ktls

package module

v0.1.4 Latest Latest Go to latest Published: Oct 5, 2020 License: Apache-2.0 Imports: 21 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/soluble-ai/go-ktls

Links

Open Source Insights

README ¶

go-ktls

A small library that manages a TLS secret in Kubernetes.

Documentation ¶

Index ¶

func GetDefaultKubeClient() (kubernetes.Interface, error)
func GetDefaultRESTConfig() (*rest.Config, error)
type CertificateKeyPair
- func GenerateCert(name string, dnsNames []string, parent *CertificateKeyPair, ...) (*CertificateKeyPair, error)
type TLSSecret

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GetDefaultKubeClient ¶ added in v0.1.2

func GetDefaultKubeClient() (kubernetes.Interface, error)

func GetDefaultRESTConfig ¶ added in v0.1.4

func GetDefaultRESTConfig() (*rest.Config, error)

Types ¶

type CertificateKeyPair ¶

type CertificateKeyPair struct {
	CertPem []byte
	KeyPem  []byte
	// contains filtered or unexported fields
}

func GenerateCert ¶

func GenerateCert(name string, dnsNames []string, parent *CertificateKeyPair, duration time.Duration) (*CertificateKeyPair, error)

func (*CertificateKeyPair) CopyFrom ¶

func (ckp *CertificateKeyPair) CopyFrom(c *CertificateKeyPair)

func (*CertificateKeyPair) GetCACertPem ¶

func (ckp *CertificateKeyPair) GetCACertPem() []byte

func (*CertificateKeyPair) GetParsedCertificate ¶

func (ckp *CertificateKeyPair) GetParsedCertificate() (*x509.Certificate, error)

func (*CertificateKeyPair) GetTLSCertificateChain ¶

func (ckp *CertificateKeyPair) GetTLSCertificateChain() *tls.Certificate

func (*CertificateKeyPair) IsValid ¶

func (ckp *CertificateKeyPair) IsValid(d time.Duration) bool

type TLSSecret ¶

type TLSSecret struct {
	// Explicitly provide a KubeClient to lookup a TLS secret and possibly generate
	// a certificate on-the-fly.  If unset TLSSecret will try and get one
	// for you.
	ExplicitKubeClient kubernetes.Interface
	// The namespace for the certificate
	Namespace string
	// The name of the secret
	Name string
	// The name of the CA secret, defaults to Name-ca
	CAName string
	// If non-empty, persist an opaque secret with the public
	// CA certificate.  This duplicates the CAName secret but
	// is missing the "tls.key" entry.
	CAPublicName string
	// The duration of the CA certifcate, defaults to 10 years
	CADuration time.Duration
	// The duration of the TLS certificate, defaults to 8 hours
	Duration time.Duration
	// The DNSNames of the certificate.  If unset, then DNSNames will be Name,
	// Name.Namespace.svc, and Name.Namespace.svc.cluster.local (these values)
	// are appropriate for a service with the name "Name".
	DNSNames []string
	// Enable background refresh
	EnableBackgroundRefresh bool
	// The field manager for update and create operations
	FieldManager string
	// The cluster domain name.  If unset, then "cluster.local"
	ClusterDomainName string

	// Custom log output
	Log func(string, ...interface{})
	// contains filtered or unexported fields
}

TLSSecret retrieves a TLS certificate from a kubernetes secret. If the secret doesn't exist, it will generate it.

func (*TLSSecret) Create ¶ added in v0.1.2

func (t *TLSSecret) Create() error

func (*TLSSecret) Delete ¶ added in v0.1.2

func (t *TLSSecret) Delete() error

func (*TLSSecret) GetCertificateKeyPair ¶

func (t *TLSSecret) GetCertificateKeyPair() (*CertificateKeyPair, error)

func (*TLSSecret) GetTLSConfig ¶

func (t *TLSSecret) GetTLSConfig() (*tls.Config, error)

func (*TLSSecret) MustGetTLSConfig ¶

func (t *TLSSecret) MustGetTLSConfig() *tls.Config

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
cmd
ktls command

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL