Documentation ¶
Index ¶
- Constants
- Variables
- func AddBracketsIfIPv6(apiAddress string) string
- func ReconcileAWSPodIdentityWebhookServingCert(secret, ca *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileAdminKubeconfigSigner(secret *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileAggregatorClientCA(cm *corev1.ConfigMap, ownerRef config.OwnerRef, signer *corev1.Secret) error
- func ReconcileAggregatorClientSigner(secret *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileCSISnapshotWebhookTLS(secret, ca *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileCVOServerSecret(secret, ca *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileEtcdClientSecret(secret, ca *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileEtcdMetricsClientSecret(secret, ca *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileEtcdMetricsSignerConfigMap(cm *corev1.ConfigMap, ownerRef config.OwnerRef, ...) error
- func ReconcileEtcdMetricsSignerSecret(secret *corev1.Secret, ownerref config.OwnerRef) error
- func ReconcileEtcdPeerSecret(secret, ca *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileEtcdServerSecret(secret, ca *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileEtcdSignerConfigMap(cm *corev1.ConfigMap, ownerRef config.OwnerRef, etcdSigner *corev1.Secret) error
- func ReconcileEtcdSignerSecret(secret *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileIgnitionServerCertSecret(secret, ca *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileIngressCert(secret, ca *corev1.Secret, ownerRef config.OwnerRef, ingressSubdomain string) error
- func ReconcileKASAggregatorCertSecret(secret, ca *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileKASKubeletClientCertSecret(secret, ca *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileKASMachineBootstrapClientCertSecret(secret, ca *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileKASServerCertSecret(secret, ca *corev1.Secret, ownerRef config.OwnerRef, ...) error
- func ReconcileKASToKubeletSigner(secret *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileKCMServerSecret(secret, ca *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileKonnectivityAgentSecret(secret, ca *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileKonnectivityClientSecret(secret, ca *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileKonnectivityClusterSecret(secret, ca *corev1.Secret, ownerRef config.OwnerRef, ...) error
- func ReconcileKonnectivityConfigMap(cm *corev1.ConfigMap, ownerRef config.OwnerRef, konnectivityCA *corev1.Secret) error
- func ReconcileKonnectivityServerSecret(secret, ca *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileKonnectivitySignerSecret(secret *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileKubeCSRSigner(secret *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileKubeConfig(secret, cert *corev1.Secret, ca *corev1.ConfigMap, url string, key string, ...) error
- func ReconcileKubeControlPlaneSigner(secret *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileKubeControllerManagerClientCertSecret(secret, ca *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileKubeSchedulerClientCertSecret(secret, ca *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileKubeletClientCA(cm *corev1.ConfigMap, ownerRef config.OwnerRef, signers ...*corev1.Secret) error
- func ReconcileMachineConfigServerCert(secret, ca *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileMetricsSAClientCertSecret(secret, ca *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileNodeTuningOperatorServingCertSecret(secret, ca *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileOAuthMasterCABundle(caBundle *corev1.ConfigMap, ownerRef config.OwnerRef, ...) error
- func ReconcileOAuthServerCert(secret, ca *corev1.Secret, ownerRef config.OwnerRef, ...) error
- func ReconcileOLMCatalogOperatorServingCertSecret(secret, ca *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileOLMOperatorServingCertSecret(secret, ca *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileOLMPackageServerCertSecret(secret, ca *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileOpenShiftAPIServerCertSecret(secret, ca *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileOpenShiftAuthenticatorCertSecret(secret, ca *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileOpenShiftControllerManagerCertSecret(secret, ca *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileOpenShiftOAuthAPIServerCertSecret(secret, ca *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileRegistryOperatorServingCert(secret, ca *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileRootCA(secret *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileRootCAConfigMap(cm *corev1.ConfigMap, ownerRef config.OwnerRef, rootCA *corev1.Secret, ...) error
- func ReconcileServiceAccountKubeconfig(secret, csrSigner *corev1.Secret, ca *corev1.ConfigMap, ...) error
- func ReconcileServiceAccountSigningKeySecret(secret *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileSystemAdminClientCertSecret(secret, ca *corev1.Secret, ownerRef config.OwnerRef) error
- func ReconcileTotalClientCA(cm *corev1.ConfigMap, ownerRef config.OwnerRef, additional []*corev1.ConfigMap, ...) error
- type PKIParams
Constants ¶
View Source
const ( EtcdClientCrtKey = "etcd-client.crt" EtcdClientKeyKey = "etcd-client.key" EtcdServerCrtKey = "server.crt" EtcdServerKeyKey = "server.key" EtcdPeerCrtKey = "peer.crt" EtcdPeerKeyKey = "peer.key" )
Etcd secret keys
View Source
const ( // Service signer secret keys ServiceSignerPrivateKey = "service-account.key" ServiceSignerPublicKey = "service-account.pub" )
Variables ¶
View Source
var ( X509UsageClientAuth = []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth} X509UsageServerAuth = []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth} X509UsageClientServerAuth = append(X509UsageClientAuth, X509UsageServerAuth...) X509DefaultUsage = x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature X509SignerUsage = X509DefaultUsage | x509.KeyUsageCertSign )
Functions ¶
func AddBracketsIfIPv6 ¶ added in v0.1.17
AddBracketsIfIPv6 function is needed to build the serverAPI url for every kubeconfig created. The function returns a string in 3 ways. - Without brackets if it's an URL or an IPv4 - With brackets if it's a valid IPv6
func ReconcileCSISnapshotWebhookTLS ¶
Create TLS keys for csi-snapshot-webhook. In standalone OCP it's created automatically when csi-snapshot-controller-operator creates Service for the webhook with annotation `service.openshift.io/serving-cert-secret-name`, in HyperShift it must be done by control-plane-operator.
func ReconcileEtcdPeerSecret ¶
func ReconcileIgnitionServerCertSecret ¶ added in v0.1.9
func ReconcileIngressCert ¶
func ReconcileKubeCSRSigner ¶
func ReconcileKubeConfig ¶
func ReconcileNodeTuningOperatorServingCertSecret ¶ added in v0.1.3
func ReconcileOAuthMasterCABundle ¶ added in v0.1.2
Types ¶
type PKIParams ¶
type PKIParams struct { // ServiceCIDR // Subnet for cluster services ServiceCIDR []string `json:"serviceCIDR"` // ClusterCIDR // Subnet for pods ClusterCIDR []string `json:"clusterCIDR"` // ExternalAPIAddress // An externally accessible DNS name or IP for the API server. Currently obtained from the load balancer DNS name. ExternalAPIAddress string `json:"externalAPIAddress"` // InternalAPIAddress // An internally accessible DNS name or IP for the API server. InternalAPIAddress string `json:"internalAPIAddress"` // ExternalKconnectivityAddress // An externally accessible DNS name or IP for the Konnectivity proxy. Currently obtained from the load balancer DNS name. ExternalKconnectivityAddress string `json:"externalKconnectivityAddress"` // NodeInternalAPIServerIP // A fixed IP that pods on worker nodes will use to communicate with the API server - 172.20.0.1 for IPv4 and fd00::1 in IPv6 case NodeInternalAPIServerIP string `json:"nodeInternalAPIServerIP"` // ExternalOauthAddress // An externally accessible DNS name or IP for the Oauth server. Currently obtained from Oauth load balancer DNS name. ExternalOauthAddress string `json:"externalOauthAddress"` // IngressSubdomain // Subdomain for cluster ingress. Used to generate the wildcard certificate for ingress. IngressSubdomain string `json:"ingressSubdomain"` // Namespace used to generate internal DNS names for services. Namespace string `json:"namespace"` // Owner reference for resources OwnerRef config.OwnerRef `json:"ownerRef"` }
func NewPKIParams ¶
func NewPKIParams(hcp *hyperv1.HostedControlPlane, apiExternalAddress, oauthExternalAddress, konnectivityExternalAddress string) *PKIParams
Click to show internal directories.
Click to hide internal directories.