cert

package
v3.3.8 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 6, 2020 License: Apache-2.0 Imports: 25 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// PrivateKeyBlockType is a possible value for pem.Block.Type.
	PrivateKeyBlockType = "PRIVATE KEY"
	// PublicKeyBlockType is a possible value for pem.Block.Type.
	PublicKeyBlockType = "PUBLIC KEY"
	// CertificateBlockType is a possible value for pem.Block.Type.
	CertificateBlockType = "CERTIFICATE"
	// RSAPrivateKeyBlockType is a possible value for pem.Block.Type.
	RSAPrivateKeyBlockType = "RSA PRIVATE KEY"
)
View Source 
const (
	APIserverCert = iota
	APIserverKubeletClientCert
	FrontProxyClientCert
	APIserverEtcdClientCert
	EtcdServerCert
	EtcdPeerCert
	EtcdHealthcheckClientCert
)

Variables

View Source 
var (
	SealosConfigDir     = "/root/.sealos"
	KubernetesDir       = "/etc/kubernetes"
	KubeDefaultCertPath = "/etc/kubernetes/pki"
)

Functions

func CertCMD 

func CertCMD(altNames []string, hostIP, hostName, serviceCIRD, DNSDomain string) string

return sealos cert command

func CreateBasic 

func CreateBasic(serverURL, clusterName, userName string, caCert []byte) *clientcmdapi.Config

cmd/kubeadm/app/util/kubeconfig/kubeconfig.go CreateBasic creates a basic, general KubeConfig object that then can be extended

func CreateJoinControlPlaneKubeConfigFiles 

func CreateJoinControlPlaneKubeConfigFiles(outDir string, cfg Config, nodeName, controlPlaneEndpoint, clusterName string) error

CreateJoinControlPlaneKubeConfigFiles will create and write to disk the kubeconfig files required by kubeadm join --control-plane workflow, plus the admin kubeconfig file used by the administrator and kubeadm itself; the kubelet.conf file must not be created because it will be created and signed by the kubelet TLS bootstrap process. If any kubeconfig files already exists, it used only if evaluated equal; otherwise an error is returned.

func CreateKubeConfigFile 

func CreateKubeConfigFile(kubeConfigFileName string, outDir string, cfg Config, nodeName, controlPlaneEndpoint, clusterName string) error

方法没有被 ↑ 的方法调用,而是在cmd/kubeadm/app/cmd/phases/init/kubeconfig.go里调用 cmd/kubeadm/app/phases/kubeconfig/kubeconfig.go

func CreateWithCerts 

func CreateWithCerts(serverURL, clusterName, userName string, caCert []byte, clientKey []byte, clientCert []byte) *clientcmdapi.Config

cmd/kubeadm/app/util/kubeconfig/kubeconfig.go CreateWithCerts creates a KubeConfig object with access to the API server with client certificates

func CreateWithToken 

func CreateWithToken(serverURL, clusterName, userName string, caCert []byte, token string) *clientcmdapi.Config

cmd/kubeadm/app/util/kubeconfig/kubeconfig.go CreateWithToken creates a KubeConfig object with access to the API server with a token

func EncodeCertPEM 

func EncodeCertPEM(cert *x509.Certificate) []byte

EncodeCertPEM returns PEM-endcoded certificate data

func EncodePublicKeyPEM 

func EncodePublicKeyPEM(key crypto.PublicKey) ([]byte, error)

EncodePublicKeyPEM returns PEM-encoded public data

func GenerateCert 

func GenerateCert(certPATH, certEtcdPATH string, altNames []string, hostIP, hostName, serviceCIRD, DNSDomian string)

func LoadCaCertAndKeyFromDisk 

func LoadCaCertAndKeyFromDisk(cfg Config) (*x509.Certificate, crypto.Signer, error)

func NewCaCertAndKey 

func NewCaCertAndKey(cfg Config) (*x509.Certificate, crypto.Signer, error)

Create as ca

func NewCaCertAndKeyFromRoot 

func NewCaCertAndKeyFromRoot(cfg Config, caCert *x509.Certificate, caKey crypto.Signer) (*x509.Certificate, crypto.Signer, error)

cmd/kubeadm/app/util/pkiutil/pki_helpers.go NewCertAndKey

func NewPrivateKey 

func NewPrivateKey(keyType x509.PublicKeyAlgorithm) (crypto.Signer, error)

NewPrivateKey creates an RSA private key

func NewSelfSignedCACert 

func NewSelfSignedCACert(key crypto.Signer, commonName string, organization []string, year time.Duration) (*x509.Certificate, error)

NewSelfSignedCACert creates a CA certificate

func NewSignedCert 

func NewSignedCert(cfg Config, key crypto.Signer, caCert *x509.Certificate, caKey crypto.Signer) (*x509.Certificate, error)

NewSignedCert creates a signed certificate using the given CA certificate and key

func TryLoadKeyFromDisk 

func TryLoadKeyFromDisk(pkiPath string) (crypto.Signer, error)

TryLoadKeyFromDisk tries to load the key from the disk and validates that it is valid

func ValidateKubeconfigsForExternalCA 

func ValidateKubeconfigsForExternalCA(outDir string, cfg Config, controlPlaneEndpoint string) error

ValidateKubeconfigsForExternalCA check if the kubeconfig file exist and has the expected CA and server URL using kubeadmapi.InitConfiguration.

func WriteCert 

func WriteCert(pkiPath, name string, cert *x509.Certificate) error

WriteCert stores the given certificate at the given location

func WriteCertAndKey 

func WriteCertAndKey(pkiPath string, name string, cert *x509.Certificate, key crypto.Signer) error

WriteTofile WriteCertAndKey stores certificate and key at the specified location

func WriteKey 

func WriteKey(pkiPath, name string, key crypto.Signer) error

WriteKey stores the given key at the given location

func WriteKubeConfigWithClientCert 

func WriteKubeConfigWithClientCert(out io.Writer, cfg Config, clientName, controlPlaneEndpoint, clusterName string, organizations []string) error

WriteKubeConfigWithClientCert writes a kubeconfig file - with a client certificate as authentication info - to the given writer.

func WriteKubeConfigWithToken 

func WriteKubeConfigWithToken(out io.Writer, cfg Config, clientName, controlPlaneEndpoint, clusterName, token string) error

WriteKubeConfigWithToken writes a kubeconfig file - with a token as client authentication info - to the given writer.

func WritePublicKey 

func WritePublicKey(pkiPath, name string, key crypto.PublicKey) error

WritePublicKey stores the given public key at the given location

func WriteToDisk 

func WriteToDisk(filename string, kubeconfig *clientcmdapi.Config) error

WriteToDisk writes a KubeConfig object down to disk with mode 0600

Types

type AltNames 

type AltNames struct {
	DNSNames map[string]string
	IPs      map[string]net.IP
}

AltNames contains the domain names and IP addresses that will be added to the API Server's x509 certificate SubAltNames field. The values will be passed directly to the x509.Certificate object.

type Config 

type Config struct {
	Path         string // Writeto Dir
	DefaultPath  string // Kubernetes default Dir
	BaseName     string // Writeto file name
	CAName       string // root ca map key
	CommonName   string
	Organization []string
	Year         time.Duration
	AltNames     AltNames
	Usages       []x509.ExtKeyUsage
}

Config contains the basic fields required for creating a certificate

func CaList 

func CaList(CertPath, CertEtcdPath string) []Config

func CertList 

func CertList(CertPath, CertEtcdPath string) []Config

type SealosCertMetaData 

type SealosCertMetaData struct {
	APIServer AltNames
	NodeName  string
	NodeIP    string
	DNSDomain string
	//证书生成的位置
	CertPath     string
	CertEtcdPath string
}

证书中需要用到的一些信息,传入的参数得提前验证

func NewSealosCertMetaData 

func NewSealosCertMetaData(certPATH, certEtcdPATH string, apiServerIPAndDomains []string, SvcCIDR, nodeName, nodeIP, DNSDomain string) (*SealosCertMetaData, error)

apiServerIPAndDomains = MasterIP + VIP + CertSANS 暂时只有apiserver, 记得把cluster.local后缀加到apiServerIPAndDOmas里先

func (*SealosCertMetaData) GenerateAll 

func (meta *SealosCertMetaData) GenerateAll() error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.