Documentation
¶
Index ¶
- Constants
- Variables
- func AnnotateWithCA(secret, ca *corev1.Secret)
- func ReconcileClusterPolicyControllerCertSecret(secret, ca *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileClusterSignerCA(secret *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileCombinedCA(cm *corev1.ConfigMap, ownerRef config.OwnerRef, ...) error
- func ReconcileEtcdClientSecret(secret, ca *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileEtcdPeerSecret(secret, ca *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileEtcdServerSecret(secret, ca *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileIngressCert(secret, ca *corev1.Secret, ownerRef config.OwnerRef, ...) error
- func ReconcileKASAdminClientCertSecret(secret, ca *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileKASAggregatorCertSecret(secret, ca *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileKASKubeletClientCertSecret(secret, ca *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileKASMachineBootstrapClientCertSecret(secret, ca *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileKASServerCertSecret(secret, ca *corev1.Secret, ownerRef config.OwnerRef, ...) error
- func ReconcileKonnectivityAgentSecret(secret, ca *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileKonnectivityClientSecret(secret, ca *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileKonnectivityClusterSecret(secret, ca *corev1.Secret, ownerRef config.OwnerRef, ...) error
- func ReconcileKonnectivityServerSecret(secret, ca *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileKonnectivityWorkerAgentSecret(cm *corev1.ConfigMap, ca *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileMachineConfigServerCert(secret, ca *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileOLMPackageServerCertSecret(secret, ca *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileOpenShiftAPIServerCertSecret(secret, ca *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileOpenShiftControllerManagerCertSecret(secret, ca *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileOpenShiftOAuthAPIServerCertSecret(secret, ca *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileRootCA(secret *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileServiceAccountSigningKeySecret(secret, signingKey *corev1.Secret, ownerRef config.OwnerRef) error
- func SecretUpToDate(secret *corev1.Secret, keys []string) bool
- func SignCertificate(cfg *certs.CertCfg, ca *corev1.Secret) (crtBytes []byte, keyBytes []byte, caBytes []byte, err error)
- func SignedSecretUpToDate(secret, ca *corev1.Secret, keys []string) bool
- func ValidCA(secret *corev1.Secret) bool
- type PKIParams
Constants ¶
View Source
const ( EtcdClientCrtKey = "etcd-client.crt" EtcdClientKeyKey = "etcd-client.key" EtcdClientCAKey = "etcd-client-ca.crt" EtcdServerCrtKey = "server.crt" EtcdServerKeyKey = "server.key" EtcdServerCAKey = "server-ca.crt" EtcdPeerCrtKey = "peer.crt" EtcdPeerKeyKey = "peer.key" EtcdPeerCAKey = "peer-ca.crt" )
Etcd secret keys
View Source
const ( // Service signer secret keys ServiceSignerPrivateKey = "service-account.key" ServiceSignerPublicKey = "service-account.pub" )
View Source
const ( CASignerCertMapKey = "ca.crt" CASignerKeyMapKey = "ca.key" CAHashAnnotation = "hypershiftlite.openshift.io/ca-hash" )
Variables ¶
View Source
var ( X509UsageClientAuth = []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth} X509UsageServerAuth = []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth} X509UsageClientServerAuth = append(X509UsageClientAuth, X509UsageServerAuth...) X509DefaultUsage = x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature X509SignerUsage = X509DefaultUsage | x509.KeyUsageCertSign )
Functions ¶
func AnnotateWithCA ¶
func ReconcileCombinedCA ¶
func ReconcileEtcdPeerSecret ¶
func ReconcileIngressCert ¶
func SignCertificate ¶
func SignedSecretUpToDate ¶
Types ¶
type PKIParams ¶
type PKIParams struct {
// ServiceCIDR
// Subnet for cluster services
ServiceCIDR string `json:"serviceCIDR"`
// PodCIDR
// Subnet for pods
PodCIDR string `json:"podCIDR"`
// ExternalAPIAddress
// An externally accessible DNS name or IP for the API server. Currently obtained from the load balancer DNS name.
ExternalAPIAddress string `json:"externalAPIAddress"`
// ExternalKconnectivityAddress
// An externally accessible DNS name or IP for the Konnectivity proxy. Currently obtained from the load balancer DNS name.
ExternalKconnectivityAddress string `json:"externalKconnectivityAddress"`
// NodeInternalAPIServerIP
// A fixed IP that pods on worker nodes will use to communicate with the API server - 172.20.0.1
NodeInternalAPIServerIP string `json:"nodeInternalAPIServerIP"`
// ExternalOauthAddress
// An externally accessible DNS name or IP for the Oauth server. Currently obtained from Oauth load balancer DNS name.
ExternalOauthAddress string `json:"externalOauthAddress"`
// IngressSubdomain
// Subdomain for cluster ingress. Used to generate the wildcard certificate for ingress.
IngressSubdomain string `json:"ingressSubdomain"`
// Namespace used to generate internal DNS names for services.
Namespace string `json:"namespace"`
// Owner reference for resources
OwnerRef config.OwnerRef `json:"ownerRef"`
}
func NewPKIParams ¶
func NewPKIParams(hcp *hyperv1.HostedControlPlane, apiExternalAddress, oauthExternalAddress, konnectivityExternalAddress string) *PKIParams
Source Files
Click to show internal directories.
Click to hide internal directories.