Documentation
¶
Index ¶
- Constants
- func GenCertPoolUseCA(caFile string) (*x509.CertPool, error)
- func GenRootCertPool(kubeConfig, caFile string) (*x509.CertPool, error)
- func GenTLSConfigUseCertMgrAndCA(m certificate.Manager, serverAddr, caFile string) (*tls.Config, error)
- func GenTLSConfigUseCertMgrAndCertPool(m certificate.Manager, root *x509.CertPool, mode string) (*tls.Config, error)
- func NewTunnelProxyClientCertManager(clientset kubernetes.Interface, certDir string) (certificate.Manager, error)
- func NewYurtHubServerCertManager(clientset kubernetes.Interface, certDir, nodeName string, certIPs []net.IP) (certificate.Manager, error)
- func NewYurttunnelAgentCertManager(clientset kubernetes.Interface, certDir string) (certificate.Manager, error)
- func NewYurttunnelServerCertManager(clientset kubernetes.Interface, factory informers.SharedInformerFactory, ...) (certificate.Manager, error)
Constants ¶
const ( YurtHubCSROrg = "openyurt:yurthub" YurtTunnelCSROrg = "openyurt:yurttunnel" YurtTunnelServerNodeName = "tunnel-server" YurtTunnelProxyClientCSRCN = "tunnel-proxy-client" YurtTunnelAgentCSRCN = "tunnel-agent-client" )
Variables ¶
This section is empty.
Functions ¶
func GenCertPoolUseCA ¶
GenCertPoolUseCA generates a x509 CertPool based on the given CA file
func GenRootCertPool ¶
GenRootCertPool generates a x509 CertPool based on the given kubeconfig, if the kubeConfig is empty, it will creates the CertPool using the CA file
func GenTLSConfigUseCertMgrAndCA ¶
func GenTLSConfigUseCertMgrAndCA( m certificate.Manager, serverAddr, caFile string) (*tls.Config, error)
GenTLSConfigUseCertMgrAndCA generates a TLS configuration based on the given certificate manager and the CA file
func GenTLSConfigUseCertMgrAndCertPool ¶
func GenTLSConfigUseCertMgrAndCertPool( m certificate.Manager, root *x509.CertPool, mode string) (*tls.Config, error)
GenTLSConfigUseCertMgrAndCertPool generates a TLS configuration using the given certificate manager and x509 CertPool
func NewTunnelProxyClientCertManager ¶ added in v0.7.0
func NewTunnelProxyClientCertManager(clientset kubernetes.Interface, certDir string) (certificate.Manager, error)
NewTunnelProxyClientCertManager creates a certificate manager for yurttunnel-server. and the certificate will be used for handshaking with components(like kubelet) on edge nodes. by the way, requests from kube-apiserver or other cloud components(like prometheus) will be forwarded to the edge based on the tls connection.
func NewYurtHubServerCertManager ¶
func NewYurtHubServerCertManager( clientset kubernetes.Interface, certDir, nodeName string, certIPs []net.IP) (certificate.Manager, error)
NewYurtHubServerCertManager creates a certificate manager for the yurthub server
func NewYurttunnelAgentCertManager ¶
func NewYurttunnelAgentCertManager( clientset kubernetes.Interface, certDir string) (certificate.Manager, error)
NewYurttunnelAgentCertManager creates a certificate manager for the yurttunel-agent
func NewYurttunnelServerCertManager ¶
func NewYurttunnelServerCertManager( clientset kubernetes.Interface, factory informers.SharedInformerFactory, certDir string, clCertNames []string, clIPs []net.IP, stopCh <-chan struct{}) (certificate.Manager, error)
NewYurttunnelServerCertManager creates a certificate manager for the yurttunnel-server, and the certificate will be used for https server that listens for requests from kube-apiserver and other cloud components(like prometheus). meanwhile the certificate will also be used for tls server that wait for connections that comes from yurt-tunnel-agent.
Types ¶
This section is empty.
Source Files
Directories