certs: github.com/giantswarm/certs Index | Files | Directories

package certs

import "github.com/giantswarm/certs"

Index

Package Files

error.go files.go k8s.go searcher.go spec.go types.go

Constants

const (
    // DefaultWatchTimeout is the time to wait on watches against the Kubernetes
    // API before giving up and throwing an error.
    DefaultWatchTimeout = 90 * time.Second
)
const (
    SecretNamespace = "default"
)

These constants are used when filtering the secrets, to only retrieve the ones we are interested in.

Variables

var AllCerts = []Cert{
    APICert,
    AppOperatorAPICert,
    CalicoEtcdClientCert,
    ClusterOperatorAPICert,
    EtcdCert,
    FlanneldEtcdClientCert,
    InternalAPICert,
    NodeOperatorCert,
    PrometheusCert,
    ServiceAccountCert,
    WorkerCert,
}

AllCerts lists all certificates that can be created by cert-operator.

func IsInvalidConfig Uses

func IsInvalidConfig(err error) bool

func IsInvalidSecret Uses

func IsInvalidSecret(err error) bool

func IsTimeout Uses

func IsTimeout(err error) bool

func IsWrongType Uses

func IsWrongType(err error) bool

func K8sLabels Uses

func K8sLabels(clusterID string, certificate Cert) map[string]string

K8sLabels returns labels for the Kubernetes object for the certificate name and the guest cluster ID.

func K8sName Uses

func K8sName(clusterID string, certificate Cert) string

K8sName returns Kubernetes object name for the certificate name and the guest cluster ID.

type AppOperator Uses

type AppOperator struct {
    APIServer TLS
}

type Cert Uses

type Cert string

Cert is a certificate name.

const (
    APICert                Cert = "api"
    AppOperatorAPICert     Cert = "app-operator-api"
    CalicoEtcdClientCert   Cert = "calico-etcd-client"
    ClusterOperatorAPICert Cert = "cluster-operator-api"
    EtcdCert               Cert = "etcd"
    FlanneldEtcdClientCert Cert = "flanneld-etcd-client"
    InternalAPICert        Cert = "internal-api"
    NodeOperatorCert       Cert = "node-operator"
    PrometheusCert         Cert = "prometheus"
    ServiceAccountCert     Cert = "service-account"
    WorkerCert             Cert = "worker"
)

These constants used as Cert parsing a secret received from the API.

func (Cert) String Uses

func (c Cert) String() string

type Cluster Uses

type Cluster struct {
    APIServer        TLS
    CalicoEtcdClient TLS
    EtcdServer       TLS
    ServiceAccount   TLS
    Worker           TLS
}

type ClusterOperator Uses

type ClusterOperator struct {
    APIServer TLS
}

type Config Uses

type Config struct {
    K8sClient kubernetes.Interface
    Logger    micrologger.Logger

    WatchTimeout time.Duration
}

type Draining Uses

type Draining struct {
    NodeOperator TLS
}

type File Uses

type File struct {
    AbsolutePath string
    Data         []byte
}

type Files Uses

type Files []File

func NewFilesCluster Uses

func NewFilesCluster(cluster Cluster) Files

func NewFilesClusterMaster Uses

func NewFilesClusterMaster(cluster Cluster) Files

func NewFilesClusterWorker Uses

func NewFilesClusterWorker(cluster Cluster) Files

type Interface Uses

type Interface interface {
    // SearchAppOperator searches for secrets containing TLS certs
    // for managed catalogue service.
    SearchAppOperator(clusterID string) (AppOperator, error)
    // SearchCluster searches for secrets containing TLS certs for guest
    // clusters components.
    SearchCluster(clusterID string) (Cluster, error)
    // SearchClusterOperator searches for secrets containing TLS certs for
    // connecting to guest clusters.
    SearchClusterOperator(clusterID string) (ClusterOperator, error)
    // SearchDraining searches for secrets containing TLS certs for
    // draining nodes in guest clusters.
    SearchDraining(clusterID string) (Draining, error)
    // SearchMonitoring searches for secrets containing TLS certs for
    // monitoring guest clusters.
    SearchMonitoring(clusterID string) (Monitoring, error)
    // SearchTLS provides a dedicated way to lookup a single TLS asset for one
    // specific purpose. This might be used for e.g. granting guest cluster
    // access within operators.
    SearchTLS(clusterID string, cert Cert) (TLS, error)
}

type Monitoring Uses

type Monitoring struct {
    KubeStateMetrics TLS
    Prometheus       TLS
}

type Searcher Uses

type Searcher struct {
    // contains filtered or unexported fields
}

func NewSearcher Uses

func NewSearcher(config Config) (*Searcher, error)

func (*Searcher) SearchAppOperator Uses

func (s *Searcher) SearchAppOperator(clusterID string) (AppOperator, error)

func (*Searcher) SearchCluster Uses

func (s *Searcher) SearchCluster(clusterID string) (Cluster, error)

func (*Searcher) SearchClusterOperator Uses

func (s *Searcher) SearchClusterOperator(clusterID string) (ClusterOperator, error)

func (*Searcher) SearchDraining Uses

func (s *Searcher) SearchDraining(clusterID string) (Draining, error)

func (*Searcher) SearchMonitoring Uses

func (s *Searcher) SearchMonitoring(clusterID string) (Monitoring, error)

func (*Searcher) SearchTLS Uses

func (s *Searcher) SearchTLS(clusterID string, cert Cert) (TLS, error)

type TLS Uses

type TLS struct {
    CA, Crt, Key []byte
}

Directories

PathSynopsis
certstest

Package certs imports 11 packages (graph) and is imported by 85 packages. Updated 2019-12-07. Refresh now. Tools for package owners.