authentication

package

v0.1.0 Latest Latest Go to latest Published: May 19, 2022 License: Apache-2.0 Imports: 24 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/litekube/LiteKube

Links

Open Source Insights

Documentation ¶

Index ¶

func GenKubeConfig(filePath, url, caCert, clientCert, clientKey string) error
type KineAuthentication
- func NewKineAuthentication(rootCertPath string, bindAddress string) *KineAuthentication
type KubernetesAuthentication
- func NewKubernetesAuthentication(rootCertPath string, opt *apiserver.ApiserverOptions) *KubernetesAuthentication
- func (na *KubernetesAuthentication) GenerateOrSkip() error
type NetworkControllerAuthentication
- func NewNetworkControllerAuthentication(workDir string, rootCertPath string, ...) *NetworkControllerAuthentication
type NetworkControllerClientAuthentication
- func NewControllerClientAuthentication(rootCertPath string, token string, registerAddress *string, ...) *NetworkControllerClientAuthentication
type RemoteHostInfo

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GenKubeConfig ¶

func GenKubeConfig(filePath, url, caCert, clientCert, clientKey string) error

Types ¶

type KineAuthentication ¶

type KineAuthentication struct {
	KineCertDir string
	BindAddress string
	CACert      string
	CAKey       string
	ServerCert  string
	Serverkey   string
	ClientCert  string
	Clientkey   string
}

func NewKineAuthentication ¶

func NewKineAuthentication(rootCertPath string, bindAddress string) *KineAuthentication

func (*KineAuthentication) GenerateOrSkip ¶

func (kine *KineAuthentication) GenerateOrSkip() error

func (*KineAuthentication) QueryRemoteDNSNames ¶

func (kine *KineAuthentication) QueryRemoteDNSNames() []string

func (*KineAuthentication) QueryRemoteIps ¶

func (kine *KineAuthentication) QueryRemoteIps() []net.IP

type KubernetesAuthentication ¶

type KubernetesAuthentication struct {
	KubectlPath               string
	ApiserverEndpoint         string
	ApiserverEndpointIp       string
	ApiserverEndpointPort     uint16
	ApiServerServiceIP        string
	ServiceClusterIpRange     string
	KubernetesRootDir         string
	KubernetesCertDir         string
	KubernetesTLSDir          string
	KubernetesKubeDir         string
	RequestheaderAllowedNames string

	ServiceKeyPair string

	// apiserver as server:
	// --------------------start-------------------
	ApiserverValidateClientsCA    string
	ApiserverValidateClientsCAKey string
	ClusterValidateServerCA       string
	ClusterValidateServerCAKey    string
	ApiserverServerCert           string
	ApiserverServerKey            string
	// clients to access apiserver
	// admin
	AdminClientCert string
	AdminClientKey  string
	KubeConfigAdmin string
	// controller
	ControllerClientCert string
	ControllerClientKey  string
	KubeConfigController string
	// cloud-controller
	// ClientCloudControllerCert string
	// ClientCloudControllerKey string
	// KubeConfigCloudController string
	// scheduler
	SchedulerClientCert string
	SchedulerClientKey  string
	KubeConfigScheduler string
	// kube-proxy
	KubeProxyClientCert string
	KubeProxyClientKey  string
	// litekube
	LitekubeControllerClientCert string
	LitekubeControllerClientKey  string

	// apiserver as client:
	// --------------------start-------------------
	// apiserver as client to external-aggregation-apiserver
	ApiserverRequestHeaderCA     string
	ApiserverRequestHeaderCAKey  string
	ApiserverClientAuthProxyCert string
	ApiserverClientAuthProxyKey  string
	// apiserver as client to kubelet
	KubeletValidateApiserverClientCA    string
	KubeletValidateApiserverClientCAKey string
	ApiserverValidateKubeletServerCA    string
	ApiserverValidateKubeletServerCAKey string
	ApiserverClientKubeletCert          string
	ApiserverClientKubeletKey           string
	KubeConfigApiserverToKubelet        string

	TokenAuthFile string

	ClientKubeletKey  string
	ServingKubeletKey string

	IPSECKey   string
	PasswdFile string

	NodePasswdFile string
}

func NewKubernetesAuthentication ¶

func NewKubernetesAuthentication(rootCertPath string, opt *apiserver.ApiserverOptions) *KubernetesAuthentication

func (*KubernetesAuthentication) GenerateOrSkip ¶

func (na *KubernetesAuthentication) GenerateOrSkip() error

generate all certificates for kubernetes to start

type NetworkControllerAuthentication ¶

type NetworkControllerAuthentication struct {
	ManagerCertDir         string
	NetworkControllerDir   string
	RegisterManagerCertDir string
	RegisterBindAddress    string
	RegisterCACert         string
	RegisterCAKey          string
	RegisterServerCert     string
	RegisterServerkey      string
	RegisterClientCert     string
	RegisterClientkey      string

	JoinManagerCertDir string
	JoinBindAddress    string
	JoinCACert         string
	JoinCAKey          string
	JoinServerCert     string
	JoinServerkey      string
	JoinClientCert     string
	JoinClientkey      string
}

func NewNetworkControllerAuthentication ¶

func NewNetworkControllerAuthentication(workDir string, rootCertPath string, registerBindAddress, joinBindAddress string) *NetworkControllerAuthentication

func (*NetworkControllerAuthentication) GenerateOrSkip ¶

func (na *NetworkControllerAuthentication) GenerateOrSkip() error

generate X.509 certificate for network-manager

func (*NetworkControllerAuthentication) QueryRemoteDNSNames ¶

func (na *NetworkControllerAuthentication) QueryRemoteDNSNames() []string

func (*NetworkControllerAuthentication) QueryRemoteIps ¶

func (na *NetworkControllerAuthentication) QueryRemoteIps() []net.IP

type NetworkControllerClientAuthentication ¶

type NetworkControllerClientAuthentication struct {
	ManagerRootCertPath    string
	ManagerCertDir         string
	RegisterManagerCertDir string
	RegisterAddress        *string // value only tls-bootstrap without init
	RegisterPort           *uint16 // value only tls-bootstrap without init
	RegisterCACert         string
	RegisterClientCert     string
	RegisterClientkey      string
	JoinManagerCertDir     string
	JoinAddress            *string // value only tls-bootstrap without init
	JoinPort               *uint16 // value only tls-bootstrap without init
	JoinCACert             string
	JoinClientCert         string
	JoinClientkey          string
	Token                  string
	NodeToken              string
	InfoPath               string
}

func NewControllerClientAuthentication ¶

func NewControllerClientAuthentication(rootCertPath string, token string, registerAddress *string, registerPort *uint16, joinAddress *string, joinPort *uint16) *NetworkControllerClientAuthentication

func (*NetworkControllerClientAuthentication) Check ¶

func (na *NetworkControllerClientAuthentication) Check() bool

func (*NetworkControllerClientAuthentication) CreatelinkForClient ¶

func (na *NetworkControllerClientAuthentication) CreatelinkForClient() error

func (*NetworkControllerClientAuthentication) GenerateOrSkip ¶

func (na *NetworkControllerClientAuthentication) GenerateOrSkip() error

generate X.509 certificate for network-manager

func (*NetworkControllerClientAuthentication) LoadInfo ¶

func (na *NetworkControllerClientAuthentication) LoadInfo() error

func (*NetworkControllerClientAuthentication) Nodetoken ¶

func (na *NetworkControllerClientAuthentication) Nodetoken() (string, error)

func (*NetworkControllerClientAuthentication) TLSBootStrap ¶

func (na *NetworkControllerClientAuthentication) TLSBootStrap(address string, port int, bootstrapToken string) error

download certificates and get node-token from network manager

type RemoteHostInfo ¶

type RemoteHostInfo struct {
	RegisterAddress string // value only tls-bootstrap without init
	RegisterPort    uint16 // value only tls-bootstrap without init
	JoinAddress     string // value only tls-bootstrap without init
	JoinPort        uint16 // value only tls-bootstrap without init
	NodeToken       string
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL