Documentation
¶
Index ¶
- Constants
- Variables
- func Add(cfg *appconfig.CompletedConfig, mgr manager.Manager) error
- func EncodeCertPEM(c *x509.Certificate) ([]byte, error)
- func EncodePublicKeyPEM(key crypto.PublicKey) ([]byte, error)
- func Format(format string, args ...interface{}) string
- func GetCertAndKeyFromCertMgr(certManager certificate.Manager, stopCh <-chan struct{}) (key []byte, cert []byte, err error)
- func GetCertFromTLSCert(cert *tls.Certificate) (certPEM []byte, err error)
- func GetPrivateKeyFromTLSCert(cert *tls.Certificate) (keyPEM []byte, err error)
- func GetURLFromSVC(svc *corev1.Service) (string, error)
- func IsCertFromCA(cert *x509.Certificate, caCert *x509.Certificate) bool
- func NewPrivateKey() (*rsa.PrivateKey, error)
- func NewSelfSignedCA() (*x509.Certificate, crypto.Signer, error)
- func NewSignedCert(client client.Interface, cfg *CertConfig, key crypto.Signer, ...) (cert *x509.Certificate, err error)
- func WriteCertAndKeyIntoSecret(clientSet client.Interface, certName, secretName string, ...) error
- func WriteCertIntoSecret(clientSet client.Interface, certName, secretName string, ...) error
- func WriteKeyPairIntoSecret(clientSet client.Interface, secretName, keyName string, key crypto.Signer) error
- func WriteKubeConfigIntoSecret(clientSet client.Interface, secretName, kubeConfigName string, ...) error
- type CertConfig
- type ReconcilePoolCoordinatorCert
- type SecretClient
Constants ¶
View Source
const ( ControllerName = "poolcoordinatorcert" ComponentName = "yurt-controller-manager_poolcoordinator" PoolcoordinatorAPIServerSVC = "pool-coordinator-apiserver" PoolcoordinatorETCDSVC = "pool-coordinator-etcd" // CA certs contains the pool-coordinator CA certs PoolCoordinatorCASecretName = "pool-coordinator-ca-certs" // Static certs is shared among all pool-coordinator system, which contains: // - ca.crt // - apiserver-etcd-client.crt // - apiserver-etcd-client.key // - sa.pub // - sa.key // - apiserver-kubelet-client.crt (not self signed) // - apiserver-kubelet-client.key (not self signed) // - admin.conf (kube-config) PoolcoordinatorStaticSecretName = "pool-coordinator-static-certs" // Dynamic certs will not be shared among clients or servers, contains: // - apiserver.crt // - apiserver.key // - etcd-server.crt // - etcd-server.key // todo: currently we only create one copy, this will be refined in the future to assign customized certs for different nodepools PoolcoordinatorDynamicSecretName = "pool-coordinator-dynamic-certs" // Yurthub certs shared by all yurthub, contains: // - ca.crt // - pool-coordinator-yurthub-client.crt // - pool-coordinator-yurthub-client.key PoolcoordinatorYurthubClientSecretName = "pool-coordinator-yurthub-certs" // Monitoring kubeconfig contains: monitoring kubeconfig for poolcoordinator // - kubeconfig PoolcoordinatorMonitoringKubeconfigSecretName = "pool-coordinator-monitoring-kubeconfig" PoolcoordinatorOrg = "openyurt:pool-coordinator" PoolcoordinatorAdminOrg = "system:masters" PoolcoordinatorAPIServerCN = "openyurt:pool-coordinator:apiserver" PoolcoordinatorNodeLeaseProxyClientCN = "openyurt:pool-coordinator:node-lease-proxy-client" PoolcoordinatorETCDCN = "openyurt:pool-coordinator:etcd" KubeConfigMonitoringClientCN = "openyurt:pool-coordinator:monitoring" KubeConfigAdminClientCN = "cluster-admin" )
Variables ¶
View Source
var (
PoolcoordinatorNS = "kube-system"
)
Functions ¶
func Add ¶ added in v1.3.0
func Add(cfg *appconfig.CompletedConfig, mgr manager.Manager) error
Add creates a new Poolcoordinatorcert Controller and adds it to the Manager with default RBAC. The Manager will set fields on the Controller and Start it when the Manager is Started.
func EncodeCertPEM ¶
func EncodeCertPEM(c *x509.Certificate) ([]byte, error)
EncodeCertPEM returns PEM-endcoded certificate data
func EncodePublicKeyPEM ¶
EncodePublicKeyPEM returns PEM-encoded public data
func GetCertAndKeyFromCertMgr ¶
func GetCertAndKeyFromCertMgr(certManager certificate.Manager, stopCh <-chan struct{}) (key []byte, cert []byte, err error)
GetCertAndKeyFromCertMgr will get certificate & private key (in PEM format) from certmanager
func GetCertFromTLSCert ¶
func GetCertFromTLSCert(cert *tls.Certificate) (certPEM []byte, err error)
func GetPrivateKeyFromTLSCert ¶
func GetPrivateKeyFromTLSCert(cert *tls.Certificate) (keyPEM []byte, err error)
func IsCertFromCA ¶
func IsCertFromCA(cert *x509.Certificate, caCert *x509.Certificate) bool
func NewPrivateKey ¶
func NewPrivateKey() (*rsa.PrivateKey, error)
NewPrivateKey creates an RSA private key
func NewSelfSignedCA ¶
func NewSelfSignedCA() (*x509.Certificate, crypto.Signer, error)
func NewSignedCert ¶
func NewSignedCert(client client.Interface, cfg *CertConfig, key crypto.Signer, caCert *x509.Certificate, caKey crypto.Signer, stopCh <-chan struct{}) (cert *x509.Certificate, err error)
NewSignedCert creates a signed certificate using the given CA certificate and key
func WriteCertAndKeyIntoSecret ¶
func WriteCertAndKeyIntoSecret(clientSet client.Interface, certName, secretName string, cert *x509.Certificate, key crypto.Signer) error
WriteCertAndKeyIntoSecret is used for writing cert&key into secret Notice: if cert OR key is nil, it will be ignored
func WriteCertIntoSecret ¶
func WriteCertIntoSecret(clientSet client.Interface, certName, secretName string, certManager certificate.Manager, stopCh <-chan struct{}) error
WriteCertIntoSecret will write cert&key pair generated from certManager into a secret
func WriteKeyPairIntoSecret ¶
Types ¶
type CertConfig ¶
type CertConfig struct {
// certName should be unique, will be used as output name ${certName}.crt
CertName string
// secretName is where the certs should be stored
SecretName string
// used as kubeconfig
IsKubeConfig bool
ExtKeyUsage []x509.ExtKeyUsage
CommonName string
Organization []string
DNSNames []string
IPs []net.IP
// contains filtered or unexported fields
}
type ReconcilePoolCoordinatorCert ¶ added in v1.3.0
type ReconcilePoolCoordinatorCert struct {
// contains filtered or unexported fields
}
ReconcilePoolCoordinatorCert reconciles a Poolcoordinatorcert object
func (*ReconcilePoolCoordinatorCert) InjectConfig ¶ added in v1.3.0
func (r *ReconcilePoolCoordinatorCert) InjectConfig(cfg *rest.Config) error
InjectConfig will prepare kube client for PoolCoordinatorCert
type SecretClient ¶
a simple client to handle secret operations
func NewSecretClient ¶
func NewSecretClient(clientSet client.Interface, ns, name string) (*SecretClient, error)
Source Files
Click to show internal directories.
Click to hide internal directories.