Documentation
¶
Index ¶
- Constants
- func CreateBootstrapMetricsSignerCert(secretInformer corev1informers.SecretInformer, ...) certrotation.RotatedSigningCASecret
- func CreateBootstrapSignerCert(secretInformer corev1informers.SecretInformer, ...) certrotation.RotatedSigningCASecret
- func CreateEtcdClientCert(secretInformer corev1informers.SecretInformer, ...) certrotation.RotatedSelfSignedCertKeySecret
- func CreateMetricsClientCert(secretInformer corev1informers.SecretInformer, ...) certrotation.RotatedSelfSignedCertKeySecret
- func CreateMetricsServingCertificate(node *corev1.Node, secretInformer corev1informers.SecretInformer, ...) (*certrotation.RotatedSelfSignedCertKeySecret, error)
- func CreateMetricsSignerCert(secretInformer corev1informers.SecretInformer, ...) certrotation.RotatedSigningCASecret
- func CreateMetricsSignerCertRotationBundleConfigMap(cmInformer corev1informers.ConfigMapInformer, ...) certrotation.CABundleConfigMap
- func CreatePeerCertificate(node *corev1.Node, secretInformer corev1informers.SecretInformer, ...) (*certrotation.RotatedSelfSignedCertKeySecret, error)
- func CreateServingCertificate(node *corev1.Node, secretInformer corev1informers.SecretInformer, ...) (*certrotation.RotatedSelfSignedCertKeySecret, error)
- func CreateSignerCert(secretInformer corev1informers.SecretInformer, ...) certrotation.RotatedSigningCASecret
- func CreateSignerCertRotationBundleConfigMap(cmInformer corev1informers.ConfigMapInformer, ...) certrotation.CABundleConfigMap
- func GetPeerClientSecretNameForNode(nodeName string) string
- func GetServingMetricsSecretNameForNode(nodeName string) string
- func GetServingSecretNameForNode(nodeName string) string
- func ReadSignerCaBundle(ctx context.Context, cmClient corev1client.ConfigMapsGetter, name string) ([]*x509.Certificate, error)
- func ReadSignerCaCert(ctx context.Context, secretClient corev1client.SecretsGetter, name string) (*crypto.CA, error)
- func SupportedEtcdCiphers(cipherSuites []string) []string
- type CARotatingTargetCertCreator
- type ConfigMapClientLister
- type SecretClientLister
Constants ¶
View Source
const ( // Given that clusters can be shutdown/hibernated for a max of ~9 months // this validity period leaves enough cushion to not have the // certs expire during shutdown/hibernation in the worst case. EtcdCertValidity = 3 * 365 * 24 * time.Hour EtcdCertValidityRefresh = 2.2 * 365 * 24 * time.Hour EtcdCaCertValidity = 5 * 365 * 24 * time.Hour EtcdCaCertValidityRefresh = 4.2 * 365 * 24 * time.Hour EtcdJiraComponentName = "etcd" EtcdSignerCertSecretName = "etcd-signer" EtcdSignerCaBundleConfigMapName = "etcd-ca-bundle" EtcdMetricsSignerCertSecretName = "etcd-metric-signer" EtcdMetricsSignerCaBundleConfigMapName = "etcd-metrics-ca-bundle" EtcdAllCertsSecretName = "etcd-all-certs" EtcdAllBundlesConfigMapName = "etcd-all-bundles" EtcdClientCertSecretName = "etcd-client" EtcdMetricsClientCertSecretName = "etcd-metric-client" )
Variables ¶
This section is empty.
