Documentation
¶
Index ¶
- Variables
- func BuildApiserverEndpoint(ipOrDns string, bindPort int) string
- func BuildKubeConfigByte(config *clientcmdapi.Config) ([]byte, error)
- func CreateApiserverKubeConfigFile(CAKey, CACert []byte, apiserver string, clusterName string) (map[string]*clientcmdapi.Config, error)
- func CreateCertAndKeyFilesWithCA(certSpec *KubeadmCert, ca *CaAll, cfg *kubeadmv1beta2.WarpperConfiguration, ...) error
- func CreateKubeConfigFiles(CAKey, CACert []byte, apiserver string, kubeletNodeAddr string, ...) (map[string]*clientcmdapi.Config, error)
- func CreateKubeletKubeConfigFile(CAKey, CACert []byte, apiserver string, kubeletNodeAddr string, ...) (map[string]*clientcmdapi.Config, error)
- func CreateMasterKubeConfigFile(CAKey, CACert []byte, apiserver string, clusterName string) (map[string]*clientcmdapi.Config, error)
- func CreateServiceAccountKeyAndPublicKeyFiles(certsDir string, keyType x509.PublicKeyAlgorithm, certsMaps map[string][]byte) error
- func DecodeKubeConfigByte(data []byte, config *clientcmdapi.Config) error
- func GetApiserverKubeconfigList() []string
- func GetKubeletKubeconfigList() []string
- func GetMasterKubeConfigList() []string
- func LoadCertAndKeyFromByte(CAKey, CACert []byte) (*x509.Certificate, crypto.Signer, error)
- type CaAll
- type CertificateMap
- type CertificateTree
- type Certificates
- type KubeadmCert
- func (k *KubeadmCert) CreateAsCA(ic *kubeadmv1beta2.WarpperConfiguration) (*x509.Certificate, crypto.Signer, error)
- func (k *KubeadmCert) CreateFromCA(ic *kubeadmv1beta2.WarpperConfiguration, caCert *x509.Certificate, ...) error
- func (k *KubeadmCert) GetConfig(ic *kubeadmv1beta2.WarpperConfiguration) (*pkiutil.CertConfig, error)
Constants ¶
This section is empty.
Variables ¶
View Source
var ( // KubeadmCertRootCA is the definition of the Kubernetes Root CA for the API Server and kubelet. KubeadmCertRootCA = KubeadmCert{ Name: "ca", LongName: "self-signed Kubernetes CA to provision identities for other Kubernetes components", BaseName: constants.CACertAndKeyBaseName, // contains filtered or unexported fields } // KubeadmCertAPIServer is the definition of the cert used to serve the Kubernetes API. KubeadmCertAPIServer = KubeadmCert{ Name: "apiserver", LongName: "certificate for serving the Kubernetes API", BaseName: pkiutil.APIServerCertAndKeyBaseName, CAName: "ca", // contains filtered or unexported fields } // KubeadmCertKubeletClient is the definition of the cert used by the API server to access the kubelet. KubeadmCertKubeletClient = KubeadmCert{ Name: "apiserver-kubelet-client", LongName: "certificate for the API server to connect to kubelet", BaseName: pkiutil.APIServerKubeletClientCertAndKeyBaseName, CAName: "ca", // contains filtered or unexported fields } // KubeadmCertFrontProxyCA is the definition of the CA used for the front end proxy. KubeadmCertFrontProxyCA = KubeadmCert{ Name: "front-proxy-ca", LongName: "self-signed CA to provision identities for front proxy", BaseName: pkiutil.FrontProxyCACertAndKeyBaseName, // contains filtered or unexported fields } // KubeadmCertFrontProxyClient is the definition of the cert used by the API server to access the front proxy. KubeadmCertFrontProxyClient = KubeadmCert{ Name: "front-proxy-client", BaseName: pkiutil.FrontProxyClientCertAndKeyBaseName, LongName: "certificate for the front proxy client", CAName: "front-proxy-ca", // contains filtered or unexported fields } // KubeadmCertEtcdCA is the definition of the root CA used by the hosted etcd server. KubeadmCertEtcdCA = KubeadmCert{ Name: "etcd-ca", LongName: "self-signed CA to provision identities for etcd", BaseName: pkiutil.EtcdCACertAndKeyBaseName, // contains filtered or unexported fields } // KubeadmCertEtcdServer is the definition of the cert used to serve etcd to clients. KubeadmCertEtcdServer = KubeadmCert{ Name: "etcd-server", LongName: "certificate for serving etcd", BaseName: pkiutil.EtcdServerCertAndKeyBaseName, CAName: "etcd-ca", // contains filtered or unexported fields } // KubeadmCertEtcdPeer is the definition of the cert used by etcd peers to access each other. KubeadmCertEtcdPeer = KubeadmCert{ Name: "etcd-peer", LongName: "certificate for etcd nodes to communicate with each other", BaseName: pkiutil.EtcdPeerCertAndKeyBaseName, CAName: "etcd-ca", // contains filtered or unexported fields } // KubeadmCertEtcdHealthcheck is the definition of the cert used by Kubernetes to check the health of the etcd server. KubeadmCertEtcdHealthcheck = KubeadmCert{ Name: "etcd-healthcheck-client", LongName: "certificate for liveness probes to healthcheck etcd", BaseName: pkiutil.EtcdHealthcheckClientCertAndKeyBaseName, CAName: "etcd-ca", // contains filtered or unexported fields } // KubeadmCertEtcdAPIClient is the definition of the cert used by the API server to access etcd. KubeadmCertEtcdAPIClient = KubeadmCert{ Name: "apiserver-etcd-client", LongName: "certificate the apiserver uses to access etcd", BaseName: pkiutil.APIServerEtcdClientCertAndKeyBaseName, CAName: "etcd-ca", // contains filtered or unexported fields } )
Functions ¶
func BuildApiserverEndpoint ¶
func BuildKubeConfigByte ¶
func BuildKubeConfigByte(config *clientcmdapi.Config) ([]byte, error)
func CreateCertAndKeyFilesWithCA ¶
func CreateCertAndKeyFilesWithCA(certSpec *KubeadmCert, ca *CaAll, cfg *kubeadmv1beta2.WarpperConfiguration, certsMaps map[string][]byte) error
func CreateKubeConfigFiles ¶
func CreateKubeConfigFiles(CAKey, CACert []byte, apiserver string, kubeletNodeAddr string, clusterName string, kubeConfigFileNames ...string) (map[string]*clientcmdapi.Config, error)
createKubeConfigFiles creates all the requested kubeconfig files. If kubeconfig files already exists, they are used only if evaluated equal; otherwise an error is returned.
func CreateServiceAccountKeyAndPublicKeyFiles ¶
func CreateServiceAccountKeyAndPublicKeyFiles(certsDir string, keyType x509.PublicKeyAlgorithm, certsMaps map[string][]byte) error
CreateServiceAccountKeyAndPublicKeyFiles creates new public/private key files for signing service account users. If the sa public/private key files already exist in the target folder, they are used only if evaluated equals; otherwise an error is returned.
func DecodeKubeConfigByte ¶
func DecodeKubeConfigByte(data []byte, config *clientcmdapi.Config) error
func GetApiserverKubeconfigList ¶
func GetApiserverKubeconfigList() []string
func GetKubeletKubeconfigList ¶
func GetKubeletKubeconfigList() []string
func GetMasterKubeConfigList ¶
func GetMasterKubeConfigList() []string
func LoadCertAndKeyFromByte ¶
Types ¶
type CaAll ¶
type CaAll struct {
CaCert *x509.Certificate
CaKey crypto.Signer
Cfg *KubeadmCert
}
func CreateCACertAndKeyFiles ¶
func CreateCACertAndKeyFiles(certSpec *KubeadmCert, cfg *kubeadmv1beta2.WarpperConfiguration, cfgMaps map[string][]byte) (*CaAll, error)
CreateCACertAndKeyFiles generates and writes out a given certificate authority. The certSpec should be one of the variables from this package.
type CertificateMap ¶
type CertificateMap map[string]*KubeadmCert
CertificateMap is a flat map of certificates, keyed by Name.
func (CertificateMap) CertTree ¶
func (m CertificateMap) CertTree() (CertificateTree, error)
CertTree returns a one-level-deep tree, mapping a CA cert to an array of certificates that should be signed by it.
type CertificateTree ¶
type CertificateTree map[*KubeadmCert]Certificates
CertificateTree is represents a one-level-deep tree, mapping a CA to the certs that depend on it.
type Certificates ¶
type Certificates []*KubeadmCert
Certificates is a list of Certificates that Kubeadm should create.
func GetCertsWithoutEtcd ¶
func GetCertsWithoutEtcd() Certificates
GetCertsWithoutEtcd returns all of the certificates kubeadm needs when etcd is hosted externally.
func GetDefaultCertList ¶
func GetDefaultCertList() Certificates
GetDefaultCertList returns all of the certificates kubeadm requires to function.
func (Certificates) AsMap ¶
func (c Certificates) AsMap() CertificateMap
AsMap returns the list of certificates as a map, keyed by name.
type KubeadmCert ¶
type KubeadmCert struct {
Name string
LongName string
BaseName string
CAName string
// contains filtered or unexported fields
}
KubeadmCert represents a certificate that Kubeadm will create to function properly.
func (*KubeadmCert) CreateAsCA ¶
func (k *KubeadmCert) CreateAsCA(ic *kubeadmv1beta2.WarpperConfiguration) (*x509.Certificate, crypto.Signer, error)
CreateAsCA creates a certificate authority, writing the files to disk and also returning the created CA so it can be used to sign child certs.
func (*KubeadmCert) CreateFromCA ¶
func (k *KubeadmCert) CreateFromCA(ic *kubeadmv1beta2.WarpperConfiguration, caCert *x509.Certificate, caKey crypto.Signer) error
CreateFromCA makes and writes a certificate using the given CA cert and key.
func (*KubeadmCert) GetConfig ¶
func (k *KubeadmCert) GetConfig(ic *kubeadmv1beta2.WarpperConfiguration) (*pkiutil.CertConfig, error)
GetConfig returns the definition for the given cert given the provided InitConfiguration
Source Files
Click to show internal directories.
Click to hide internal directories.