Documentation ¶
Overview ¶
Package secret provides a secret store for storing secrets.
Index ¶
- Constants
- Variables
- func Get(ctx context.Context, c client.Reader, cluster client.ObjectKey, ...) (*corev1.Secret, error)
- func GetFromNamespacedName(ctx context.Context, c client.Reader, clusterName client.ObjectKey, ...) (*corev1.Secret, error)
- func Name(cluster string, suffix Purpose) string
- type Certificate
- type Certificates
- func (c Certificates) AsFiles() []bootstrapv1.File
- func (c Certificates) EnsureAllExist() error
- func (c Certificates) Generate() error
- func (c Certificates) GetByPurpose(purpose Purpose) *Certificate
- func (c Certificates) Lookup(ctx context.Context, ctrlclient client.Client, clusterName client.ObjectKey) error
- func (c Certificates) LookupOrGenerate(ctx context.Context, ctrlclient client.Client, clusterName client.ObjectKey, ...) error
- func (c Certificates) SaveGenerated(ctx context.Context, ctrlclient client.Client, clusterName client.ObjectKey, ...) error
- type Purpose
Constants ¶
const ( // KubeconfigDataName is the key used to store a Kubeconfig in the secret's data field. KubeconfigDataName = "value" // TLSKeyDataName is the key used to store a TLS private key in the secret's data field. TLSKeyDataName = "tls.key" // TLSCrtDataName is the key used to store a TLS certificate in the secret's data field. TLSCrtDataName = "tls.crt" // Kubeconfig is the secret name suffix storing the Cluster Kubeconfig. Kubeconfig = Purpose("kubeconfig") // ClusterCA is the secret name suffix for APIServer CA. ClusterCA = Purpose("ca") // ClientClusterCA is the secret name suffix for APIServer CA. ClientClusterCA = Purpose("cca") // EtcdCA is the secret name suffix for the Etcd CA EtcdCA Purpose = "etcd" // ServiceAccount is the secret name suffix for the Service Account keys ServiceAccount Purpose = "sa" // FrontProxyCA is the secret name suffix for Front Proxy CA FrontProxyCA Purpose = "proxy" // APIServerEtcdClient is the secret name of user-supplied secret containing the apiserver-etcd-client key/cert APIServerEtcdClient Purpose = "apiserver-etcd-client" )
const (
// DefaultCertificatesDir is the default directory where k3s certificates are stored
DefaultCertificatesDir = "/var/lib/rancher/k3s/server/tls"
)
Variables ¶
var ( // ErrMissingCertificate is an error indicating a certificate is entirely missing ErrMissingCertificate = errors.New("missing certificate") // ErrMissingCrt is an error indicating the crt file is missing from the certificate ErrMissingCrt = errors.New("missing crt data") // ErrMissingKey is an error indicating the key file is missing from the certificate ErrMissingKey = errors.New("missing key data") )
Functions ¶
func Get ¶
func Get(ctx context.Context, c client.Reader, cluster client.ObjectKey, purpose Purpose) (*corev1.Secret, error)
Get retrieves the specified Secret (if any) from the given cluster name and namespace.
Types ¶
type Certificate ¶
type Certificate struct { Generated bool External bool Purpose Purpose KeyPair *certs.KeyPair CertFile, KeyFile string }
Certificate represents a single certificate CA.
func (*Certificate) AsFiles ¶
func (c *Certificate) AsFiles() []bootstrapv1.File
AsFiles converts the certificate to a slice of Files that may have 0, 1 or 2 Files.
func (*Certificate) AsSecret ¶
func (c *Certificate) AsSecret(clusterName client.ObjectKey, owner metav1.OwnerReference) *corev1.Secret
AsSecret converts a single certificate into a Kubernetes secret.
func (*Certificate) Generate ¶
func (c *Certificate) Generate() error
Generate will generate a new certificate.
func (*Certificate) Hashes ¶
func (c *Certificate) Hashes() ([]string, error)
Hashes hashes all the certificates stored in a CA certificate.
type Certificates ¶
type Certificates []*Certificate
Certificates are the certificates necessary to bootstrap a cluster.
func NewCertificatesForInitialControlPlane ¶
func NewCertificatesForInitialControlPlane() Certificates
NewCertificatesForInitialControlPlane returns a list of certificates configured for a control plane node
func (Certificates) AsFiles ¶
func (c Certificates) AsFiles() []bootstrapv1.File
AsFiles converts a slice of certificates into bootstrap files.
func (Certificates) EnsureAllExist ¶
func (c Certificates) EnsureAllExist() error
EnsureAllExist ensure that there is some data present for every certificate
func (Certificates) Generate ¶
func (c Certificates) Generate() error
Generate will generate any certificates that do not have KeyPair data.
func (Certificates) GetByPurpose ¶
func (c Certificates) GetByPurpose(purpose Purpose) *Certificate
GetByPurpose returns a certificate by the given name. This could be removed if we use a map instead of a slice to hold certificates, however other code becomes more complex.
func (Certificates) Lookup ¶
func (c Certificates) Lookup(ctx context.Context, ctrlclient client.Client, clusterName client.ObjectKey) error
Lookup looks up each certificate from secrets and populates the certificate with the secret data.
func (Certificates) LookupOrGenerate ¶
func (c Certificates) LookupOrGenerate(ctx context.Context, ctrlclient client.Client, clusterName client.ObjectKey, owner metav1.OwnerReference) error
LookupOrGenerate is a convenience function that wraps cluster bootstrap certificate behavior.
func (Certificates) SaveGenerated ¶
func (c Certificates) SaveGenerated(ctx context.Context, ctrlclient client.Client, clusterName client.ObjectKey, owner metav1.OwnerReference) error
SaveGenerated will save any certificates that have been generated as Kubernetes secrets.