certs

package
v1.9.3-rancher1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 12, 2018 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CreateAPIServerCertAndKeyFiles added in v1.8.0

func CreateAPIServerCertAndKeyFiles(cfg *kubeadmapi.MasterConfiguration) error

CreateAPIServerCertAndKeyFiles create a new certificate and key files for the apiserver. If the apiserver certificate and key files already exists in the target folder, they are used only if evaluated equal; otherwise an error is returned. It assumes the cluster CA certificate and key files should exists into the CertificatesDir

func CreateAPIServerKubeletClientCertAndKeyFiles added in v1.8.0

func CreateAPIServerKubeletClientCertAndKeyFiles(cfg *kubeadmapi.MasterConfiguration) error

CreateAPIServerKubeletClientCertAndKeyFiles create a new CA certificate for kubelets calling apiserver If the apiserver-kubelet-client certificate and key files already exists in the target folder, they are used only if evaluated equals; otherwise an error is returned. It assumes the cluster CA certificate and key files should exists into the CertificatesDir

func CreateCACertAndKeyfiles added in v1.8.0

func CreateCACertAndKeyfiles(cfg *kubeadmapi.MasterConfiguration) error

CreateCACertAndKeyfiles create a new self signed CA certificate and key files. If the CA certificate and key files already exists in the target folder, they are used only if evaluated equal; otherwise an error is returned.

func CreateFrontProxyCACertAndKeyFiles added in v1.8.0

func CreateFrontProxyCACertAndKeyFiles(cfg *kubeadmapi.MasterConfiguration) error

CreateFrontProxyCACertAndKeyFiles create a self signed front proxy CA certificate and key files. Front proxy CA and client certs are used to secure a front proxy authenticator which is used to assert identity without the client cert; This is a separte CA, so that front proxy identities cannot hit the API and normal client certs cannot be used as front proxies. If the front proxy CA certificate and key files already exists in the target folder, they are used only if evaluated equals; otherwise an error is returned.

func CreateFrontProxyClientCertAndKeyFiles added in v1.8.0

func CreateFrontProxyClientCertAndKeyFiles(cfg *kubeadmapi.MasterConfiguration) error

CreateFrontProxyClientCertAndKeyFiles create a new certificate for proxy server client. If the front-proxy-client certificate and key files already exists in the target folder, they are used only if evaluated equals; otherwise an error is returned. It assumes the front proxy CAA certificate and key files should exists into the CertificatesDir

func CreatePKIAssets

func CreatePKIAssets(cfg *kubeadmapi.MasterConfiguration) error

CreatePKIAssets will create and write to disk all PKI assets necessary to establish the control plane. If the PKI assets already exists in the target folder, they are used only if evaluated equal; otherwise an error is returned.

func CreateServiceAccountKeyAndPublicKeyFiles added in v1.8.0

func CreateServiceAccountKeyAndPublicKeyFiles(cfg *kubeadmapi.MasterConfiguration) error

CreateServiceAccountKeyAndPublicKeyFiles create a new public/private key files for signing service account users. If the sa public/private key files already exists in the target folder, they are used only if evaluated equals; otherwise an error is returned.

func NewAPIServerCertAndKey added in v1.8.0

func NewAPIServerCertAndKey(cfg *kubeadmapi.MasterConfiguration, caCert *x509.Certificate, caKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey, error)

NewAPIServerCertAndKey generate CA certificate for apiserver, signed by the given CA.

func NewAPIServerKubeletClientCertAndKey added in v1.8.0

func NewAPIServerKubeletClientCertAndKey(caCert *x509.Certificate, caKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey, error)

NewAPIServerKubeletClientCertAndKey generate CA certificate for the apiservers to connect to the kubelets securely, signed by the given CA.

func NewCACertAndKey added in v1.8.0

func NewCACertAndKey() (*x509.Certificate, *rsa.PrivateKey, error)

NewCACertAndKey will generate a self signed CA.

func NewFrontProxyCACertAndKey added in v1.8.0

func NewFrontProxyCACertAndKey() (*x509.Certificate, *rsa.PrivateKey, error)

NewFrontProxyCACertAndKey generate a self signed front proxy CA.

func NewFrontProxyClientCertAndKey added in v1.8.0

func NewFrontProxyClientCertAndKey(frontProxyCACert *x509.Certificate, frontProxyCAKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey, error)

NewFrontProxyClientCertAndKey generate CA certificate for proxy server client, signed by the given front proxy CA.

func NewServiceAccountSigningKey added in v1.8.0

func NewServiceAccountSigningKey() (*rsa.PrivateKey, error)

NewServiceAccountSigningKey generate public/private key pairs for signing service account tokens.

func UsingExternalCA added in v1.8.0

func UsingExternalCA(cfg *kubeadmapi.MasterConfiguration) (bool, error)

UsingExternalCA determines whether the user is relying on an external CA. We currently implicitly determine this is the case when the CA Cert is present but the CA Key is not. This allows us to, e.g., skip generating certs or not start the csr signing controller.

Types

This section is empty.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL