pki

package
v0.1.8-rc7 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 26, 2018 License: Apache-2.0 Imports: 20 Imported by: 0

Documentation

Index

Constants

View Source
const (
	CertPathPrefix          = "/etc/kubernetes/ssl/"
	CertificatesServiceName = "certificates"
	CrtDownloaderContainer  = "cert-deployer"
	CertFetcherContainer    = "cert-fetcher"
	CertificatesSecretName  = "k8s-certs"
	TempCertPath            = "/etc/kubernetes/.tmp/"
	ClusterConfig           = "cluster.yml"
	BundleCertPath          = "/backup/pki.bundle.tar.gz"

	CACertName             = "kube-ca"
	KubeAPICertName        = "kube-apiserver"
	KubeControllerCertName = "kube-controller-manager"
	KubeSchedulerCertName  = "kube-scheduler"
	KubeProxyCertName      = "kube-proxy"
	KubeNodeCertName       = "kube-node"
	EtcdCertName           = "kube-etcd"
	EtcdClientCACertName   = "kube-etcd-client-ca"
	EtcdClientCertName     = "kube-etcd-client"

	KubeNodeCommonName       = "system:node"
	KubeNodeOrganizationName = "system:nodes"

	KubeAdminCertName         = "kube-admin"
	KubeAdminOrganizationName = "system:masters"
	KubeAdminConfigPrefix     = "kube_config_"
)
View Source
const (
	BundleCertContainer = "rke-bundle-cert"
)

Variables

This section is empty.

Functions

func DeployAdminConfig

func DeployAdminConfig(ctx context.Context, kubeConfig, localConfigPath string) error

func DeployCertificatesOnHost

func DeployCertificatesOnHost(ctx context.Context, host *hosts.Host, crtMap map[string]CertificatePKI, certDownloaderImage, certPath string, prsMap map[string]v3.PrivateRegistry) error

func DeployCertificatesOnPlaneHost added in v0.1.1

func DeployCertificatesOnPlaneHost(ctx context.Context, host *hosts.Host, rkeConfig v3.RancherKubernetesEngineConfig, crtMap map[string]CertificatePKI, certDownloaderImage string, prsMap map[string]v3.PrivateRegistry) error

func ExtractBackupBundleOnHost added in v0.1.8

func ExtractBackupBundleOnHost(ctx context.Context, host *hosts.Host, alpineSystemImage, etcdSnapshotPath string, prsMap map[string]v3.PrivateRegistry) error

func FetchCertificatesFromHost

func FetchCertificatesFromHost(ctx context.Context, extraHosts []*hosts.Host, host *hosts.Host, image, localConfigPath string, prsMap map[string]v3.PrivateRegistry) (map[string]CertificatePKI, error)

func FetchFileFromHost added in v0.1.7

func FetchFileFromHost(ctx context.Context, filePath, image string, host *hosts.Host, prsMap map[string]v3.PrivateRegistry) (string, error)

func GenerateRKECerts added in v0.1.2

func GenerateRKECerts(ctx context.Context, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string) (map[string]CertificatePKI, error)

func GenerateRKENodeCerts added in v0.1.2

func GenerateRKENodeCerts(ctx context.Context, rkeConfig v3.RancherKubernetesEngineConfig, nodeAddress string, certBundle map[string]CertificatePKI) map[string]CertificatePKI

func GenerateSignedCertAndKey added in v0.1.1

func GenerateSignedCertAndKey(
	caCrt *x509.Certificate,
	caKey *rsa.PrivateKey,
	serverCrt bool,
	commonName string,
	altNames *cert.AltNames,
	reusedKey *rsa.PrivateKey,
	orgs []string) (*x509.Certificate, *rsa.PrivateKey, error)

func GetAltNames

func GetAltNames(cpHosts []*hosts.Host, clusterDomain string, KubernetesServiceIP net.IP, SANs []string) *cert.AltNames

func GetCertPath added in v0.1.1

func GetCertPath(name string) string

func GetCertTempPath added in v0.1.1

func GetCertTempPath(name string) string

func GetConfigPath added in v0.1.1

func GetConfigPath(name string) string

func GetConfigTempPath added in v0.1.1

func GetConfigTempPath(name string) string

func GetEtcdCrtName added in v0.1.1

func GetEtcdCrtName(address string) string

func GetKeyPath added in v0.1.1

func GetKeyPath(name string) string

func GetKeyTempPath added in v0.1.1

func GetKeyTempPath(name string) string

func GetKubeConfigX509WithData

func GetKubeConfigX509WithData(kubernetesURL string, clusterName string, componentName string, cacrt string, crt string, key string) string

func GetKubernetesServiceIP added in v0.1.2

func GetKubernetesServiceIP(serviceClusterRange string) (net.IP, error)

func GetLocalKubeConfig added in v0.1.2

func GetLocalKubeConfig(configPath, configDir string) string

func RegenerateEtcdCertificate added in v0.1.1

func RegenerateEtcdCertificate(
	ctx context.Context,
	crtMap map[string]CertificatePKI,
	etcdHost *hosts.Host,
	etcdHosts []*hosts.Host,
	clusterDomain string,
	KubernetesServiceIP net.IP) (map[string]CertificatePKI, error)

func RemoveAdminConfig

func RemoveAdminConfig(ctx context.Context, localConfigPath string)

func SaveBackupBundleOnHost added in v0.1.8

func SaveBackupBundleOnHost(ctx context.Context, host *hosts.Host, alpineSystemImage, etcdSnapshotPath string, prsMap map[string]v3.PrivateRegistry) error

Types

type CertificatePKI

type CertificatePKI struct {
	Certificate   *x509.Certificate
	Key           *rsa.PrivateKey
	Config        string
	Name          string
	CommonName    string
	OUName        string
	EnvName       string
	Path          string
	KeyEnvName    string
	KeyPath       string
	ConfigEnvName string
	ConfigPath    string
}

func ToCertObject added in v0.1.1

func ToCertObject(componentName, commonName, ouName string, cert *x509.Certificate, key *rsa.PrivateKey) CertificatePKI

func (*CertificatePKI) CertToEnv

func (c *CertificatePKI) CertToEnv() string

func (*CertificatePKI) ConfigToEnv

func (c *CertificatePKI) ConfigToEnv() string

func (*CertificatePKI) KeyToEnv

func (c *CertificatePKI) KeyToEnv() string

func (*CertificatePKI) ToEnv

func (c *CertificatePKI) ToEnv() []string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL