yurtcoordinatorcert

package
v1.5.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 4, 2025 License: Apache-2.0 Imports: 42 Imported by: 0

Documentation

Index

Constants

View Source
const (
	ComponentName               = "yurt-controller-manager_yurtcoordinator"
	YurtCoordinatorAPIServerSVC = "yurt-coordinator-apiserver"
	YurtCoordinatorETCDSVC      = "yurt-coordinator-etcd"

	// CA certs contains the yurt-coordinator CA certs
	YurtCoordinatorCASecretName = "yurt-coordinator-ca-certs"
	// Static certs is shared among all yurt-coordinator system, which contains:
	// - ca.crt
	// - apiserver-etcd-client.crt
	// - apiserver-etcd-client.key
	// - sa.pub
	// - sa.key
	// - apiserver-kubelet-client.crt  (not self signed)
	// - apiserver-kubelet-client.key (not self signed)
	// - admin.conf (kube-config)
	YurtCoordinatorStaticSecretName = "yurt-coordinator-static-certs"
	// Dynamic certs will not be shared among clients or servers, contains:
	// - apiserver.crt
	// - apiserver.key
	// - etcd-server.crt
	// - etcd-server.key
	// todo: currently we only create one copy, this will be refined in the future to assign customized certs for different nodepools
	YurtCoordinatorDynamicSecretName = "yurt-coordinator-dynamic-certs"
	// Yurthub certs shared by all yurthub, contains:
	// - ca.crt
	// - yurt-coordinator-yurthub-client.crt
	// - yurt-coordinator-yurthub-client.key
	YurtCoordinatorYurthubClientSecretName = "yurt-coordinator-yurthub-certs"
	// Monitoring kubeconfig contains: monitoring kubeconfig for yurtcoordinator
	// - kubeconfig
	YurtCoordinatorMonitoringKubeconfigSecretName = "yurt-coordinator-monitoring-kubeconfig"

	YurtCoordinatorOrg      = "openyurt:yurt-coordinator"
	YurtCoordinatorAdminOrg = "system:masters"

	YurtCoordinatorAPIServerCN            = "openyurt:yurt-coordinator:apiserver"
	YurtCoordinatorNodeLeaseProxyClientCN = "openyurt:yurt-coordinator:node-lease-proxy-client"
	YurtCoordinatorETCDCN                 = "openyurt:yurt-coordinator:etcd"
	KubeConfigMonitoringClientCN          = "openyurt:yurt-coordinator:monitoring"
	KubeConfigAdminClientCN               = "cluster-admin"
)

Variables

View Source
var (
	YurtCoordinatorNS = "kube-system"
)

Functions

func Add

Add creates a new YurtCoordinatorcert Controller and adds it to the Manager with default RBAC. The Manager will set fields on the Controller and Start it when the Manager is Started.

func EncodeCertPEM

func EncodeCertPEM(c *x509.Certificate) ([]byte, error)

EncodeCertPEM returns PEM-encoded certificate data

func EncodePublicKeyPEM

func EncodePublicKeyPEM(key crypto.PublicKey) ([]byte, error)

EncodePublicKeyPEM returns PEM-encoded public data

func Format

func Format(format string, args ...interface{}) string

func GetCertAndKeyFromCertMgr

func GetCertAndKeyFromCertMgr(certManager certificate.Manager, stopCh <-chan struct{}) (key []byte, cert []byte, err error)

GetCertAndKeyFromCertMgr will get certificate & private key (in PEM format) from certmanager

func GetCertFromTLSCert

func GetCertFromTLSCert(cert *tls.Certificate) (certPEM []byte, err error)

func GetPrivateKeyFromTLSCert

func GetPrivateKeyFromTLSCert(cert *tls.Certificate) (keyPEM []byte, err error)

func GetURLFromSVC

func GetURLFromSVC(svc *corev1.Service) (string, error)

func IsCertFromCA

func IsCertFromCA(cert *x509.Certificate, caCert *x509.Certificate) bool

func NewPrivateKey

func NewPrivateKey() (*rsa.PrivateKey, error)

NewPrivateKey creates an RSA private key

func NewSelfSignedCA

func NewSelfSignedCA() (*x509.Certificate, crypto.Signer, error)

func NewSignedCert

func NewSignedCert(client client.Interface, cfg *CertConfig, key crypto.Signer, caCert *x509.Certificate, caKey crypto.Signer, stopCh <-chan struct{}) (cert *x509.Certificate, err error)

NewSignedCert creates a signed certificate using the given CA certificate and key

func WriteCertAndKeyIntoSecret

func WriteCertAndKeyIntoSecret(clientSet client.Interface, certName, secretName string, cert *x509.Certificate, key crypto.Signer) error

WriteCertAndKeyIntoSecret is used for writing cert&key into secret Notice: if cert OR key is nil, it will be ignored

func WriteCertIntoSecret

func WriteCertIntoSecret(clientSet client.Interface, certName, secretName string, certManager certificate.Manager, stopCh <-chan struct{}) error

WriteCertIntoSecret will write cert&key pair generated from certManager into a secret

func WriteKeyPairIntoSecret

func WriteKeyPairIntoSecret(clientSet client.Interface, secretName, keyName string, key crypto.Signer) error

func WriteKubeConfigIntoSecret

func WriteKubeConfigIntoSecret(clientSet client.Interface, secretName, kubeConfigName string, kubeConfigByte []byte) error

Types

type CertConfig

type CertConfig struct {
	// certName should be unique,  will be used as output name ${certName}.crt
	CertName string
	// secretName is where the certs should be stored
	SecretName string
	// used as kubeconfig
	IsKubeConfig bool

	ExtKeyUsage  []x509.ExtKeyUsage
	CommonName   string
	Organization []string
	DNSNames     []string
	IPs          []net.IP
	// contains filtered or unexported fields
}

type ReconcileYurtCoordinatorCert

type ReconcileYurtCoordinatorCert struct {
	// contains filtered or unexported fields
}

ReconcileYurtCoordinatorCert reconciles a YurtCoordinatorcert object

func (*ReconcileYurtCoordinatorCert) Reconcile

todo: make customized certificate for each yurtcoordinator pod

type SecretClient

type SecretClient struct {
	Name      string
	Namespace string
	// contains filtered or unexported fields
}

a simple client to handle secret operations

func NewSecretClient

func NewSecretClient(clientSet client.Interface, ns, name string) (*SecretClient, error)

func (*SecretClient) AddData

func (c *SecretClient) AddData(key string, val []byte) error

func (*SecretClient) GetData

func (c *SecretClient) GetData(key string) ([]byte, error)

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL