pki

package
v0.2.0-rc5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 30, 2019 License: Apache-2.0 Imports: 27 Imported by: 0

Documentation

Index

Constants

View Source
const (
	CertPathPrefix          = "/etc/kubernetes/ssl/"
	CertificatesServiceName = "certificates"
	CrtDownloaderContainer  = "cert-deployer"
	CertFetcherContainer    = "cert-fetcher"
	CertificatesSecretName  = "k8s-certs"
	TempCertPath            = "/etc/kubernetes/.tmp/"
	ClusterConfig           = "cluster.yml"
	ClusterStateFile        = "cluster-state.yml"
	ClusterStateEnv         = "CLUSTER_STATE"
	BundleCertPath          = "/backup/pki.bundle.tar.gz"

	CACertName                 = "kube-ca"
	RequestHeaderCACertName    = "kube-apiserver-requestheader-ca"
	KubeAPICertName            = "kube-apiserver"
	KubeControllerCertName     = "kube-controller-manager"
	KubeSchedulerCertName      = "kube-scheduler"
	KubeProxyCertName          = "kube-proxy"
	KubeNodeCertName           = "kube-node"
	EtcdCertName               = "kube-etcd"
	EtcdClientCACertName       = "kube-etcd-client-ca"
	EtcdClientCertName         = "kube-etcd-client"
	APIProxyClientCertName     = "kube-apiserver-proxy-client"
	ServiceAccountTokenKeyName = "kube-service-account-token"

	KubeNodeCommonName       = "system:node"
	KubeNodeOrganizationName = "system:nodes"

	KubeAdminCertName         = "kube-admin"
	KubeAdminOrganizationName = "system:masters"
	KubeAdminConfigPrefix     = "kube_config_"
)
View Source
const (
	BundleCertContainer = "rke-bundle-cert"
)
View Source
const (
	StateDeployerContainerName = "cluster-state-deployer"
)

Variables

This section is empty.

Functions

func DeployAdminConfig

func DeployAdminConfig(ctx context.Context, kubeConfig, localConfigPath string) error

func DeployCertificatesOnHost

func DeployCertificatesOnHost(ctx context.Context, host *hosts.Host, crtMap map[string]CertificatePKI, certDownloaderImage, certPath string, prsMap map[string]v3.PrivateRegistry) error

func DeployCertificatesOnPlaneHost added in v0.1.1

func DeployCertificatesOnPlaneHost(ctx context.Context, host *hosts.Host, rkeConfig v3.RancherKubernetesEngineConfig, crtMap map[string]CertificatePKI, certDownloaderImage string, prsMap map[string]v3.PrivateRegistry, forceDeploy bool) error

func DeployStateOnPlaneHost added in v0.1.10

func DeployStateOnPlaneHost(ctx context.Context, host *hosts.Host, stateDownloaderImage string, prsMap map[string]v3.PrivateRegistry, clusterState string) error

func ExtractBackupBundleOnHost added in v0.1.8

func ExtractBackupBundleOnHost(ctx context.Context, host *hosts.Host, alpineSystemImage, etcdSnapshotPath string, prsMap map[string]v3.PrivateRegistry) error

func GenerateAPIProxyClientCSR

func GenerateAPIProxyClientCSR(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig) error

func GenerateAPIProxyClientCertificate

func GenerateAPIProxyClientCertificate(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error

func GenerateCACertAndKey added in v0.1.9

func GenerateCACertAndKey(commonName string, privateKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey, error)

func GenerateCertSigningRequestAndKey

func GenerateCertSigningRequestAndKey(
	serverCrt bool,
	commonName string,
	altNames *cert.AltNames,
	reusedKey *rsa.PrivateKey,
	orgs []string) ([]byte, *rsa.PrivateKey, error)

func GenerateEtcdCSRs

func GenerateEtcdCSRs(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig) error

func GenerateEtcdCertificates

func GenerateEtcdCertificates(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error

func GenerateExternalEtcdCertificates

func GenerateExternalEtcdCertificates(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error

func GenerateKubeAPICSR

func GenerateKubeAPICSR(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig) error

func GenerateKubeAPICertificate

func GenerateKubeAPICertificate(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error

func GenerateKubeAdminCSR

func GenerateKubeAdminCSR(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig) error

func GenerateKubeAdminCertificate

func GenerateKubeAdminCertificate(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error

func GenerateKubeControllerCSR

func GenerateKubeControllerCSR(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig) error

func GenerateKubeControllerCertificate

func GenerateKubeControllerCertificate(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error

func GenerateKubeNodeCSR

func GenerateKubeNodeCSR(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig) error

func GenerateKubeNodeCertificate

func GenerateKubeNodeCertificate(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error

func GenerateKubeProxyCSR

func GenerateKubeProxyCSR(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig) error

func GenerateKubeProxyCertificate

func GenerateKubeProxyCertificate(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error

func GenerateKubeSchedulerCSR

func GenerateKubeSchedulerCSR(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig) error

func GenerateKubeSchedulerCertificate

func GenerateKubeSchedulerCertificate(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error

func GenerateRKECACerts

func GenerateRKECACerts(ctx context.Context, certs map[string]CertificatePKI, configPath, configDir string) error

func GenerateRKECerts added in v0.1.2

func GenerateRKECerts(ctx context.Context, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string) (map[string]CertificatePKI, error)

func GenerateRKENodeCerts added in v0.1.2

func GenerateRKENodeCerts(ctx context.Context, rkeConfig v3.RancherKubernetesEngineConfig, nodeAddress string, certBundle map[string]CertificatePKI) map[string]CertificatePKI

func GenerateRKEServicesCSRs

func GenerateRKEServicesCSRs(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig) error

func GenerateRKEServicesCerts

func GenerateRKEServicesCerts(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error

func GenerateServiceTokenKey

func GenerateServiceTokenKey(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error

func GenerateSignedCertAndKey added in v0.1.1

func GenerateSignedCertAndKey(
	caCrt *x509.Certificate,
	caKey *rsa.PrivateKey,
	serverCrt bool,
	commonName string,
	altNames *cert.AltNames,
	reusedKey *rsa.PrivateKey,
	orgs []string) (*x509.Certificate, *rsa.PrivateKey, error)

func GetAltNames

func GetAltNames(cpHosts []*hosts.Host, clusterDomain string, KubernetesServiceIP net.IP, SANs []string) *cert.AltNames

func GetCertPath added in v0.1.1

func GetCertPath(name string) string

func GetCertTempPath added in v0.1.1

func GetCertTempPath(name string) string

func GetConfigPath added in v0.1.1

func GetConfigPath(name string) string

func GetConfigTempPath added in v0.1.1

func GetConfigTempPath(name string) string

func GetEtcdCrtName added in v0.1.1

func GetEtcdCrtName(address string) string

func GetKeyPath added in v0.1.1

func GetKeyPath(name string) string

func GetKeyTempPath added in v0.1.1

func GetKeyTempPath(name string) string

func GetKubeConfigX509WithData

func GetKubeConfigX509WithData(kubernetesURL string, clusterName string, componentName string, cacrt string, crt string, key string) string

func GetKubernetesServiceIP added in v0.1.2

func GetKubernetesServiceIP(serviceClusterRange string) (net.IP, error)

func GetLocalKubeConfig added in v0.1.2

func GetLocalKubeConfig(configPath, configDir string) string

func ReadCSRsAndKeysFromDir

func ReadCSRsAndKeysFromDir(certDir string) (map[string]CertificatePKI, error)

func ReadCertsAndKeysFromDir

func ReadCertsAndKeysFromDir(certDir string) (map[string]CertificatePKI, error)

func RegenerateEtcdCertificate added in v0.1.1

func RegenerateEtcdCertificate(
	ctx context.Context,
	crtMap map[string]CertificatePKI,
	etcdHost *hosts.Host,
	etcdHosts []*hosts.Host,
	clusterDomain string,
	KubernetesServiceIP net.IP) (map[string]CertificatePKI, error)

func RemoveAdminConfig

func RemoveAdminConfig(ctx context.Context, localConfigPath string)

func SaveBackupBundleOnHost added in v0.1.8

func SaveBackupBundleOnHost(ctx context.Context, host *hosts.Host, alpineSystemImage, etcdSnapshotPath string, prsMap map[string]v3.PrivateRegistry) error

func TransformPEMToObject

func TransformPEMToObject(in map[string]CertificatePKI) map[string]CertificatePKI

func ValidateBundleContent

func ValidateBundleContent(rkeConfig *v3.RancherKubernetesEngineConfig, certBundle map[string]CertificatePKI, configPath, configDir string) error

func WriteCertificates

func WriteCertificates(certDirPath string, certBundle map[string]CertificatePKI) error

Types

type CertificatePKI

type CertificatePKI struct {
	Certificate    *x509.Certificate        `json:"-"`
	Key            *rsa.PrivateKey          `json:"-"`
	CSR            *x509.CertificateRequest `json:"-"`
	CertificatePEM string                   `json:"certificatePEM"`
	KeyPEM         string                   `json:"keyPEM"`
	CSRPEM         string                   `json:"-"`
	Config         string                   `json:"config"`
	Name           string                   `json:"name"`
	CommonName     string                   `json:"commonName"`
	OUName         string                   `json:"ouName"`
	EnvName        string                   `json:"envName"`
	Path           string                   `json:"path"`
	KeyEnvName     string                   `json:"keyEnvName"`
	KeyPath        string                   `json:"keyPath"`
	ConfigEnvName  string                   `json:"configEnvName"`
	ConfigPath     string                   `json:"configPath"`
}

func ToCertObject added in v0.1.1

func ToCertObject(componentName, commonName, ouName string, certificate *x509.Certificate, key *rsa.PrivateKey, csrASN1 []byte) CertificatePKI

func (*CertificatePKI) CertToEnv

func (c *CertificatePKI) CertToEnv() string

func (*CertificatePKI) ConfigToEnv

func (c *CertificatePKI) ConfigToEnv() string

func (*CertificatePKI) KeyToEnv

func (c *CertificatePKI) KeyToEnv() string

func (*CertificatePKI) ToEnv

func (c *CertificatePKI) ToEnv() []string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL