secret

package
v0.9.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 27, 2024 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// DefaultCertificatesDir is the default location (file path) where the provider will put the certificates, this location will then
	// be automatically used by RKE2 to use the pre-defined certificates instead of generating them.
	DefaultCertificatesDir = "/var/lib/rancher/rke2/server/tls"

	// DefaultETCDCertificatesDir is the default location (file path) where the provider will put the etcd certificates, this location will then
	// be automatically used by RKE2 to use the pre-defined certificates instead of generating them.
	DefaultETCDCertificatesDir = DefaultCertificatesDir + "/etcd"

	// Kubeconfig is the secret name suffix storing the Cluster Kubeconfig.
	Kubeconfig = Purpose("kubeconfig")

	// KubeconfigDataName is the data entry name for the Kubeconfig file content.
	KubeconfigDataName string = "value"

	// EtcdCA is the secret name suffix for the Etcd CA.
	EtcdCA Purpose = "peer-etcd"

	// EtcdServerCA is the secret name suffix for the Etcd CA.
	EtcdServerCA Purpose = "etcd"

	// ClusterCA is the secret name suffix for APIServer CA.
	ClusterCA = Purpose("ca")

	// ClientClusterCA is the secret name suffix for APIServer CA.
	ClientClusterCA = Purpose("cca")

	// TLSKeyDataName is the key used to store a TLS private key in the secret's data field.
	TLSKeyDataName = "tls.key"

	// TLSCrtDataName is the key used to store a TLS certificate in the secret's data field.
	TLSCrtDataName = "tls.crt"

	// APIServerEtcdClient is the secret name of user-supplied secret containing the apiserver-etcd-client key/cert.
	APIServerEtcdClient Purpose = "apiserver-etcd-client"

	// ServiceAccount is the secret name suffix for the Service Account keys.
	ServiceAccount Purpose = "sa"

	// TenYears is the duration of one year.
	TenYears = time.Hour * 24 * 365 * 10
)

Variables

This section is empty.

Functions

func GetFromNamespacedName

func GetFromNamespacedName(ctx context.Context, c client.Reader, clusterName client.ObjectKey, purpose Purpose) (*corev1.Secret, error)

GetFromNamespacedName retrieves the specified Secret (if any) from the given cluster name and namespace.

func Name

func Name(cluster string, suffix Purpose) string

Name returns the name of the secret for a cluster.

Types

type Certificate

type Certificate interface {
	GetPurpose() Purpose
	GetKeyPair() *certs.KeyPair
	SetKeyPair(keyPair *certs.KeyPair)
	Lookup(ctx context.Context, cl client.Reader, key client.ObjectKey) (*corev1.Secret, error)
	Generate() error
	IsGenerated() bool
	IsExternal() bool
	SaveGenerated(ctx context.Context, cl client.Client, key client.ObjectKey, owner metav1.OwnerReference) error
	AsSecret(clusterName client.ObjectKey, owner metav1.OwnerReference) *corev1.Secret
	AsFiles() []bootstrapv1.File
}

Certificate is representing common operations on certificate rereival from the cluster.

type Certificates

type Certificates []Certificate

Certificates are the certificates necessary to bootstrap a cluster.

func NewCertificatesForInitialControlPlane

func NewCertificatesForInitialControlPlane() Certificates

NewCertificatesForInitialControlPlane returns a list of certificates configured for a control plane node.

func NewCertificatesForLegacyControlPlane added in v0.7.1

func NewCertificatesForLegacyControlPlane() Certificates

NewCertificatesForLegacyControlPlane returns a list of certificates configured for a control plane node, excluding etcd certificates set.

func (Certificates) AsFiles

func (c Certificates) AsFiles() []bootstrapv1.File

AsFiles converts a slice of certificates into bootstrap files.

func (Certificates) Generate

func (c Certificates) Generate() error

Generate will generate any certificates that do not have KeyPair data.

