pki

package
v0.2.0-rc1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 30, 2018 License: Apache-2.0 Imports: 26 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	CertPathPrefix          = "/etc/kubernetes/ssl/"
	CertificatesServiceName = "certificates"
	CrtDownloaderContainer  = "cert-deployer"
	CertFetcherContainer    = "cert-fetcher"
	CertificatesSecretName  = "k8s-certs"
	TempCertPath            = "/etc/kubernetes/.tmp/"
	ClusterConfig           = "cluster.yml"
	ClusterStateFile        = "cluster-state.yml"
	ClusterStateEnv         = "CLUSTER_STATE"
	BundleCertPath          = "/backup/pki.bundle.tar.gz"

	CACertName                 = "kube-ca"
	RequestHeaderCACertName    = "kube-apiserver-requestheader-ca"
	KubeAPICertName            = "kube-apiserver"
	KubeControllerCertName     = "kube-controller-manager"
	KubeSchedulerCertName      = "kube-scheduler"
	KubeProxyCertName          = "kube-proxy"
	KubeNodeCertName           = "kube-node"
	EtcdCertName               = "kube-etcd"
	EtcdClientCACertName       = "kube-etcd-client-ca"
	EtcdClientCertName         = "kube-etcd-client"
	APIProxyClientCertName     = "kube-apiserver-proxy-client"
	ServiceAccountTokenKeyName = "kube-service-account-token"

	KubeNodeCommonName       = "system:node"
	KubeNodeOrganizationName = "system:nodes"

	KubeAdminCertName         = "kube-admin"
	KubeAdminOrganizationName = "system:masters"
	KubeAdminConfigPrefix     = "kube_config_"
)
View Source 
const (
	BundleCertContainer = "rke-bundle-cert"
)
View Source 
const (
	StateDeployerContainerName = "cluster-state-deployer"
)

Variables

This section is empty.

Functions

func DeployAdminConfig 

func DeployAdminConfig(ctx context.Context, kubeConfig, localConfigPath string) error

func DeployCertificatesOnHost 

func DeployCertificatesOnHost(ctx context.Context, host *hosts.Host, crtMap map[string]CertificatePKI, certDownloaderImage, certPath string, prsMap map[string]v3.PrivateRegistry) error

func DeployCertificatesOnPlaneHost added in v0.1.1 

func DeployCertificatesOnPlaneHost(ctx context.Context, host *hosts.Host, rkeConfig v3.RancherKubernetesEngineConfig, crtMap map[string]CertificatePKI, certDownloaderImage string, prsMap map[string]v3.PrivateRegistry, rotateCerts bool) error

func DeployStateOnPlaneHost added in v0.1.10 

func DeployStateOnPlaneHost(ctx context.Context, host *hosts.Host, stateDownloaderImage string, prsMap map[string]v3.PrivateRegistry, clusterState string) error

func ExtractBackupBundleOnHost added in v0.1.8 

func ExtractBackupBundleOnHost(ctx context.Context, host *hosts.Host, alpineSystemImage, etcdSnapshotPath string, prsMap map[string]v3.PrivateRegistry) error

func GenerateAPIProxyClientCertificate added in v0.2.0 

func GenerateAPIProxyClientCertificate(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error

func GenerateCACertAndKey added in v0.1.9 

func GenerateCACertAndKey(commonName string, privateKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey, error)

func GenerateEtcdCertificates added in v0.2.0 

func GenerateEtcdCertificates(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error

func GenerateExternalEtcdCertificates added in v0.2.0 

func GenerateExternalEtcdCertificates(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error

func GenerateKubeAPICertificate added in v0.2.0 

func GenerateKubeAPICertificate(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error

func GenerateKubeAdminCertificate added in v0.2.0 

func GenerateKubeAdminCertificate(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error

func GenerateKubeControllerCertificate added in v0.2.0 

func GenerateKubeControllerCertificate(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error

func GenerateKubeNodeCertificate added in v0.2.0 

func GenerateKubeNodeCertificate(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error

func GenerateKubeProxyCertificate added in v0.2.0 

func GenerateKubeProxyCertificate(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error

func GenerateKubeSchedulerCertificate added in v0.2.0 

func GenerateKubeSchedulerCertificate(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error

func GenerateRKECACerts added in v0.2.0 

func GenerateRKECACerts(ctx context.Context, certs map[string]CertificatePKI, configPath, configDir string) error

func GenerateRKECerts added in v0.1.2 

func GenerateRKECerts(ctx context.Context, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string) (map[string]CertificatePKI, error)

func GenerateRKENodeCerts added in v0.1.2 

func GenerateRKENodeCerts(ctx context.Context, rkeConfig v3.RancherKubernetesEngineConfig, nodeAddress string, certBundle map[string]CertificatePKI) map[string]CertificatePKI

func GenerateRKEServicesCerts added in v0.2.0 

func GenerateRKEServicesCerts(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error

func GenerateServiceTokenKey added in v0.2.0 

func GenerateServiceTokenKey(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error

func GenerateSignedCertAndKey added in v0.1.1 

func GenerateSignedCertAndKey(
	caCrt *x509.Certificate,
	caKey *rsa.PrivateKey,
	serverCrt bool,
	commonName string,
	altNames *cert.AltNames,
	reusedKey *rsa.PrivateKey,
	orgs []string) (*x509.Certificate, *rsa.PrivateKey, error)

func GetAltNames 

func GetAltNames(cpHosts []*hosts.Host, clusterDomain string, KubernetesServiceIP net.IP, SANs []string) *cert.AltNames

func GetCertPath added in v0.1.1 

func GetCertPath(name string) string

func GetCertTempPath added in v0.1.1 

func GetCertTempPath(name string) string

func GetConfigPath added in v0.1.1 

func GetConfigPath(name string) string

func GetConfigTempPath added in v0.1.1 

func GetConfigTempPath(name string) string

func GetEtcdCrtName added in v0.1.1 

func GetEtcdCrtName(address string) string

func GetKeyPath added in v0.1.1 

func GetKeyPath(name string) string

func GetKeyTempPath added in v0.1.1 

func GetKeyTempPath(name string) string

func GetKubeConfigX509WithData 

func GetKubeConfigX509WithData(kubernetesURL string, clusterName string, componentName string, cacrt string, crt string, key string) string

func GetKubernetesServiceIP added in v0.1.2 

func GetKubernetesServiceIP(serviceClusterRange string) (net.IP, error)

func GetLocalKubeConfig added in v0.1.2 

func GetLocalKubeConfig(configPath, configDir string) string

func RegenerateEtcdCertificate added in v0.1.1 

func RegenerateEtcdCertificate(
	ctx context.Context,
	crtMap map[string]CertificatePKI,
	etcdHost *hosts.Host,
	etcdHosts []*hosts.Host,
	clusterDomain string,
	KubernetesServiceIP net.IP) (map[string]CertificatePKI, error)

func RemoveAdminConfig 

func RemoveAdminConfig(ctx context.Context, localConfigPath string)

func SaveBackupBundleOnHost added in v0.1.8 

func SaveBackupBundleOnHost(ctx context.Context, host *hosts.Host, alpineSystemImage, etcdSnapshotPath string, prsMap map[string]v3.PrivateRegistry) error

func TransformPEMToObject added in v0.2.0 

func TransformPEMToObject(in map[string]CertificatePKI) map[string]CertificatePKI

Types

type CertificatePKI 

type CertificatePKI struct {
	Certificate    *x509.Certificate `json:"-"`
	Key            *rsa.PrivateKey   `json:"-"`
	CertificatePEM string            `json:"certificatePEM"`
	KeyPEM         string            `json:"keyPEM"`
	Config         string            `json:"config"`
	Name           string            `json:"name"`
	CommonName     string            `json:"commonName"`
	OUName         string            `json:"ouName"`
	EnvName        string            `json:"envName"`
	Path           string            `json:"path"`
	KeyEnvName     string            `json:"keyEnvName"`
	KeyPath        string            `json:"keyPath"`
	ConfigEnvName  string            `json:"configEnvName"`
	ConfigPath     string            `json:"configPath"`
}

func ToCertObject added in v0.1.1 

func ToCertObject(componentName, commonName, ouName string, certificate *x509.Certificate, key *rsa.PrivateKey) CertificatePKI

func (*CertificatePKI) CertToEnv 

func (c *CertificatePKI) CertToEnv() string

func (*CertificatePKI) ConfigToEnv 

func (c *CertificatePKI) ConfigToEnv() string

func (*CertificatePKI) KeyToEnv 

func (c *CertificatePKI) KeyToEnv() string

func (*CertificatePKI) ToEnv 

func (c *CertificatePKI) ToEnv() []string

type GenFunc added in v0.2.0 

type GenFunc func(context.Context, map[string]CertificatePKI, v3.RancherKubernetesEngineConfig, string, string, bool) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.