Documentation
¶
Index ¶
- Constants
- func BuildBootstrapperName(name string) string
- func DeleteBootstrapAuth(ctx context.Context, c client.Client, csrName, seedName string) error
- func MarshalKubeconfigWithClientCertificate(config *rest.Config, privateKeyData, certDat []byte) ([]byte, error)
- func MarshalKubeconfigWithToken(config *rest.Config, token string) ([]byte, error)
- func RequestCertificate(ctx context.Context, ...) (certData []byte, csrName string, err error)
- func RequestSeedCertificate(ctx context.Context, ...) (certData []byte, csrName string, err error)
Constants ¶
const GardenerSeedBootstrapper = "gardener.cloud:system:seed-bootstrapper"
GardenerSeedBootstrapper is a constant for the gardener seed bootstrapper name.
Variables ¶
This section is empty.
Functions ¶
func BuildBootstrapperName ¶ added in v0.35.0
BuildBootstrapperName concatenates the gardener seed bootstrapper group with the given name, separated by a colon.
func DeleteBootstrapAuth ¶ added in v0.35.0
DeleteBootstrapAuth checks which authentication mechanism was used to request a certificate (either a bootstrap token or a service account token was used). If the latter is true then it also deletes the corresponding ClusterRoleBinding.
func MarshalKubeconfigWithClientCertificate ¶ added in v0.35.0
func MarshalKubeconfigWithClientCertificate(config *rest.Config, privateKeyData, certDat []byte) ([]byte, error)
MarshalKubeconfigWithClientCertificate marshals the kubeconfig derived from the bootstrapping process.
func MarshalKubeconfigWithToken ¶ added in v0.35.0
MarshalKubeconfigWithToken marshals the kubeconfig derived with the given bootstrap token.
func RequestCertificate ¶ added in v0.35.0
func RequestCertificate(ctx context.Context, certificateClient certificatesv1beta1client.CertificateSigningRequestInterface, privateKeyData []byte, commonName string, organization []string) (certData []byte, csrName string, err error)
RequestCertificate will create a certificate signing request for a given organization and common name for the CSR will be set as expected for seed certificates) and send it to API server, then it will watch the object's status, once approved by API server, it will return the API server's issued certificate (pem-encoded). If there is any errors, or the watch timeouts, it will return an error.
func RequestSeedCertificate ¶
func RequestSeedCertificate(ctx context.Context, certificateClient certificatesv1beta1client.CertificateSigningRequestInterface, privateKeyData []byte, seedName string) (certData []byte, csrName string, err error)
RequestSeedCertificate will create a certificate signing request for a seed (Organization and CommonName for the CSR will be set as expected for seed certificates) and send it to API server, then it will watch the object's status, once approved by API server, it will return the API server's issued certificate (pem-encoded). If there is any errors, or the watch timeouts, it will return an error. This is intended for use on seeds (gardenlet).
Types ¶
This section is empty.
Source Files