Functions ¶
func CreateBootstrapMetricsSignerCert ¶
func CreateBootstrapMetricsSignerCert( secretInformer corev1informers.SecretInformer, secretLister corev1listers.SecretLister, secretGetter corev1client.SecretsGetter, recorder events.Recorder) certrotation.RotatedSigningCASecret
CreateBootstrapMetricsSignerCert is a CreateMetricsSignerCert in the openshift-config namespace
func CreateBootstrapSignerCert ¶
func CreateBootstrapSignerCert( secretInformer corev1informers.SecretInformer, secretLister corev1listers.SecretLister, secretGetter corev1client.SecretsGetter, recorder events.Recorder) certrotation.RotatedSigningCASecret
CreateBootstrapSignerCert is a CreateSignerCert in the openshift-config namespace
func CreateEtcdClientCert ¶
func CreateEtcdClientCert( secretInformer corev1informers.SecretInformer, secretLister corev1listers.SecretLister, secretGetter corev1client.SecretsGetter, recorder events.Recorder) certrotation.RotatedSelfSignedCertKeySecret
func CreateMetricsClientCert ¶
func CreateMetricsClientCert( secretInformer corev1informers.SecretInformer, secretLister corev1listers.SecretLister, secretGetter corev1client.SecretsGetter, recorder events.Recorder) certrotation.RotatedSelfSignedCertKeySecret
func CreateMetricsServingCertificate ¶
func CreateMetricsServingCertificate(node *corev1.Node, secretInformer corev1informers.SecretInformer, secretLister corev1listers.SecretLister, secretGetter corev1client.SecretsGetter, recorder events.Recorder) (*certrotation.RotatedSelfSignedCertKeySecret, error)
func CreateMetricsSignerCert ¶
func CreateMetricsSignerCert( secretInformer corev1informers.SecretInformer, secretLister corev1listers.SecretLister, secretGetter corev1client.SecretsGetter, recorder events.Recorder) certrotation.RotatedSigningCASecret
func CreateMetricsSignerCertRotationBundleConfigMap ¶
func CreateMetricsSignerCertRotationBundleConfigMap( cmInformer corev1informers.ConfigMapInformer, cmLister corev1listers.ConfigMapLister, cmGetter corev1client.ConfigMapsGetter, recorder events.Recorder) certrotation.CABundleConfigMap
func CreatePeerCertificate ¶
func CreatePeerCertificate(node *corev1.Node, secretInformer corev1informers.SecretInformer, secretLister corev1listers.SecretLister, secretGetter corev1client.SecretsGetter, recorder events.Recorder) (*certrotation.RotatedSelfSignedCertKeySecret, error)
func CreateServingCertificate ¶
func CreateServingCertificate(node *corev1.Node, secretInformer corev1informers.SecretInformer, secretLister corev1listers.SecretLister, secretGetter corev1client.SecretsGetter, recorder events.Recorder) (*certrotation.RotatedSelfSignedCertKeySecret, error)
func CreateSignerCert ¶
func CreateSignerCert( secretInformer corev1informers.SecretInformer, secretLister corev1listers.SecretLister, secretGetter corev1client.SecretsGetter, recorder events.Recorder) certrotation.RotatedSigningCASecret
func CreateSignerCertRotationBundleConfigMap ¶
func CreateSignerCertRotationBundleConfigMap( cmInformer corev1informers.ConfigMapInformer, cmLister corev1listers.ConfigMapLister, cmGetter corev1client.ConfigMapsGetter, recorder events.Recorder) certrotation.CABundleConfigMap
func ReadSignerCaBundle ¶
func ReadSignerCaBundle(ctx context.Context, cmClient corev1client.ConfigMapsGetter, name string) ([]*x509.Certificate, error)
func ReadSignerCaCert ¶
func ReadSignerCaCert(ctx context.Context, secretClient corev1client.SecretsGetter, name string) (*crypto.CA, error)
func SupportedEtcdCiphers ¶
Types ¶
type CARotatingTargetCertCreator ¶
type CARotatingTargetCertCreator struct {
certrotation.TargetCertCreator
}
CARotatingTargetCertCreator ensures we also rotate leaf certificates when we detect a change in signer. The certrotation.TargetCertCreator only assumes the bundle to change on a CA rotation, whereas we have to keep the bundle around for some time for a proper static pod rollout.
func (*CARotatingTargetCertCreator) NeedNewTargetCertKeyPair ¶
type ConfigMapClientLister ¶
type ConfigMapClientLister struct {
ConfigMapClient v1.ConfigMapInterface
Namespace string
}
func (*ConfigMapClientLister) ConfigMaps ¶
func (c *ConfigMapClientLister) ConfigMaps(ns string) corev1listers.ConfigMapNamespaceLister
type SecretClientLister ¶
type SecretClientLister struct {
SecretClient v1.SecretInterface
Namespace string
}
func (*SecretClientLister) Get ¶
func (c *SecretClientLister) Get(name string) (get *corev1.Secret, err error)
func (*SecretClientLister) Secrets ¶
func (c *SecretClientLister) Secrets(ns string) corev1listers.SecretNamespaceLister
Source Files
Click to show internal directories.
Click to hide internal directories.