secret

package

v0.2.8 Latest Latest Go to latest Published: Oct 11, 2024 License: Apache-2.0 Imports: 18 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/rancher/cluster-api-provider-rke2

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func GetFromNamespacedName(ctx context.Context, c client.Reader, clusterName client.ObjectKey, ...) (*corev1.Secret, error)
func Name(cluster string, suffix Purpose) string
type Certificate
type Certificates
- func NewCertificatesForInitialControlPlane() Certificates
type Purpose

Constants ¶

View Source

const (
	// DefaultCertificatesDir is the default location (file path) where the provider will put the certificates, this location will then
	// be automatically used by RKE2 to use the pre-defined certificates instead of generating them.
	DefaultCertificatesDir = "/var/lib/rancher/rke2/server/tls"

	// Kubeconfig is the secret name suffix storing the Cluster Kubeconfig.
	Kubeconfig = Purpose("kubeconfig")

	// KubeconfigDataName is the data entry name for the Kubeconfig file content.
	KubeconfigDataName string = "value"

	// EtcdCA is the secret name suffix for the Etcd CA.
	EtcdCA Purpose = "etcd"

	// ClusterCA is the secret name suffix for APIServer CA.
	ClusterCA = Purpose("ca")

	// ClientClusterCA is the secret name suffix for APIServer CA.
	ClientClusterCA = Purpose("cca")

	// TLSKeyDataName is the key used to store a TLS private key in the secret's data field.
	TLSKeyDataName = "tls.key"

	// TLSCrtDataName is the key used to store a TLS certificate in the secret's data field.
	TLSCrtDataName = "tls.crt"

	// APIServerEtcdClient is the secret name of user-supplied secret containing the apiserver-etcd-client key/cert.
	APIServerEtcdClient Purpose = "apiserver-etcd-client"

	// ServiceAccount is the secret name suffix for the Service Account keys.
	ServiceAccount Purpose = "sa"

	// TenYears is the duration of one year.
	TenYears = time.Hour * 24 * 365 * 10
)

Variables ¶

This section is empty.

Functions ¶

func GetFromNamespacedName ¶

func GetFromNamespacedName(ctx context.Context, c client.Reader, clusterName client.ObjectKey, purpose Purpose) (*corev1.Secret, error)

GetFromNamespacedName retrieves the specified Secret (if any) from the given cluster name and namespace.

func Name ¶

func Name(cluster string, suffix Purpose) string

Name returns the name of the secret for a cluster.

Types ¶

type Certificate ¶

type Certificate struct {
	Generated         bool
	External          bool
	Purpose           Purpose
	KeyPair           *certs.KeyPair
	CertFile, KeyFile string
}

Certificate represents a single certificate CA.

func (*Certificate) AsFiles ¶

func (c *Certificate) AsFiles() []bootstrapv1.File

AsFiles converts the certificate to a slice of Files that may have 0, 1 or 2 Files.

func (*Certificate) AsSecret ¶

func (c *Certificate) AsSecret(clusterName client.ObjectKey, owner metav1.OwnerReference) *corev1.Secret

AsSecret converts a single certificate into a Kubernetes secret.

func (*Certificate) Generate ¶

func (c *Certificate) Generate() error

Generate will generate any certificates that do not have KeyPair data.

type Certificates ¶

type Certificates []*Certificate

Certificates are the certificates necessary to bootstrap a cluster.

func NewCertificatesForInitialControlPlane ¶

func NewCertificatesForInitialControlPlane() Certificates

NewCertificatesForInitialControlPlane returns a list of certificates configured for a control plane node.

func (Certificates) AsFiles ¶

func (c Certificates) AsFiles() []bootstrapv1.File

AsFiles converts a slice of certificates into bootstrap files.

func (Certificates) Generate ¶

func (c Certificates) Generate() error

Generate will generate any certificates that do not have KeyPair data.

func (Certificates) GetByPurpose ¶

func (c Certificates) GetByPurpose(purpose Purpose) *Certificate

GetByPurpose returns a certificate by the given name. This could be removed if we use a map instead of a slice to hold certificates, however other code becomes more complex.

func (Certificates) Lookup ¶

func (c Certificates) Lookup(ctx context.Context, ctrlclient client.Client, clusterName client.ObjectKey) error

Lookup looks up each certificate from secrets and populates the certificate with the secret data.

func (Certificates) LookupOrGenerate ¶

func (c Certificates) LookupOrGenerate(
	ctx context.Context,
	ctrlclient client.Client,
	clusterName client.ObjectKey,
	owner metav1.OwnerReference,
) error

LookupOrGenerate is a convenience function that wraps cluster bootstrap certificate behavior.

func (Certificates) SaveGenerated ¶

func (c Certificates) SaveGenerated(ctx context.Context, ctrlclient client.Client, clusterName client.ObjectKey, owner metav1.OwnerReference) error

SaveGenerated will save any certificates that have been generated as Kubernetes secrets.

type Purpose ¶

type Purpose string

Purpose is the name to append to the secret generated for a cluster.

Source Files ¶

View all Source files

certificates.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL