Documentation ¶
Index ¶
- Constants
- Variables
- func EncodeCertPEM(cert *x509.Certificate) []byte
- func EncodePublicKeyPEM(key crypto.PublicKey) ([]byte, error)
- func GenerateCert(altNames []string, hostIP, hostName, serviceCIRD, DNSDomain string) error
- func LoadCaCertAndKeyFromDisk(cfg Config) (*x509.Certificate, crypto.Signer, error)
- func NewCaCertAndKey(cfg Config) (*x509.Certificate, crypto.Signer, error)
- func NewCaCertAndKeyFromRoot(cfg Config, caCert *x509.Certificate, caKey crypto.Signer) (*x509.Certificate, crypto.Signer, error)
- func NewPrivateKey(keyType x509.PublicKeyAlgorithm) (crypto.Signer, error)
- func NewSelfSignedCACert(key crypto.Signer, commonName string, organization []string, ...) (*x509.Certificate, error)
- func NewSignedCert(cfg Config, key crypto.Signer, caCert *x509.Certificate, caKey crypto.Signer) (*x509.Certificate, error)
- func TryLoadKeyFromDisk(pkiPath string) (crypto.Signer, error)
- func WriteCert(pkiPath, name string, cert *x509.Certificate) error
- func WriteCertAndKey(pkiPath string, name string, cert *x509.Certificate, key crypto.Signer) error
- func WriteKey(pkiPath, name string, key crypto.Signer) error
- func WritePublicKey(pkiPath, name string, key crypto.PublicKey) error
- type AltNames
- type CertMetaData
- type Config
Constants ¶
const ( // PrivateKeyBlockType is a possible value for pem.Block.Type. PrivateKeyBlockType = "PRIVATE KEY" // PublicKeyBlockType is a possible value for pem.Block.Type. PublicKeyBlockType = "PUBLIC KEY" // CertificateBlockType is a possible value for pem.Block.Type. CertificateBlockType = "CERTIFICATE" // RSAPrivateKeyBlockType is a possible value for pem.Block.Type. RSAPrivateKeyBlockType = "RSA PRIVATE KEY" )
const ( APIserverCert = iota APIserverKubeletClientCert FrontProxyClientCert APIserverEtcdClientCert EtcdServerCert EtcdPeerCert EtcdHealthcheckClientCert )
Variables ¶
var (
KubeDefaultCertPath = "/etc/kubernetes/pki"
)
Functions ¶
func EncodeCertPEM ¶
func EncodeCertPEM(cert *x509.Certificate) []byte
EncodeCertPEM returns PEM-endcoded certificate data
func EncodePublicKeyPEM ¶
EncodePublicKeyPEM returns PEM-encoded public data
func GenerateCert ¶
GenerateCert generate all cert.
func LoadCaCertAndKeyFromDisk ¶
LoadCaCertAndKeyFromDisk load ca cert and key form disk.
func NewCaCertAndKey ¶
NewCaCertAndKey Create as ca.
func NewCaCertAndKeyFromRoot ¶
func NewCaCertAndKeyFromRoot(cfg Config, caCert *x509.Certificate, caKey crypto.Signer) (*x509.Certificate, crypto.Signer, error)
NewCaCertAndKeyFromRoot cmd/kubeadm/app/util/pkiutil/pki_helpers.go NewCertAndKey
func NewPrivateKey ¶
func NewPrivateKey(keyType x509.PublicKeyAlgorithm) (crypto.Signer, error)
NewPrivateKey creates an RSA private key
func NewSelfSignedCACert ¶
func NewSelfSignedCACert(key crypto.Signer, commonName string, organization []string, year time.Duration) (*x509.Certificate, error)
NewSelfSignedCACert creates a CA certificate
func NewSignedCert ¶
func NewSignedCert(cfg Config, key crypto.Signer, caCert *x509.Certificate, caKey crypto.Signer) (*x509.Certificate, error)
NewSignedCert creates a signed certificate using the given CA certificate and key
func TryLoadKeyFromDisk ¶
TryLoadKeyFromDisk tries to load the key from the disk and validates that it is valid
func WriteCert ¶
func WriteCert(pkiPath, name string, cert *x509.Certificate) error
WriteCert stores the given certificate at the given location
func WriteCertAndKey ¶
WriteCertAndKey stores certificate and key at the specified location
Types ¶
type AltNames ¶
AltNames contains the domain names and IP addresses that will be added to the API Server's x509 certificate SubAltNames field. The values will be passed directly to the x509.Certificate object.
type CertMetaData ¶
type CertMetaData struct { APIServer AltNames NodeName string NodeIP string DNSDomain string CertPath string CertEtcdPath string }
func NewCertMetaData ¶
func NewCertMetaData(apiServerIPAndDomains []string, svcCIDR, nodeName, nodeIP, DNSDomain string) (*CertMetaData, error)
func (*CertMetaData) GenerateAll ¶
func (meta *CertMetaData) GenerateAll() error
type Config ¶
type Config struct { Path string // Writeto Dir BaseName string // Writeto file name CAName string // root ca map key CommonName string Organization []string Year time.Duration AltNames AltNames Usages []x509.ExtKeyUsage }
Config contains the basic fields required for creating a certificate