Documentation ¶
Index ¶
- Constants
- func DeployAdminConfig(ctx context.Context, kubeConfig, localConfigPath string) error
- func DeployCertificatesOnHost(ctx context.Context, host *hosts.Host, crtMap map[string]CertificatePKI, ...) error
- func DeployCertificatesOnPlaneHost(ctx context.Context, host *hosts.Host, ...) error
- func DeployStateOnPlaneHost(ctx context.Context, host *hosts.Host, stateDownloaderImage string, ...) error
- func ExtractBackupBundleOnHost(ctx context.Context, host *hosts.Host, ...) error
- func GenerateAPIProxyClientCSR(ctx context.Context, certs map[string]CertificatePKI, ...) error
- func GenerateAPIProxyClientCertificate(ctx context.Context, certs map[string]CertificatePKI, ...) error
- func GenerateCACertAndKey(commonName string, privateKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey, error)
- func GenerateCertSigningRequestAndKey(serverCrt bool, commonName string, altNames *cert.AltNames, ...) ([]byte, *rsa.PrivateKey, error)
- func GenerateEtcdCSRs(ctx context.Context, certs map[string]CertificatePKI, ...) error
- func GenerateEtcdCertificates(ctx context.Context, certs map[string]CertificatePKI, ...) error
- func GenerateExternalEtcdCertificates(ctx context.Context, certs map[string]CertificatePKI, ...) error
- func GenerateKubeAPICSR(ctx context.Context, certs map[string]CertificatePKI, ...) error
- func GenerateKubeAPICertificate(ctx context.Context, certs map[string]CertificatePKI, ...) error
- func GenerateKubeAdminCSR(ctx context.Context, certs map[string]CertificatePKI, ...) error
- func GenerateKubeAdminCertificate(ctx context.Context, certs map[string]CertificatePKI, ...) error
- func GenerateKubeControllerCSR(ctx context.Context, certs map[string]CertificatePKI, ...) error
- func GenerateKubeControllerCertificate(ctx context.Context, certs map[string]CertificatePKI, ...) error
- func GenerateKubeNodeCSR(ctx context.Context, certs map[string]CertificatePKI, ...) error
- func GenerateKubeNodeCertificate(ctx context.Context, certs map[string]CertificatePKI, ...) error
- func GenerateKubeProxyCSR(ctx context.Context, certs map[string]CertificatePKI, ...) error
- func GenerateKubeProxyCertificate(ctx context.Context, certs map[string]CertificatePKI, ...) error
- func GenerateKubeSchedulerCSR(ctx context.Context, certs map[string]CertificatePKI, ...) error
- func GenerateKubeSchedulerCertificate(ctx context.Context, certs map[string]CertificatePKI, ...) error
- func GenerateRKECACerts(ctx context.Context, certs map[string]CertificatePKI, ...) error
- func GenerateRKECerts(ctx context.Context, rkeConfig v3.RancherKubernetesEngineConfig, ...) (map[string]CertificatePKI, error)
- func GenerateRKENodeCerts(ctx context.Context, rkeConfig v3.RancherKubernetesEngineConfig, ...) map[string]CertificatePKI
- func GenerateRKEServicesCSRs(ctx context.Context, certs map[string]CertificatePKI, ...) error
- func GenerateRKEServicesCerts(ctx context.Context, certs map[string]CertificatePKI, ...) error
- func GenerateServiceTokenKey(ctx context.Context, certs map[string]CertificatePKI, ...) error
- func GenerateSignedCertAndKey(caCrt *x509.Certificate, caKey *rsa.PrivateKey, serverCrt bool, ...) (*x509.Certificate, *rsa.PrivateKey, error)
- func GetAltNames(cpHosts []*hosts.Host, clusterDomain string, KubernetesServiceIP net.IP, ...) *cert.AltNames
- func GetCertPath(name string) string
- func GetCertTempPath(name string) string
- func GetConfigPath(name string) string
- func GetConfigTempPath(name string) string
- func GetEtcdCrtName(address string) string
- func GetKeyPath(name string) string
- func GetKeyTempPath(name string) string
- func GetKubeConfigX509WithData(kubernetesURL string, clusterName string, componentName string, cacrt string, ...) string
- func GetKubernetesServiceIP(serviceClusterRange string) (net.IP, error)
- func GetLocalKubeConfig(configPath, configDir string) string
- func ReadCSRsAndKeysFromDir(certDir string) (map[string]CertificatePKI, error)
- func ReadCertsAndKeysFromDir(certDir string) (map[string]CertificatePKI, error)
