secret

package

v1.0.1 Latest Latest Go to latest Published: Nov 12, 2021 License: Apache-2.0 Imports: 21 Imported by: 39

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kubernetes-sigs/cluster-api

Links

Open Source Insights

Documentation ¶

Overview ¶

Package secret implements utilities for secret handling.

Index ¶

Constants
Variables
func Get(ctx context.Context, c client.Reader, cluster client.ObjectKey, ...) (*corev1.Secret, error)
func GetFromNamespacedName(ctx context.Context, c client.Reader, clusterName client.ObjectKey, ...) (*corev1.Secret, error)
func Name(cluster string, suffix Purpose) string
type Certificate
type Certificates
type Purpose
- func ParseSecretName(name string) (string, Purpose, error)

Constants ¶

View Source

const (
	// KubeconfigDataName is the key used to store a Kubeconfig in the secret's data field.
	KubeconfigDataName = "value"

	// TLSKeyDataName is the key used to store a TLS private key in the secret's data field.
	TLSKeyDataName = "tls.key"

	// TLSCrtDataName is the key used to store a TLS certificate in the secret's data field.
	TLSCrtDataName = "tls.crt"

	// Kubeconfig is the secret name suffix storing the Cluster Kubeconfig.
	Kubeconfig = Purpose("kubeconfig")

	// ClusterCA is the secret name suffix for APIServer CA.
	ClusterCA = Purpose("ca")

	// EtcdCA is the secret name suffix for the Etcd CA.
	EtcdCA Purpose = "etcd"

	// ServiceAccount is the secret name suffix for the Service Account keys.
	ServiceAccount Purpose = "sa"

	// FrontProxyCA is the secret name suffix for Front Proxy CA.
	FrontProxyCA Purpose = "proxy"

	// APIServerEtcdClient is the secret name of user-supplied secret containing the apiserver-etcd-client key/cert.
	APIServerEtcdClient Purpose = "apiserver-etcd-client"
)

View Source

const (

	// DefaultCertificatesDir is the default directory where Kubernetes stores its PKI information.
	DefaultCertificatesDir = "/etc/kubernetes/pki"
)

Variables ¶

View Source

var (
	// ErrMissingCertificate is an error indicating a certificate is entirely missing.
	ErrMissingCertificate = errors.New("missing certificate")

	// ErrMissingCrt is an error indicating the crt file is missing from the certificate.
	ErrMissingCrt = errors.New("missing crt data")

	// ErrMissingKey is an error indicating the key file is missing from the certificate.
	ErrMissingKey = errors.New("missing key data")
)

Functions ¶

func Get ¶

func Get(ctx context.Context, c client.Reader, cluster client.ObjectKey, purpose Purpose) (*corev1.Secret, error)

Get retrieves the specified Secret (if any) from the given cluster name and namespace.

func GetFromNamespacedName ¶ added in v0.3.0

func GetFromNamespacedName(ctx context.Context, c client.Reader, clusterName client.ObjectKey, purpose Purpose) (*corev1.Secret, error)

GetFromNamespacedName retrieves the specified Secret (if any) from the given cluster name and namespace.

func Name ¶

func Name(cluster string, suffix Purpose) string

Name returns the name of the secret for a cluster.

Types ¶

type Certificate ¶ added in v0.3.0

type Certificate struct {
	Generated         bool
	External          bool
	Purpose           Purpose
	KeyPair           *certs.KeyPair
	CertFile, KeyFile string
}

Certificate represents a single certificate CA.

func (*Certificate) AsFiles ¶ added in v0.3.0

func (c *Certificate) AsFiles() []bootstrapv1.File

AsFiles converts the certificate to a slice of Files that may have 0, 1 or 2 Files.

func (*Certificate) AsSecret ¶ added in v0.3.0

func (c *Certificate) AsSecret(clusterName client.ObjectKey, owner metav1.OwnerReference) *corev1.Secret

AsSecret converts a single certificate into a Kubernetes secret.

func (*Certificate) Generate ¶ added in v0.4.0

func (c *Certificate) Generate() error

Generate generates a certificate.

func (*Certificate) Hashes ¶ added in v0.3.0

func (c *Certificate) Hashes() ([]string, error)

Hashes hashes all the certificates stored in a CA certificate.

type Certificates ¶ added in v0.3.0

type Certificates []*Certificate

Certificates are the certificates necessary to bootstrap a cluster.

func NewCertificatesForInitialControlPlane ¶ added in v0.3.0

func NewCertificatesForInitialControlPlane(config *bootstrapv1.ClusterConfiguration) Certificates

NewCertificatesForInitialControlPlane returns a list of certificates configured for a control plane node.

func NewCertificatesForWorker ¶ added in v0.3.0

func NewCertificatesForWorker(caCertPath string) Certificates

NewCertificatesForWorker return an initialized but empty set of CA certificates needed to bootstrap a cluster.

func NewControlPlaneJoinCerts ¶ added in v0.3.9

func NewControlPlaneJoinCerts(config *bootstrapv1.ClusterConfiguration) Certificates

NewControlPlaneJoinCerts gets any certs that exist and writes them to disk.

func (Certificates) AsFiles ¶ added in v0.3.0

func (c Certificates) AsFiles() []bootstrapv1.File

AsFiles converts a slice of certificates into bootstrap files.

func (Certificates) EnsureAllExist ¶ added in v0.3.0

func (c Certificates) EnsureAllExist() error

EnsureAllExist ensure that there is some data present for every certificate.

func (Certificates) Generate ¶ added in v0.3.0

func (c Certificates) Generate() error

Generate will generate any certificates that do not have KeyPair data.

func (Certificates) GetByPurpose ¶ added in v0.3.0

func (c Certificates) GetByPurpose(purpose Purpose) *Certificate

GetByPurpose returns a certificate by the given name. This could be removed if we use a map instead of a slice to hold certificates, however other code becomes more complex.

func (Certificates) Lookup ¶ added in v0.3.0

func (c Certificates) Lookup(ctx context.Context, ctrlclient client.Client, clusterName client.ObjectKey) error

Lookup looks up each certificate from secrets and populates the certificate with the secret data.

func (Certificates) LookupOrGenerate ¶ added in v0.3.0

func (c Certificates) LookupOrGenerate(ctx context.Context, ctrlclient client.Client, clusterName client.ObjectKey, owner metav1.OwnerReference) error

LookupOrGenerate is a convenience function that wraps cluster bootstrap certificate behavior.

func (Certificates) SaveGenerated ¶ added in v0.3.0

func (c Certificates) SaveGenerated(ctx context.Context, ctrlclient client.Client, clusterName client.ObjectKey, owner metav1.OwnerReference) error

SaveGenerated will save any certificates that have been generated as Kubernetes secrets.

type Purpose ¶

type Purpose string

Purpose is the name to append to the secret generated for a cluster.

func ParseSecretName ¶ added in v0.3.5

func ParseSecretName(name string) (string, Purpose, error)

ParseSecretName return the cluster name and the suffix Purpose in name is a valid cluster secrets, otherwise it return error.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL