appendSANsToAltNames parses SANs from as list of strings and adds them to altNames for use on a specific cert altNames is passed in with a pointer, and the struct is modified valid IP address strings are parsed and added to altNames.IPs as net.IP's RFC-1123 compliant DNS strings are added to altNames.DNSNames as strings RFC-1123 compliant wildcard DNS strings are added to altNames.DNSNames as strings certNames is used to print user facing warnings and should be the name of the cert the altNames will be used for.

CertificateRequestFromFile returns the CertificateRequest from a given PEM-encoded file.

CertOrKeyExist returns a boolean whether the cert or the key exists.

CreateBasic creates a basic, general KubeConfig object that then can be extended.

CreateWithCerts creates a KubeConfig object with access to the API server with client certificates.

CSROrKeyExist returns true if one of the CSR or key exists.

EncodeCertBundlePEM returns PEM-endcoded certificate bundle.

EncodeCertPEM returns PEM-endcoded certificate data.

EncodeCSRPEM returns PEM-encoded CSR data.

EncodePublicKeyPEM returns PEM-encoded public data.

HasServerAuth returns true if the given certificate is a ServerAuth.

LoadTLSCertificate 从 certStr、keyStr 获取 tls.Certificate 信息，用于 HTTPs 请求.

NewCertAndKey creates new certificate and key by passing the certificate authority certificate and key.

NewCertificateAuthority creates new certificate and private key for the certificate authority.

NewCSR creates a new CSR.

NewCSRAndKey generates a new key and CSR and that could be signed to create the given certificate.

NewIntermediateCertificateAuthority creates new certificate and private key for an intermediate certificate authority.

NewSignedCert creates a signed certificate using the given CA certificate and key.

PathsForCertAndKey returns the paths for the certificate and key given the path and basename.

RemoveDuplicateAltNames removes duplicate items in altNames.

TryLoadCertAndKeyFromDisk tries to load a cert and a key from the disk and validates that they are valid.

TryLoadCertChainFromDisk tries to load the cert chain from the disk.

TryLoadCertFromDisk tries to load the cert from the disk.

TryLoadKeyFromString load Cert from string.

TryLoadCSRAndKeyFromDisk tries to load the CSR and key from the disk.

TryLoadCSRFromDisk tries to load the CSR from the disk.

TryLoadKeyFromDisk tries to load the key from the disk and validates that it is valid.

TryLoadKeyFromString load key from string.

TryLoadPrivatePublicKeyFromDisk tries to load the key from the disk and validates that it is valid.

ValidateCertPeriod checks if the certificate is valid relative to the current time (+/- offset).

VerifyCertChain verifies that a certificate has a valid chain of intermediate CAs back to the root CA.

WriteCert stores the given certificate at the given location.

WriteCertAndKey stores certificate and key at the specified location.

WriteCertBundle stores the given certificate bundle at the given location.

WriteCSR writes the pem-encoded CSR data to csrPath.

WriteKey stores the given key at the given location.

WritePublicKey stores the given public key at the given location.

AdminKubeConfigFileName defines name for the kubeconfig aimed to be used by the superuser/admin of the cluster.

CertificateBlockType is a possible value for pem.Block.Type.

ControllerManagerKubeConfigFileName defines the file name for the controller manager's kubeconfig file.

ControllerManagerUser defines the well-known user the controller-manager should be authenticated as.

KubeletKubeConfigFileName defines the file name for the kubeconfig that the control-plane kubelet will use for talking to the API server.

NodesClusterRoleBinding defines the well-known ClusterRoleBinding which binds the too permissive system:node ClusterRole to the system:nodes group.

NodesGroup defines the well-known group for all nodes.

NodesUserPrefix defines the user name prefix as requested by the Node authorizer.

PrivateKeyBlockType is a possible value for pem.Block.Type.

PublicKeyBlockType is a possible value for pem.Block.Type.

RSAPrivateKeyBlockType is a possible value for pem.Block.Type.

SchedulerKubeConfigFileName defines the file name for the scheduler's kubeconfig file.

SchedulerUser defines the well-known user the scheduler should be authenticated as.

SystemPrivilegedGroup defines the well-known group for the apiservers.

NewPrivateKey returns a new private key.

CertConfig is a wrapper around certutil.Config extending it with PublicKeyAlgorithm.