- func RegenerateEtcdCertificate(ctx context.Context, crtMap map[string]CertificatePKI, etcdHost *hosts.Host, ...) (map[string]CertificatePKI, error)
- func RemoveAdminConfig(ctx context.Context, localConfigPath string)
- func SaveBackupBundleOnHost(ctx context.Context, host *hosts.Host, ...) error
- func TransformPEMToObject(in map[string]CertificatePKI) map[string]CertificatePKI
- func ValidateBundleContent(rkeConfig *v3.RancherKubernetesEngineConfig, ...) error
- func WriteCertificates(certDirPath string, certBundle map[string]CertificatePKI) error
- type CSRFunc
- type CertificatePKI
- type GenFunc
Constants ¶
View Source
const ( CertPathPrefix = "/etc/kubernetes/ssl/" CertificatesServiceName = "certificates" CrtDownloaderContainer = "cert-deployer" CertFetcherContainer = "cert-fetcher" CertificatesSecretName = "k8s-certs" TempCertPath = "/etc/kubernetes/.tmp/" ClusterConfig = "cluster.yml" ClusterStateFile = "cluster-state.yml" ClusterStateEnv = "CLUSTER_STATE" BundleCertPath = "/backup/pki.bundle.tar.gz" CACertName = "kube-ca" RequestHeaderCACertName = "kube-apiserver-requestheader-ca" KubeAPICertName = "kube-apiserver" KubeControllerCertName = "kube-controller-manager" KubeSchedulerCertName = "kube-scheduler" KubeProxyCertName = "kube-proxy" KubeNodeCertName = "kube-node" EtcdCertName = "kube-etcd" EtcdClientCACertName = "kube-etcd-client-ca" EtcdClientCertName = "kube-etcd-client" APIProxyClientCertName = "kube-apiserver-proxy-client" ServiceAccountTokenKeyName = "kube-service-account-token" KubeNodeCommonName = "system:node" KubeNodeOrganizationName = "system:nodes" KubeAdminCertName = "kube-admin" KubeAdminOrganizationName = "system:masters" KubeAdminConfigPrefix = "kube_config_" )
View Source
const (
BundleCertContainer = "rke-bundle-cert"
)
View Source
const (
StateDeployerContainerName = "cluster-state-deployer"
)
Variables ¶
This section is empty.
Functions ¶
func DeployAdminConfig ¶
func DeployCertificatesOnPlaneHost ¶ added in v0.1.1
func DeployCertificatesOnPlaneHost(ctx context.Context, host *hosts.Host, rkeConfig v3.RancherKubernetesEngineConfig, crtMap map[string]CertificatePKI, certDownloaderImage string, prsMap map[string]v3.PrivateRegistry, forceDeploy bool) error
func DeployStateOnPlaneHost ¶ added in v0.1.10
func ExtractBackupBundleOnHost ¶ added in v0.1.8
func GenerateAPIProxyClientCSR ¶
func GenerateAPIProxyClientCSR(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig) error
func GenerateAPIProxyClientCertificate ¶
func GenerateAPIProxyClientCertificate(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error
func GenerateCACertAndKey ¶ added in v0.1.9
func GenerateCACertAndKey(commonName string, privateKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey, error)
func GenerateEtcdCSRs ¶
func GenerateEtcdCSRs(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig) error
func GenerateEtcdCertificates ¶
func GenerateEtcdCertificates(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error
func GenerateExternalEtcdCertificates ¶
func GenerateExternalEtcdCertificates(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error
func GenerateKubeAPICSR ¶
func GenerateKubeAPICSR(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig) error
func GenerateKubeAPICertificate ¶
func GenerateKubeAPICertificate(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error
func GenerateKubeAdminCSR ¶
func GenerateKubeAdminCSR(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig) error
func GenerateKubeAdminCertificate ¶
func GenerateKubeAdminCertificate(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error
func GenerateKubeControllerCSR ¶
func GenerateKubeControllerCSR(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig) error
func GenerateKubeControllerCertificate ¶
func GenerateKubeControllerCertificate(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error
func GenerateKubeNodeCSR ¶
func GenerateKubeNodeCSR(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig) error
func GenerateKubeNodeCertificate ¶
