pki

package

v2.1.1+incompatible Latest Latest Go to latest Published: May 21, 2019 License: Apache-2.0 Imports: 9 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/supergiant/control

Documentation ¶

Index ¶

Constants
Variables
func EncodePublicKeyPEM(key *rsa.PublicKey) ([]byte, error)
type CARequest
type PKI
type Pair
- func Decode(p *PairPEM) (*Pair, error)
type PairPEM

Constants ¶

View Source

const (
	MastersGroup = "system:masters"
)

View Source

const (
	PublicKeyBlockType = "PUBLIC KEY"
)

Variables ¶

View Source

var (
	ErrInvalidCA = errors.New("certificate is not a certificate authority")
	ErrEmptyPair = errors.New("pair or cert/key is empty")
)

Functions ¶

func EncodePublicKeyPEM ¶

func EncodePublicKeyPEM(key *rsa.PublicKey) ([]byte, error)

EncodePublicKeyPEM returns PEM-encoded public data

Types ¶

type CARequest ¶

type CARequest struct {
	DNSDomain string   `json:"dnsDomain" valid:"required"`
	IPs       []string `json:"ips" valid:"required"`
	CA        []byte   `json:"ca" valid:"optional"`
}

CARequest defines a request to generate or use CA if provided to setup PKI for k8s cluster

type PKI ¶

type PKI struct {
	ID string   `json:"id"`
	CA *PairPEM `json:"ca"`
	//KubeName is a sg specific name of a k8s cluster
	KubeName string `json:"kubeName"`
}

PKI defines a set of certificates/keys for a kubernetes cluster.

type Pair ¶

type Pair struct {
	Cert *x509.Certificate
	Key  *rsa.PrivateKey
}

Pair defines a certificate and a private key.

func Decode ¶

func Decode(p *PairPEM) (*Pair, error)

Decode parses a pem encoded cert/key and returns them as a Pair.

type PairPEM ¶

type PairPEM struct {
	Cert []byte `json:"cert"`
	Key  []byte `json:"key"`
}

PairPEM defines PEM encoded certificate and private key. TODO: user cert pair in the kube model or get rid of it.

func Encode ¶

func Encode(p *Pair) (*PairPEM, error)

Encode encodes cert/key with PEM and returns them as a PairPEM.

func NewAdminPair ¶

func NewAdminPair(ca *PairPEM) (*PairPEM, error)

NewAdminPair creates certificates for the kubernetes admin user.

func NewCAPair ¶

func NewCAPair(parentBytes []byte) (*PairPEM, error)

NewCAPair creates certificates and key for a kubernetes cluster. If no CA cert/key is provided, it creates self-signed ones.

func NewUserPair ¶

func NewUserPair(userName string, userGroups []string, caEncoded *PairPEM) (*PairPEM, error)

NewUserPair creates certificates for a kubernetes user.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL