Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func RenewAndMutateExistingEtcdServerCert

func RenewAndMutateExistingEtcdServerCert(certsDir, baseName string, advertiseAddress net.IP, impl Interface) error

RenewAndMutateExistingEtcdServerCert loads a certificate file, uses the renew interface to renew it, and saves the resulting certificate and key over the old one. This method differs from usual RenewExistingCert because it checks if the etcd server certificate includes the advertiseAddress in the SANS list; if not, the certificate is mutated in order to include it. N.B. this code is necessary only in v1.14; starting from v1.15 all the etcd manifests should have 2 endpoints

func RenewExistingCert

func RenewExistingCert(certsDir, baseName string, impl Interface) error

RenewExistingCert loads a certificate file, uses the renew interface to renew it, and saves the resulting certificate and key over the old one.

Types

type CertsAPIRenewal

type CertsAPIRenewal struct {
	// contains filtered or unexported fields
}

CertsAPIRenewal creates new certificates using the certs API

func (*CertsAPIRenewal) Renew

Renew takes a certificate using the cert and key.

type FileRenewal

type FileRenewal struct {
	// contains filtered or unexported fields
}

FileRenewal renews a certificate using local certs

func (*FileRenewal) Renew

Renew takes a certificate using the cert and key

type Interface

type Interface interface {
	Renew(*certutil.Config) (*x509.Certificate, *rsa.PrivateKey, error)
}

Interface represents a standard way to renew a certificate.

func NewCertsAPIRenawal

func NewCertsAPIRenawal(client kubernetes.Interface) Interface

NewCertsAPIRenawal takes a Kubernetes interface and returns a renewal Interface.

func NewFileRenewal

func NewFileRenewal(caCert *x509.Certificate, caKey *rsa.PrivateKey) Interface

NewFileRenewal takes a certificate pair to construct the Interface.