func (Certificates) GetByPurpose

func (c Certificates) GetByPurpose(purpose Purpose) Certificate

GetByPurpose returns a certificate by the given name. This could be removed if we use a map instead of a slice to hold certificates, however other code becomes more complex.

func (Certificates) Lookup

func (c Certificates) Lookup(ctx context.Context, ctrlclient client.Reader, clusterName client.ObjectKey) error

Lookup looks up each certificate from secrets and populates the certificate with the secret data.

func (Certificates) LookupOrGenerate

func (c Certificates) LookupOrGenerate(
	ctx context.Context,
	ctrlclient client.Client,
	clusterName client.ObjectKey,
	owner metav1.OwnerReference,
) error

LookupOrGenerate is a convenience function that wraps cluster bootstrap certificate behavior.

func (Certificates) SaveGenerated

func (c Certificates) SaveGenerated(ctx context.Context, ctrlclient client.Client, clusterName client.ObjectKey, owner metav1.OwnerReference) error

SaveGenerated will save any certificates that have been generated as Kubernetes secrets.

type CertificatesGenerator added in v0.5.0

type CertificatesGenerator interface {
	Lookup(ctx context.Context, ctrlclient client.Reader, clusterName client.ObjectKey) error
	Generate() error
	SaveGenerated(ctx context.Context, ctrlclient client.Client, clusterName client.ObjectKey, owner metav1.OwnerReference) error
	LookupOrGenerate(ctx context.Context, ctrlclient client.Client, clusterName client.ObjectKey, owner metav1.OwnerReference) error
}

CertificatesGenerator is an interface for certificate content generation and storage.

type ManagedCertificate added in v0.5.0

type ManagedCertificate struct {
	External          bool
	Generated         bool
	Purpose           Purpose
	KeyPair           *certs.KeyPair
	CertFile, KeyFile string
}

ManagedCertificate represents a single certificate CA.

func (*ManagedCertificate) AsFiles added in v0.5.0

func (c *ManagedCertificate) AsFiles() []bootstrapv1.File

AsFiles converts the certificate to a slice of Files that may have 0, 1 or 2 Files.

func (*ManagedCertificate) AsSecret added in v0.5.0

func (c *ManagedCertificate) AsSecret(clusterName client.ObjectKey, owner metav1.OwnerReference) *corev1.Secret

AsSecret converts a single certificate into a Kubernetes secret.

func (*ManagedCertificate) Generate added in v0.5.0

func (c *ManagedCertificate) Generate() error

Generate will generate any certificates that do not have KeyPair data.

func (*ManagedCertificate) GetKeyPair added in v0.5.0

func (c *ManagedCertificate) GetKeyPair() *certs.KeyPair

GetKeyPair gets the certificate key pair.

func (*ManagedCertificate) GetPurpose added in v0.5.0

func (c *ManagedCertificate) GetPurpose() Purpose

GetPurpose returns the assigned purpose for the certificate.

func (*ManagedCertificate) IsExternal added in v0.5.0

func (c *ManagedCertificate) IsExternal() bool

IsExternal returns true for extenally managed cerificates.

func (*ManagedCertificate) IsGenerated added in v0.5.0

func (c *ManagedCertificate) IsGenerated() bool

IsGenerated returns if this time the certificate was newly generated, opposed to being fetched from cache.

func (*ManagedCertificate) Lookup added in v0.5.0

func (c *ManagedCertificate) Lookup(ctx context.Context, ctrlclient client.Reader, clusterName client.ObjectKey) (*corev1.Secret, error)

Lookup implements certificate lookup.

func (*ManagedCertificate) SaveGenerated added in v0.5.0

SaveGenerated implements Certificate.

func (*ManagedCertificate) SetKeyPair added in v0.5.0

func (c *ManagedCertificate) SetKeyPair(keyPair *certs.KeyPair)

SetKeyPair sets the certificate key pair.

type Purpose

type Purpose string

Purpose is the name to append to the secret generated for a cluster.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL