Documentation ¶
Index ¶
- Constants
- Variables
- func CMD(altNames []string, hostIP, hostName, serviceCIRD, DNSDomain string) string
- func CreateBasic(serverURL, clusterName, userName string, caCert []byte) *clientcmdapi.Config
- func CreateJoinControlPlaneKubeConfigFiles(outDir string, cfg Config, nodeName, controlPlaneEndpoint, clusterName string) error
- func CreateKubeConfigFile(kubeConfigFileName string, outDir string, cfg Config, ...) error
- func CreateWithCerts(serverURL, clusterName, userName string, caCert []byte, clientKey []byte, ...) *clientcmdapi.Config
- func CreateWithToken(serverURL, clusterName, userName string, caCert []byte, token string) *clientcmdapi.Config
- func EncodeCertPEM(cert *x509.Certificate) []byte
- func EncodePublicKeyPEM(key crypto.PublicKey) ([]byte, error)
- func GenerateCert(certPATH, certEtcdPATH string, altNames []string, ...)
- func GetUserHomeDir() string
- func LoadCaCertAndKeyFromDisk(cfg Config) (*x509.Certificate, crypto.Signer, error)
- func NewCaCertAndKey(cfg Config) (*x509.Certificate, crypto.Signer, error)
- func NewCaCertAndKeyFromRoot(cfg Config, caCert *x509.Certificate, caKey crypto.Signer) (*x509.Certificate, crypto.Signer, error)
- func NewPrivateKey(keyType x509.PublicKeyAlgorithm) (crypto.Signer, error)
- func NewSelfSignedCACert(key crypto.Signer, commonName string, organization []string, ...) (*x509.Certificate, error)
- func NewSignedCert(cfg Config, key crypto.Signer, caCert *x509.Certificate, caKey crypto.Signer) (*x509.Certificate, error)
- func TryLoadKeyFromDisk(pkiPath string) (crypto.Signer, error)
- func WriteCert(pkiPath, name string, cert *x509.Certificate) error
- func WriteCertAndKey(pkiPath string, name string, cert *x509.Certificate, key crypto.Signer) error
- func WriteKey(pkiPath, name string, key crypto.Signer) error
- func WritePublicKey(pkiPath, name string, key crypto.PublicKey) error
- func WriteToDisk(filename string, kubeconfig *clientcmdapi.Config) error
- type AltNames
- type CertMetaData
- type Config
Constants ¶
const ( // PrivateKeyBlockType is a possible value for pem.Block.Type. PrivateKeyBlockType = "PRIVATE KEY" // PublicKeyBlockType is a possible value for pem.Block.Type. PublicKeyBlockType = "PUBLIC KEY" // CertificateBlockType is a possible value for pem.Block.Type. CertificateBlockType = "CERTIFICATE" // RSAPrivateKeyBlockType is a possible value for pem.Block.Type. RSAPrivateKeyBlockType = "RSA PRIVATE KEY" )
const ( APIserverCert = iota APIserverKubeletClientCert FrontProxyClientCert APIserverEtcdClientCert EtcdServerCert EtcdPeerCert EtcdHealthcheckClientCert )
Variables ¶
var ( ConfigDir = GetUserHomeDir() + "/.supkube" KubernetesDir = "/etc/kubernetes" KubeDefaultCertPath = "/etc/kubernetes/pki" )
Functions ¶
func CreateBasic ¶
func CreateBasic(serverURL, clusterName, userName string, caCert []byte) *clientcmdapi.Config
cmd/kubeadm/app/util/kubeconfig/kubeconfig.go CreateBasic creates a basic, general KubeConfig object that then can be extended
func CreateJoinControlPlaneKubeConfigFiles ¶
func CreateJoinControlPlaneKubeConfigFiles(outDir string, cfg Config, nodeName, controlPlaneEndpoint, clusterName string) error
CreateJoinControlPlaneKubeConfigFiles will create and write to disk the kubeconfig files required by kubeadm join --control-plane workflow, plus the admin kubeconfig file used by the administrator and kubeadm itself; the kubelet.conf file must not be created because it will be created and signed by the kubelet TLS bootstrap process. If any kubeconfig files already exists, it used only if evaluated equal; otherwise an error is returned.
func CreateKubeConfigFile ¶
func CreateKubeConfigFile(kubeConfigFileName string, outDir string, cfg Config, nodeName, controlPlaneEndpoint, clusterName string) error
方法没有被 ↑ 的方法调用,而是在cmd/kubeadm/app/cmd/phases/init/kubeconfig.go里调用 cmd/kubeadm/app/phases/kubeconfig/kubeconfig.go
func CreateWithCerts ¶
func CreateWithCerts(serverURL, clusterName, userName string, caCert []byte, clientKey []byte, clientCert []byte) *clientcmdapi.Config
cmd/kubeadm/app/util/kubeconfig/kubeconfig.go CreateWithCerts creates a KubeConfig object with access to the API server with client certificates
func CreateWithToken ¶
func CreateWithToken(serverURL, clusterName, userName string, caCert []byte, token string) *clientcmdapi.Config
cmd/kubeadm/app/util/kubeconfig/kubeconfig.go CreateWithToken creates a KubeConfig object with access to the API server with a token
func EncodeCertPEM ¶
func EncodeCertPEM(cert *x509.Certificate) []byte
EncodeCertPEM returns PEM-endcoded certificate data
func EncodePublicKeyPEM ¶
EncodePublicKeyPEM returns PEM-encoded public data
func GenerateCert ¶
func GenerateCert(certPATH, certEtcdPATH string, altNames []string, hostIP, hostName, serviceCIRD, DNSDomain string)
GenerateCert generate all cert.
func GetUserHomeDir ¶
func GetUserHomeDir() string
func LoadCaCertAndKeyFromDisk ¶
LoadCaCertAndKeyFromDisk load ca cert and key form disk.
func NewCaCertAndKey ¶
NewCaCertAndKey Create as ca.
func NewCaCertAndKeyFromRoot ¶
func NewCaCertAndKeyFromRoot(cfg Config, caCert *x509.Certificate, caKey crypto.Signer) (*x509.Certificate, crypto.Signer, error)
NewCaCertAndKeyFromRoot cmd/kubeadm/app/util/pkiutil/pki_helpers.go NewCertAndKey
func NewPrivateKey ¶
func NewPrivateKey(keyType x509.PublicKeyAlgorithm) (crypto.Signer, error)
NewPrivateKey creates an RSA private key
func NewSelfSignedCACert ¶
func NewSelfSignedCACert(key crypto.Signer, commonName string, organization []string, year time.Duration) (*x509.Certificate, error)
NewSelfSignedCACert creates a CA certificate
func NewSignedCert ¶
func NewSignedCert(cfg Config, key crypto.Signer, caCert *x509.Certificate, caKey crypto.Signer) (*x509.Certificate, error)
NewSignedCert creates a signed certificate using the given CA certificate and key
func TryLoadKeyFromDisk ¶
TryLoadKeyFromDisk tries to load the key from the disk and validates that it is valid
func WriteCert ¶
func WriteCert(pkiPath, name string, cert *x509.Certificate) error
WriteCert stores the given certificate at the given location
func WriteCertAndKey ¶
WriteTofile WriteCertAndKey stores certificate and key at the specified location
func WritePublicKey ¶
WritePublicKey stores the given public key at the given location
func WriteToDisk ¶
func WriteToDisk(filename string, kubeconfig *clientcmdapi.Config) error
WriteToDisk writes a KubeConfig object down to disk with mode 0600
Types ¶
type AltNames ¶
AltNames contains the domain names and IP addresses that will be added to the API Server's x509 certificate SubAltNames field. The values will be passed directly to the x509.Certificate object.
type CertMetaData ¶
type CertMetaData struct { APIServer AltNames NodeName string NodeIP string DNSDomain string //证书生成的位置 CertPath string CertEtcdPath string }
证书中需要用到的一些信息,传入的参数得提前验证
func NewCertMetaData ¶
func NewCertMetaData(certPATH, certEtcdPATH string, apiServerIPAndDomains []string, SvcCIDR, nodeName, nodeIP, DNSDomain string) (*CertMetaData, error)
apiServerIPAndDomains = MasterIP + VIP + CertSANS 暂时只有apiserver, 记得把cluster.local后缀加到apiServerIPAndDOmas里先
func (*CertMetaData) GenerateAll ¶
func (meta *CertMetaData) GenerateAll() error
type Config ¶
type Config struct { Path string // Writeto Dir DefaultPath string // Kubernetes default Dir BaseName string // Writeto file name CAName string // root ca map key CommonName string Organization []string Year time.Duration AltNames AltNames Usages []x509.ExtKeyUsage }
Config contains the basic fields required for creating a certificate