac6 Latest Latest Go to latest Published: Nov 23, 2023 License: Apache-2.0 Imports: 12 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kubernetes-sigs/cluster-api-provider-nested

Links

Open Source Insights

Documentation ¶

Index ¶

func DecodePrivateKeyPEM(raw []byte) (*rsa.PrivateKey, error)
func EncodePrivateKeyPEM(key *rsa.PrivateKey) []byte
func NewAPIServerKubeletClientCertAndKey(ca *CrtKeyPair) (*x509.Certificate, *rsa.PrivateKey, error)
func NewEtcdHealthcheckClientCertAndKey(ca *CrtKeyPair) (*x509.Certificate, *rsa.PrivateKey, error)
func NewServiceAccountSigningKey() (*rsa.PrivateKey, error)
type ClusterCAGroup
type CrtKeyPair

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func DecodePrivateKeyPEM ¶

func DecodePrivateKeyPEM(raw []byte) (*rsa.PrivateKey, error)

func EncodePrivateKeyPEM ¶

func EncodePrivateKeyPEM(key *rsa.PrivateKey) []byte

EncodePrivateKeyPEM returns PEM-encoded private key data

func NewAPIServerKubeletClientCertAndKey ¶

func NewAPIServerKubeletClientCertAndKey(ca *CrtKeyPair) (*x509.Certificate, *rsa.PrivateKey, error)

NewAPIServerKubeletClientCertAndKey creates certificate for the apiservers to connect to the kubelets securely, signed by the ca.

func NewEtcdHealthcheckClientCertAndKey ¶

func NewEtcdHealthcheckClientCertAndKey(ca *CrtKeyPair) (*x509.Certificate, *rsa.PrivateKey, error)

NewEtcdHealthcheckClientCertAndKey creates certificate for liveness probes to healthcheck etcd, signed by the given ca.

func NewServiceAccountSigningKey ¶

func NewServiceAccountSigningKey() (*rsa.PrivateKey, error)

NewServiceAccountSigningKey creates rsa key for signing service account tokens.

Types ¶

type ClusterCAGroup ¶

type ClusterCAGroup struct {
	RootCA                   *CrtKeyPair
	APIServer                *CrtKeyPair
	ETCD                     *CrtKeyPair
	FrontProxy               *CrtKeyPair
	CtrlMgrKbCfg             string // the kubeconfig used by controller-manager
	AdminKbCfg               string // the kubeconfig used by admin user
	ServiceAccountPrivateKey *rsa.PrivateKey
}

ClusterCAGroup contains all CrtKeyPair for control plane

type CrtKeyPair ¶

type CrtKeyPair struct {
	Crt *x509.Certificate
	Key *rsa.PrivateKey
}

CrtKeyPair is a pair of Cert and Key

func NewAPIServerCrtAndKey ¶

func NewAPIServerCrtAndKey(ca *CrtKeyPair, vc *tenancyv1alpha1.VirtualCluster, apiserverDomain string, apiserverIPs ...string) (*CrtKeyPair, error)

NewAPIServerCrtAndKey creates crt and key for apiserver using ca.

func NewClientCrtAndKey ¶

func NewClientCrtAndKey(user string, ca *CrtKeyPair, groups []string) (*CrtKeyPair, error)

NewClientCrtAndKey creates crt-key pair for client

func NewEtcdServerCertAndKey ¶

func NewEtcdServerCertAndKey(ca *CrtKeyPair, etcdDomains []string) (*CrtKeyPair, error)

NewEtcdServerCertAndKey creates new crt-key pair using ca for etcd

func NewFrontProxyClientCertAndKey ¶

func NewFrontProxyClientCertAndKey(ca *CrtKeyPair) (*CrtKeyPair, error)

NewFrontProxyClientCertAndKey creates crt-key pair for proxy client using ca.

Source Files ¶

View all Source files

pki.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL