pki

package

v0.1.1 Latest Latest Go to latest Published: Nov 27, 2018 License: Apache-2.0 Imports: 14 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/uubk/microkube

Links

Open Source Insights

Documentation ¶

Overview ¶

Package pki contains helper functions for quickly bootstrapping X509 PKIs

Index ¶

type CertManager
- func NewManager(workdir string) *CertManager
type MicrokubeCredentials
- func (m *MicrokubeCredentials) CreateOrLoadCertificates(baseDir string, bindAddr, serviceAddr net.IP) error
type RSACertificate

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type CertManager ¶

type CertManager struct {
	// contains filtered or unexported fields
}

CertManager manages a x509 PKI with RSA certificates

func NewManager ¶

func NewManager(workdir string) *CertManager

NewManager creates a CertManager that stores certificates in 'workdir'

func (*CertManager) NewCert ¶

func (manager *CertManager) NewCert(name string, x509Name pkix.Name, serial int64, isServer bool, isClient bool, sans []string, ca *RSACertificate) (*RSACertificate, error)

NewCert creates a new certificate signed by 'ca'

func (*CertManager) NewSelfSignedCACert ¶

func (manager *CertManager) NewSelfSignedCACert(name string, x509Name pkix.Name, serial int64) (*RSACertificate, error)

NewSelfSignedCACert creates a new self-signed CA certificate

func (*CertManager) NewSelfSignedCert ¶

func (manager *CertManager) NewSelfSignedCert(name string, x509Name pkix.Name, serial int64) (*RSACertificate, error)

NewSelfSignedCert creates a new self-signed certificate

func (*CertManager) UutMode ¶

func (manager *CertManager) UutMode()

UutMode makes the CertManager use WEAK RANDOM NUMBERS and SHORT KEYS This is so that unittests work in low-entropy environments. Do not use outside of unit tests!

type MicrokubeCredentials ¶

type MicrokubeCredentials struct {
	// CA certificate for etcd
	EtcdCA *RSACertificate
	// Client certificate for etcd
	EtcdClient *RSACertificate
	// Server certificate for etcd
	EtcdServer *RSACertificate
	// CA certificate for kubernetes
	KubeCA *RSACertificate
	// Client certificate for kubernetes
	KubeClient *RSACertificate
	// Server certificate for kubernetes
	KubeServer *RSACertificate
	// CA certificate for kubernetes in-cluster CA
	KubeClusterCA *RSACertificate
	// Signing certificate for kubernetes service account tokens
	KubeSvcSignCert *RSACertificate

	// Path to kubernetes client config file
	Kubeconfig string
	// contains filtered or unexported fields
}

MicrokubeCredentials manages all credentials needed for the different components of Microkube using PKI

func (*MicrokubeCredentials) CreateOrLoadCertificates ¶

func (m *MicrokubeCredentials) CreateOrLoadCertificates(baseDir string, bindAddr, serviceAddr net.IP) error

CreateOrLoadCertificates creates certificates if they don't already exist or loads them if they do exist

type RSACertificate ¶

type RSACertificate struct {

	// CertPath contains the full path to a PEM-encoded representation of this certificate
	CertPath string
	// CertPath contains the full path to a PEM-encoded representation of this certificate's private key
	KeyPath string
	// contains filtered or unexported fields
}

RSACertificate holds information about an X509 certificate

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL