Documentation
¶
Index ¶
- Constants
- func CertFromFilePair(certFile, keyFile string) (*tls.Certificate, error)
- func CertPoolFromFile(filename string) (*x509.CertPool, error)
- func ClientConfig(opts Options) (cfg *tls.Config, err error)
- func NewClientTLS(certFile, keyFile, caFile string) (*tls.Config, error)
- func ServerConfig(opts Options) (cfg *tls.Config, err error)
- type Options
- type TLSBytes
- func KubeTLSClientConfigFromSecret(secret corev1.Secret, url string) (*tls.Config, *TLSBytes, error)
- func LegacyTLSClientConfigFromSecret(secret corev1.Secret, url string) (*tls.Config, *TLSBytes, error)
- func TLSClientConfigFromSecret(secret corev1.Secret, url string) (*tls.Config, *TLSBytes, error)
Constants ¶
const CACrtKey = "ca.crt"
Variables ¶
This section is empty.
Functions ¶
func CertFromFilePair ¶
func CertFromFilePair(certFile, keyFile string) (*tls.Certificate, error)
CertFromFilePair returns an tls.Certificate containing the certificates public/private key pair from a pair of given PEM-encoded files. Returns an error if the file could not be read, a certificate could not be parsed, or if the file does not contain any certificates
func CertPoolFromFile ¶
CertPoolFromFile returns an x509.CertPool containing the certificates in the given PEM-encoded file. Returns an error if the file could not be read, a certificate could not be parsed, or if the file does not contain any certificates
func ClientConfig ¶
ClientConfig retusn a TLS configuration for use by a Helm client.
func NewClientTLS ¶
NewClientTLS returns tls.Config appropriate for client auth.
Types ¶
type Options ¶
type Options struct {
CaCertFile string
// If either the KeyFile or CertFile is empty, ClientConfig() will not load them,
// preventing Helm from authenticating to Tiller. They are required to be non-empty
// when calling ServerConfig, otherwise an error is returned.
KeyFile string
CertFile string
// Client-only options
InsecureSkipVerify bool
// Server-only options
ClientAuth tls.ClientAuthType
}
Options represents configurable options used to create client and server TLS configurations.
type TLSBytes ¶ added in v0.29.8
type TLSBytes struct {
// CertBytes is the bytes of the certificate file.
CertBytes []byte
// KeyBytes is the bytes of the key file.
KeyBytes []byte
// CABytes is the bytes of the CA file.
CABytes []byte
}
TLSBytes contains the bytes of the TLS files.
func KubeTLSClientConfigFromSecret ¶ added in v0.29.8
func KubeTLSClientConfigFromSecret(secret corev1.Secret, url string) (*tls.Config, *TLSBytes, error)
KubeTLSClientConfigFromSecret returns a TLS client config as a `tls.Config` object and in its bytes representation. The secret is expected to have the following keys: - tls.key, for the private key - tls.crt, for the certificate - ca.crt, for the CA certificate
Secrets with no certificate, private key, AND CA cert are ignored. If only a certificate OR private key is found, an error is returned. The Secret type can be blank, Opaque or kubernetes.io/tls.
func LegacyTLSClientConfigFromSecret ¶ added in v0.29.8
func LegacyTLSClientConfigFromSecret(secret corev1.Secret, url string) (*tls.Config, *TLSBytes, error)
LegacyTLSClientConfigFromSecret returns a TLS client config as a `tls.Config` object and in its bytes representation. The secret is expected to have the following keys: - keyFile, for the private key - certFile, for the certificate - caFile, for the CA certificate
Secrets with no certificate, private key, AND CA cert are ignored. If only a certificate OR private key is found, an error is returned.
func TLSClientConfigFromSecret ¶ added in v0.29.8
TLSClientConfigFromSecret returns a TLS client config as a `tls.Config` object and in its bytes representation. The secret is expected to have the following keys: - keyFile, for the private key - certFile, for the certificate - caFile, for the CA certificate
Secrets with no certificate, private key, AND CA cert are ignored. If only a certificate OR private key is found, an error is returned. The Secret type can be blank, Opaque or kubernetes.io/tls.
Source Files