Documentation ¶
Index ¶
- Constants
- Variables
- func Add(ctx context.Context, cfg *appconfig.CompletedConfig, mgr manager.Manager) error
- func EncodeCertPEM(c *x509.Certificate) ([]byte, error)
- func EncodePublicKeyPEM(key crypto.PublicKey) ([]byte, error)
- func Format(format string, args ...interface{}) string
- func GetCertAndKeyFromCertMgr(certManager certificate.Manager, stopCh <-chan struct{}) (key []byte, cert []byte, err error)
- func GetCertFromTLSCert(cert *tls.Certificate) (certPEM []byte, err error)
- func GetPrivateKeyFromTLSCert(cert *tls.Certificate) (keyPEM []byte, err error)
- func GetURLFromSVC(svc *corev1.Service) (string, error)
- func IsCertFromCA(cert *x509.Certificate, caCert *x509.Certificate) bool
- func NewPrivateKey() (*rsa.PrivateKey, error)
- func NewSelfSignedCA() (*x509.Certificate, crypto.Signer, error)
- func NewSignedCert(client client.Interface, cfg *CertConfig, key crypto.Signer, ...) (cert *x509.Certificate, err error)
- func WriteCertAndKeyIntoSecret(clientSet client.Interface, certName, secretName string, ...) error
- func WriteCertIntoSecret(clientSet client.Interface, certName, secretName string, ...) error
- func WriteKeyPairIntoSecret(clientSet client.Interface, secretName, keyName string, key crypto.Signer) error
- func WriteKubeConfigIntoSecret(clientSet client.Interface, secretName, kubeConfigName string, ...) error
- type CertConfig
- type ReconcileYurtCoordinatorCert
- type SecretClient
Constants ¶
const ( ComponentName = "yurt-controller-manager_yurtcoordinator" YurtCoordinatorAPIServerSVC = "yurt-coordinator-apiserver" YurtCoordinatorETCDSVC = "yurt-coordinator-etcd" // CA certs contains the yurt-coordinator CA certs YurtCoordinatorCASecretName = "yurt-coordinator-ca-certs" // Static certs is shared among all yurt-coordinator system, which contains: // - ca.crt // - apiserver-etcd-client.crt // - apiserver-etcd-client.key // - sa.pub // - sa.key // - apiserver-kubelet-client.crt (not self signed) // - apiserver-kubelet-client.key (not self signed) // - admin.conf (kube-config) YurtCoordinatorStaticSecretName = "yurt-coordinator-static-certs" // Dynamic certs will not be shared among clients or servers, contains: // - apiserver.crt // - apiserver.key // - etcd-server.crt // - etcd-server.key // todo: currently we only create one copy, this will be refined in the future to assign customized certs for different nodepools YurtCoordinatorDynamicSecretName = "yurt-coordinator-dynamic-certs" // Yurthub certs shared by all yurthub, contains: // - ca.crt // - yurt-coordinator-yurthub-client.crt // - yurt-coordinator-yurthub-client.key YurtCoordinatorYurthubClientSecretName = "yurt-coordinator-yurthub-certs" // Monitoring kubeconfig contains: monitoring kubeconfig for yurtcoordinator // - kubeconfig YurtCoordinatorMonitoringKubeconfigSecretName = "yurt-coordinator-monitoring-kubeconfig" YurtCoordinatorOrg = "openyurt:yurt-coordinator" YurtCoordinatorAdminOrg = "system:masters" YurtCoordinatorAPIServerCN = "openyurt:yurt-coordinator:apiserver" YurtCoordinatorNodeLeaseProxyClientCN = "openyurt:yurt-coordinator:node-lease-proxy-client" YurtCoordinatorETCDCN = "openyurt:yurt-coordinator:etcd" KubeConfigMonitoringClientCN = "openyurt:yurt-coordinator:monitoring" KubeConfigAdminClientCN = "cluster-admin" )
Variables ¶
var (
YurtCoordinatorNS = "kube-system"
)
Functions ¶
func Add ¶
Add creates a new YurtCoordinatorcert Controller and adds it to the Manager with default RBAC. The Manager will set fields on the Controller and Start it when the Manager is Started.
func EncodeCertPEM ¶
func EncodeCertPEM(c *x509.Certificate) ([]byte, error)
EncodeCertPEM returns PEM-encoded certificate data
func EncodePublicKeyPEM ¶
EncodePublicKeyPEM returns PEM-encoded public data
func GetCertAndKeyFromCertMgr ¶
func GetCertAndKeyFromCertMgr(certManager certificate.Manager, stopCh <-chan struct{}) (key []byte, cert []byte, err error)
GetCertAndKeyFromCertMgr will get certificate & private key (in PEM format) from certmanager
func GetCertFromTLSCert ¶
func GetCertFromTLSCert(cert *tls.Certificate) (certPEM []byte, err error)
func GetPrivateKeyFromTLSCert ¶
func GetPrivateKeyFromTLSCert(cert *tls.Certificate) (keyPEM []byte, err error)
func IsCertFromCA ¶
func IsCertFromCA(cert *x509.Certificate, caCert *x509.Certificate) bool
func NewPrivateKey ¶
func NewPrivateKey() (*rsa.PrivateKey, error)
NewPrivateKey creates an RSA private key
func NewSelfSignedCA ¶
func NewSelfSignedCA() (*x509.Certificate, crypto.Signer, error)
func NewSignedCert ¶
func NewSignedCert(client client.Interface, cfg *CertConfig, key crypto.Signer, caCert *x509.Certificate, caKey crypto.Signer, stopCh <-chan struct{}) (cert *x509.Certificate, err error)
NewSignedCert creates a signed certificate using the given CA certificate and key
func WriteCertAndKeyIntoSecret ¶
func WriteCertAndKeyIntoSecret(clientSet client.Interface, certName, secretName string, cert *x509.Certificate, key crypto.Signer) error
WriteCertAndKeyIntoSecret is used for writing cert&key into secret Notice: if cert OR key is nil, it will be ignored
func WriteCertIntoSecret ¶
func WriteCertIntoSecret(clientSet client.Interface, certName, secretName string, certManager certificate.Manager, stopCh <-chan struct{}) error
WriteCertIntoSecret will write cert&key pair generated from certManager into a secret
func WriteKeyPairIntoSecret ¶
Types ¶
type CertConfig ¶
type CertConfig struct { // certName should be unique, will be used as output name ${certName}.crt CertName string // secretName is where the certs should be stored SecretName string // used as kubeconfig IsKubeConfig bool ExtKeyUsage []x509.ExtKeyUsage CommonName string Organization []string DNSNames []string IPs []net.IP // contains filtered or unexported fields }
type ReconcileYurtCoordinatorCert ¶
type ReconcileYurtCoordinatorCert struct {
// contains filtered or unexported fields
}
ReconcileYurtCoordinatorCert reconciles a YurtCoordinatorcert object
type SecretClient ¶
a simple client to handle secret operations
func NewSecretClient ¶
func NewSecretClient(clientSet client.Interface, ns, name string) (*SecretClient, error)