func GenerateKubeNodeCertificate(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error
func GenerateKubeProxyCSR ¶
func GenerateKubeProxyCSR(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig) error
func GenerateKubeProxyCertificate ¶
func GenerateKubeProxyCertificate(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error
func GenerateKubeSchedulerCSR ¶
func GenerateKubeSchedulerCSR(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig) error
func GenerateKubeSchedulerCertificate ¶
func GenerateKubeSchedulerCertificate(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error
func GenerateRKECACerts ¶
func GenerateRKECerts ¶ added in v0.1.2
func GenerateRKECerts(ctx context.Context, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string) (map[string]CertificatePKI, error)
func GenerateRKENodeCerts ¶ added in v0.1.2
func GenerateRKENodeCerts(ctx context.Context, rkeConfig v3.RancherKubernetesEngineConfig, nodeAddress string, certBundle map[string]CertificatePKI) map[string]CertificatePKI
func GenerateRKEServicesCSRs ¶
func GenerateRKEServicesCSRs(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig) error
func GenerateRKEServicesCerts ¶
func GenerateRKEServicesCerts(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error
func GenerateServiceTokenKey ¶
func GenerateServiceTokenKey(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error
func GenerateSignedCertAndKey ¶ added in v0.1.1
func GenerateSignedCertAndKey( caCrt *x509.Certificate, caKey *rsa.PrivateKey, serverCrt bool, commonName string, altNames *cert.AltNames, reusedKey *rsa.PrivateKey, orgs []string) (*x509.Certificate, *rsa.PrivateKey, error)
func GetAltNames ¶
func GetCertPath ¶ added in v0.1.1
func GetCertTempPath ¶ added in v0.1.1
func GetConfigPath ¶ added in v0.1.1
func GetConfigTempPath ¶ added in v0.1.1
func GetEtcdCrtName ¶ added in v0.1.1
func GetKeyPath ¶ added in v0.1.1
func GetKeyTempPath ¶ added in v0.1.1
func GetKubernetesServiceIP ¶ added in v0.1.2
func GetLocalKubeConfig ¶ added in v0.1.2
func ReadCSRsAndKeysFromDir ¶
func ReadCSRsAndKeysFromDir(certDir string) (map[string]CertificatePKI, error)
func ReadCertsAndKeysFromDir ¶
func ReadCertsAndKeysFromDir(certDir string) (map[string]CertificatePKI, error)
func RegenerateEtcdCertificate ¶ added in v0.1.1
func RemoveAdminConfig ¶
func SaveBackupBundleOnHost ¶ added in v0.1.8
func TransformPEMToObject ¶
func TransformPEMToObject(in map[string]CertificatePKI) map[string]CertificatePKI
func ValidateBundleContent ¶
func ValidateBundleContent(rkeConfig *v3.RancherKubernetesEngineConfig, certBundle map[string]CertificatePKI, configPath, configDir string) error
func WriteCertificates ¶
func WriteCertificates(certDirPath string, certBundle map[string]CertificatePKI) error
Types ¶
type CSRFunc ¶
type CSRFunc func(context.Context, map[string]CertificatePKI, v3.RancherKubernetesEngineConfig) error
type CertificatePKI ¶
type CertificatePKI struct { Certificate *x509.Certificate `json:"-"` Key *rsa.PrivateKey `json:"-"` CSR *x509.CertificateRequest `json:"-"` CertificatePEM string `json:"certificatePEM"` KeyPEM string `json:"keyPEM"` CSRPEM string `json:"-"` Config string `json:"config"` Name string `json:"name"` CommonName string `json:"commonName"` OUName string `json:"ouName"` EnvName string `json:"envName"` Path string `json:"path"` KeyEnvName string `json:"keyEnvName"` KeyPath string `json:"keyPath"` ConfigEnvName string `json:"configEnvName"` ConfigPath string `json:"configPath"` }
func ToCertObject ¶ added in v0.1.1
func ToCertObject(componentName, commonName, ouName string, certificate *x509.Certificate, key *rsa.PrivateKey, csrASN1 []byte) CertificatePKI
func (*CertificatePKI) CertToEnv ¶
func (c *CertificatePKI) CertToEnv() string
func (*CertificatePKI) ConfigToEnv ¶
func (c *CertificatePKI) ConfigToEnv() string
func (*CertificatePKI) KeyToEnv ¶
func (c *CertificatePKI) KeyToEnv() string
func (*CertificatePKI) ToEnv ¶
func (c *CertificatePKI) ToEnv() []string
Source Files ¶
Click to show internal directories.
Click to hide internal directories.