kubernetes: k8s.io/kubernetes/pkg/controller/certificates/authority Index | Files

package authority

import "k8s.io/kubernetes/pkg/controller/certificates/authority"


Package Files

authority.go policies.go

type CertificateAuthority Uses

type CertificateAuthority struct {
    // RawCert is an optional field to determine if signing cert/key pairs have changed
    RawCert []byte
    // RawKey is an optional field to determine if signing cert/key pairs have changed
    RawKey []byte

    Certificate *x509.Certificate
    PrivateKey  crypto.Signer
    Backdate    time.Duration
    Now         func() time.Time

CertificateAuthority implements a certificate authority that supports policy based signing. It's used by the signing controller.

func (*CertificateAuthority) Sign Uses

func (ca *CertificateAuthority) Sign(crDER []byte, policy SigningPolicy) ([]byte, error)

Sign signs a certificate request, applying a SigningPolicy and returns a DER encoded x509 certificate.

type PermissiveSigningPolicy Uses

type PermissiveSigningPolicy struct {
    // TTL is the certificate TTL. It's used to calculate the NotAfter value of
    // the certificate.
    TTL time.Duration
    // Usages are the allowed usages of a certificate.
    Usages []capi.KeyUsage

PermissiveSigningPolicy is the signing policy historically used by the local signer.

* It forwards all SANs from the original signing request.
* It sets allowed usages as configured in the policy.
* It sets NotAfter based on the TTL configured in the policy.
* It zeros all extensions.
* It sets BasicConstraints to true.
* It sets IsCA to false.

type SigningPolicy Uses

type SigningPolicy interface {
    // contains filtered or unexported methods

SigningPolicy validates a CertificateRequest before it's signed by the CertificateAuthority. It may default or otherwise mutate a certificate template.

Package authority imports 8 packages (graph) and is imported by 5 packages. Updated 2020-07-07. Refresh now. Tools for package owners.