pki

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 24, 2018 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

View Source
const (
	CertificatesServiceName = "certificates"
	CrtDownloaderContainer  = "cert-deployer"
	CertFetcherContainer    = "cert-fetcher"
	CertificatesSecretName  = "k8s-certs"
	TempCertPath            = "/etc/kubernetes/.tmp/"

	CACertName    = "kube-ca"
	CACertENVName = "KUBE_CA"
	CAKeyENVName  = "KUBE_CA_KEY"
	CACertPath    = "/etc/kubernetes/ssl/kube-ca.pem"
	CAKeyPath     = "/etc/kubernetes/ssl/kube-ca-key.pem"

	KubeAPICertName    = "kube-apiserver"
	KubeAPICertENVName = "KUBE_API"
	KubeAPIKeyENVName  = "KUBE_API_KEY"
	KubeAPICertPath    = "/etc/kubernetes/ssl/kube-api.pem"
	KubeAPIKeyPath     = "/etc/kubernetes/ssl/kube-api-key.pem"

	KubeControllerName          = "kube-controller-manager"
	KubeControllerCommonName    = "system:kube-controller-manager"
	KubeControllerCertENVName   = "KUBE_CONTROLLER_MANAGER"
	KubeControllerKeyENVName    = "KUBE_CONTROLLER_MANAGER_KEY"
	KubeControllerConfigENVName = "KUBECFG_CONTROLLER_MANAGER"
	KubeControllerCertPath      = "/etc/kubernetes/ssl/kube-controller-manager.pem"
	KubeControllerKeyPath       = "/etc/kubernetes/ssl/kube-controller-manager-key.pem"
	KubeControllerConfigPath    = "/etc/kubernetes/ssl/kubecfg-controller-manager.yaml"

	KubeSchedulerName          = "kube-scheduler"
	KubeSchedulerCommonName    = "system:kube-scheduler"
	KubeSchedulerCertENVName   = "KUBE_SCHEDULER"
	KubeSchedulerKeyENVName    = "KUBE_SCHEDULER_KEY"
	KubeSchedulerConfigENVName = "KUBECFG_SCHEDULER"
	KubeSchedulerCertPath      = "/etc/kubernetes/ssl/kube-scheduler.pem"
	KubeSchedulerKeyPath       = "/etc/kubernetes/ssl/kube-scheduler-key.pem"
	KubeSchedulerConfigPath    = "/etc/kubernetes/ssl/kubecfg-scheduler.yaml"

	KubeProxyName          = "kube-proxy"
	KubeProxyCommonName    = "system:kube-proxy"
	KubeProxyCertENVName   = "KUBE_PROXY"
	KubeProxyKeyENVName    = "KUBE_PROXY_KEY"
	KubeProxyConfigENVName = "KUBECFG_KUBE_PROXY"
	KubeProxyCertPath      = "/etc/kubernetes/ssl/kube-proxy.pem"
	KubeProxyKeyPath       = "/etc/kubernetes/ssl/kube-proxy-key.pem"
	KubeProxyConfigPath    = "/etc/kubernetes/ssl/kubecfg-kube-proxy.yaml"

	KubeNodeName             = "kube-node"
	KubeNodeCommonName       = "system:node"
	KubeNodeOrganizationName = "system:nodes"
	KubeNodeCertENVName      = "KUBE_NODE"
	KubeNodeKeyENVName       = "KUBE_NODE_KEY"
	KubeNodeConfigENVName    = "KUBECFG_KUBE_NODE"
	KubeNodeCertPath         = "/etc/kubernetes/ssl/kube-node.pem"
	KubeNodeKeyPath          = "/etc/kubernetes/ssl/kube-node-key.pem"
	KubeNodeConfigPath       = "/etc/kubernetes/ssl/kubecfg-kube-node.yaml"

	KubeAdminCommonName       = "kube-admin"
	KubeAdminOrganizationName = "system:masters"
	KubeAdminConfigPrefix     = ".kube_config_"
	KubeAdminConfigENVName    = "KUBECFG_ADMIN"
	KubeAdminCertEnvName      = "KUBE_ADMIN"
	KubeAdminKeyEnvName       = "KUBE_ADMIN_KEY"
)

Variables

This section is empty.

Functions

func DeployAdminConfig

func DeployAdminConfig(ctx context.Context, kubeConfig, localConfigPath string) error

func DeployCertificatesOnHost

func DeployCertificatesOnHost(ctx context.Context, host *hosts.Host, crtMap map[string]CertificatePKI, certDownloaderImage string) error

func DeployCertificatesOnMasters

func DeployCertificatesOnMasters(ctx context.Context, cpHosts []*hosts.Host, crtMap map[string]CertificatePKI, certDownloaderImage string) error

func DeployCertificatesOnWorkers

func DeployCertificatesOnWorkers(ctx context.Context, workerHosts []*hosts.Host, crtMap map[string]CertificatePKI, certDownloaderImage string) error

func FetchCertificatesFromHost

func FetchCertificatesFromHost(ctx context.Context, host *hosts.Host, image, localConfigPath string) (map[string]CertificatePKI, error)

func GenerateCertWithKey

func GenerateCertWithKey(commonName string, key *rsa.PrivateKey, caCrt *x509.Certificate, caKey *rsa.PrivateKey, altNames *cert.AltNames) (*x509.Certificate, error)

func GenerateKubeAPICertAndKey

func GenerateKubeAPICertAndKey(caCrt *x509.Certificate, caKey *rsa.PrivateKey, altNames *cert.AltNames) (*x509.Certificate, *rsa.PrivateKey, error)

func GetAltNames

func GetAltNames(cpHosts []*hosts.Host, clusterDomain string, KubernetesServiceIP net.IP) *cert.AltNames

func GetKubeConfigX509WithData

func GetKubeConfigX509WithData(kubernetesURL string, componentName string, cacrt string, crt string, key string) string

func RemoveAdminConfig

func RemoveAdminConfig(ctx context.Context, localConfigPath string)

func StartCertificatesGeneration

func StartCertificatesGeneration(ctx context.Context, cpHosts []*hosts.Host, workerHosts []*hosts.Host, clusterDomain, localConfigPath string, KubernetesServiceIP net.IP) (map[string]CertificatePKI, error)

StartCertificatesGeneration ...

Types

type CertificatePKI

type CertificatePKI struct {
	Certificate   *x509.Certificate
	Key           *rsa.PrivateKey
	Config        string
	Name          string
	CommonName    string
	OUName        string
	EnvName       string
	Path          string
	KeyEnvName    string
	KeyPath       string
	ConfigEnvName string
	ConfigPath    string
}

func (*CertificatePKI) CertToEnv

func (c *CertificatePKI) CertToEnv() string

func (*CertificatePKI) ConfigToEnv

func (c *CertificatePKI) ConfigToEnv() string

func (*CertificatePKI) KeyToEnv

func (c *CertificatePKI) KeyToEnv() string

func (*CertificatePKI) ToEnv

func (c *CertificatePKI) ToEnv() []string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL