Documentation ¶
Index ¶
- Constants
- func BuildKubeConfigFromSpec(spec *KubeConfigSpec, clustername string) (*clientcmdapi.Config, error)
- func CreateBasic(serverURL, clusterName, userName string, caCert []byte) *clientcmdapi.Config
- func CreateWithCerts(serverURL, clusterName, userName string, caCert []byte, clientKey []byte, ...) *clientcmdapi.Config
- func EncodeCertPEM(cert *x509.Certificate) []byte
- func EncodePublicKeyPEM(key crypto.PublicKey) ([]byte, error)
- func GenerateCACertificateAndWriteToFile(caCert, caKey string) error
- func LoadCaAuthorityCertAndKey(caCert, caKey string) (*x509.Certificate, crypto.Signer, error)
- func NewCertAndKey(caCert *x509.Certificate, caKey crypto.Signer, config *certutil.Config) (*x509.Certificate, crypto.Signer, error)
- func NewCertificateAuthority(config *certutil.Config) (*x509.Certificate, crypto.Signer, error)
- func NewPrivateKey() (crypto.Signer, error)
- func NewSignedCert(cfg *certutil.Config, key crypto.Signer, caCert *x509.Certificate, ...) (*x509.Certificate, error)
- type CertificateIssuer
- type KubeConfigSpec
Constants ¶
View Source
const ( // ECPrivateKeyBlockType is a possible value for pem.Block.Type. ECPrivateKeyBlockType = "EC PRIVATE KEY" // PrivateKeyBlockType is a possible value for pem.Block.Type. PrivateKeyBlockType = "PRIVATE KEY" // PublicKeyBlockType is a possible value for pem.Block.Type. PublicKeyBlockType = "PUBLIC KEY" // CertificateBlockType is a possible value for pem.Block.Type. CertificateBlockType = "CERTIFICATE" // RSAPrivateKeyBlockType is a possible value for pem.Block.Type. RSAPrivateKeyBlockType = "RSA PRIVATE KEY" // CertificateValidity defines the validity for all the signed certificates generated by kubeadm CertificateValidity = time.Hour * 24 * 365 * 10 )
View Source
const (
SystemPrivilegedGroup = "system:masters"
)
Variables ¶
This section is empty.
Functions ¶
func BuildKubeConfigFromSpec ¶
func BuildKubeConfigFromSpec(spec *KubeConfigSpec, clustername string) (*clientcmdapi.Config, error)
func CreateBasic ¶
func CreateBasic(serverURL, clusterName, userName string, caCert []byte) *clientcmdapi.Config
CreateBasic creates a basic, general KubeConfig object that then can be extended
func CreateWithCerts ¶
func CreateWithCerts(serverURL, clusterName, userName string, caCert []byte, clientKey []byte, clientCert []byte) *clientcmdapi.Config
CreateWithCerts creates a KubeConfig object with access to the API server with client certificates
func EncodeCertPEM ¶
func EncodeCertPEM(cert *x509.Certificate) []byte
EncodeCertPEM returns PEM-endcoded certificate data
func EncodePublicKeyPEM ¶
EncodePublicKeyPEM returns PEM-encoded public data
func NewCertAndKey ¶
func NewCertAndKey(caCert *x509.Certificate, caKey crypto.Signer, config *certutil.Config) (*x509.Certificate, crypto.Signer, error)
NewCertAndKey creates new certificate and key by passing the certificate authority certificate and key
func NewCertificateAuthority ¶
func NewPrivateKey ¶
NewPrivateKey creates an RSA private key
func NewSignedCert ¶
func NewSignedCert(cfg *certutil.Config, key crypto.Signer, caCert *x509.Certificate, caKey crypto.Signer) (*x509.Certificate, error)
NewSignedCert creates a signed certificate using the given CA certificate and key
Types ¶
type CertificateIssuer ¶
type CertificateIssuer interface { IssueCertAndKey(ip string, dnsNames ...string) ([]byte, []byte, error) IssueKubeConfig(clusterName string, apiServer string) ([]byte, error) }
func NewSimpleCertificateIssuer ¶
func NewSimpleCertificateIssuer(caCert, caKey, proxyServer string) (CertificateIssuer, error)
type KubeConfigSpec ¶
type KubeConfigSpec struct { CACert *x509.Certificate APIServer string ClientName string ClientCertAuth *clientCertAuth }
Click to show internal directories.
Click to hide internal directories.