certinit

package

v0.4.0 Latest Latest Go to latest Published: Nov 20, 2023 License: Apache-2.0 Imports: 20 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/effective-security/kubeca

Links

Open Source Insights

Documentation ¶

Index ¶

type CertClient
- func NewClient(kubeconfig, namespace string) (*CertClient, error)
type MinCertificates
type MinPods
type MinServices
type Request
- func (r *Request) Create(ctx context.Context, client *CertClient) error

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type CertClient ¶

type CertClient struct {
	Pods         MinPods
	Services     MinServices
	Certificates MinCertificates
}

CertClient provides minimum interfaces to create a CSR

func NewClient ¶

func NewClient(kubeconfig, namespace string) (*CertClient, error)

NewClient returns new client

type MinCertificates ¶

type MinCertificates interface {
	Create(ctx context.Context, certificateSigningRequest *capi.CertificateSigningRequest, opts metaV1.CreateOptions) (*capi.CertificateSigningRequest, error)
	Get(ctx context.Context, name string, opts metaV1.GetOptions) (*capi.CertificateSigningRequest, error)
}

MinCertificates is minimum Certificates interface

type MinPods ¶

type MinPods interface {
	Get(ctx context.Context, name string, opts metaV1.GetOptions) (*v1.Pod, error)
}

MinPods is minimum Pods interface

type MinServices ¶

type MinServices interface {
	List(ctx context.Context, opts metaV1.ListOptions) (*v1.ServiceList, error)
}

MinServices is minimum Services interface

type Request ¶

type Request struct {
	// Namespace as defined by pod.metadata.namespace
	Namespace string
	// PodName name as defined by pod.metadata.name
	PodName string
	// CertDir is directory where the TLS certs should be written
	CertDir string
	// ClusterDomain specifies kubernetes cluster domain
	ClusterDomain string
	// Labels to include in CertificateSigningRequest object; comma separated list of key=value
	Labels string
	// QueryK8s specifies to query kubernetes for names appropriate to this Pod
	QueryK8s bool
	// SAN is additional comma separated DNS, IP, URI or Emails to include in SAN
	SAN string
	// ServiceNames specifies additional service names that resolve to this Pod; comma separated
	ServiceNames string
	// IncludeUnqualified specifies to include unqualified .svc domains in names from --query-k8s
	IncludeUnqualified bool
	// SignerName specifies the signer name
	SignerName string
	// contains filtered or unexported fields
}

Request parameters

func (*Request) Create ¶

func (r *Request) Create(ctx context.Context, client *CertClient) error

Create certificate request and wait for issuance

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL