Documentation ¶
Overview ¶
Package pki contains helper functions for quickly bootstrapping X509 PKIs
Index ¶
- type CertManager
- func (manager *CertManager) NewCert(name string, x509Name pkix.Name, serial int64, isServer bool, isClient bool, ...) (*RSACertificate, error)
- func (manager *CertManager) NewSelfSignedCACert(name string, x509Name pkix.Name, serial int64) (*RSACertificate, error)
- func (manager *CertManager) NewSelfSignedCert(name string, x509Name pkix.Name, serial int64) (*RSACertificate, error)
- func (manager *CertManager) UutMode()
- type MicrokubeCredentials
- type RSACertificate
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CertManager ¶
type CertManager struct {
// contains filtered or unexported fields
}
CertManager manages a x509 PKI with RSA certificates
func NewManager ¶
func NewManager(workdir string) *CertManager
NewManager creates a CertManager that stores certificates in 'workdir'
func (*CertManager) NewCert ¶
func (manager *CertManager) NewCert(name string, x509Name pkix.Name, serial int64, isServer bool, isClient bool, sans []string, ca *RSACertificate) (*RSACertificate, error)
NewCert creates a new certificate signed by 'ca'
func (*CertManager) NewSelfSignedCACert ¶
func (manager *CertManager) NewSelfSignedCACert(name string, x509Name pkix.Name, serial int64) (*RSACertificate, error)
NewSelfSignedCACert creates a new self-signed CA certificate
func (*CertManager) NewSelfSignedCert ¶
func (manager *CertManager) NewSelfSignedCert(name string, x509Name pkix.Name, serial int64) (*RSACertificate, error)
NewSelfSignedCert creates a new self-signed certificate
func (*CertManager) UutMode ¶
func (manager *CertManager) UutMode()
UutMode makes the CertManager use WEAK RANDOM NUMBERS and SHORT KEYS This is so that unittests work in low-entropy environments. Do not use outside of unit tests!
type MicrokubeCredentials ¶
type MicrokubeCredentials struct { // CA certificate for etcd EtcdCA *RSACertificate // Client certificate for etcd EtcdClient *RSACertificate // Server certificate for etcd EtcdServer *RSACertificate // CA certificate for kubernetes KubeCA *RSACertificate // Client certificate for kubernetes KubeClient *RSACertificate // Server certificate for kubernetes KubeServer *RSACertificate // CA certificate for kubernetes in-cluster CA KubeClusterCA *RSACertificate // Signing certificate for kubernetes service account tokens KubeSvcSignCert *RSACertificate // Path to kubernetes client config file Kubeconfig string // contains filtered or unexported fields }
MicrokubeCredentials manages all credentials needed for the different components of Microkube using PKI
func (*MicrokubeCredentials) CreateOrLoadCertificates ¶
func (m *MicrokubeCredentials) CreateOrLoadCertificates(baseDir string, bindAddr, serviceAddr net.IP) error
CreateOrLoadCertificates creates certificates if they don't already exist or loads them if they do exist
type RSACertificate ¶
type RSACertificate struct { // CertPath contains the full path to a PEM-encoded representation of this certificate CertPath string // CertPath contains the full path to a PEM-encoded representation of this certificate's private key KeyPath string // contains filtered or unexported fields }
RSACertificate holds information about an X509 certificate