Documentation ¶
Index ¶
- Constants
- func DeepEqualIPsAltNames(oldIPs, newIPs []net.IP) bool
- func DeployAdminConfig(ctx context.Context, kubeConfig, localConfigPath string) error
- func DeployCertificatesOnPlaneHost(ctx context.Context, host *hosts.Host, ...) error
- func DeployStateOnPlaneHost(ctx context.Context, host *hosts.Host, stateDownloaderImage string, ...) error
- func FetchCertificatesFromHost(ctx context.Context, extraHosts []*hosts.Host, host *hosts.Host, ...) (map[string]CertificatePKI, error)
- func FetchFileFromHost(ctx context.Context, filePath, image string, host *hosts.Host, ...) (string, error)
- func GenerateAPIProxyClientCSR(ctx context.Context, certs map[string]CertificatePKI, ...) error
- func GenerateAPIProxyClientCertificate(ctx context.Context, certs map[string]CertificatePKI, ...) error
- func GenerateCACertAndKey(commonName string, privateKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey, error)
- func GenerateCertSigningRequestAndKey(serverCrt bool, commonName string, altNames *cert.AltNames, ...) ([]byte, *rsa.PrivateKey, error)
- func GenerateEtcdCSRs(ctx context.Context, certs map[string]CertificatePKI, ...) error
- func GenerateEtcdCertificates(ctx context.Context, certs map[string]CertificatePKI, ...) error
- func GenerateExternalEtcdCertificates(ctx context.Context, certs map[string]CertificatePKI, ...) error
- func GenerateKubeAPICSR(ctx context.Context, certs map[string]CertificatePKI, ...) error
- func GenerateKubeAPICertificate(ctx context.Context, certs map[string]CertificatePKI, ...) error
- func GenerateKubeAdminCSR(ctx context.Context, certs map[string]CertificatePKI, ...) error
- func GenerateKubeAdminCertificate(ctx context.Context, certs map[string]CertificatePKI, ...) error
- func GenerateKubeControllerCSR(ctx context.Context, certs map[string]CertificatePKI, ...) error
- func GenerateKubeControllerCertificate(ctx context.Context, certs map[string]CertificatePKI, ...) error
- func GenerateKubeNodeCSR(ctx context.Context, certs map[string]CertificatePKI, ...) error
- func GenerateKubeNodeCertificate(ctx context.Context, certs map[string]CertificatePKI, ...) error
- func GenerateKubeProxyCSR(ctx context.Context, certs map[string]CertificatePKI, ...) error
- func GenerateKubeProxyCertificate(ctx context.Context, certs map[string]CertificatePKI, ...) error
- func GenerateKubeSchedulerCSR(ctx context.Context, certs map[string]CertificatePKI, ...) error
- func GenerateKubeSchedulerCertificate(ctx context.Context, certs map[string]CertificatePKI, ...) error
- func GenerateKubeletCSR(ctx context.Context, certs map[string]CertificatePKI, ...) error
- func GenerateKubeletCertificate(ctx context.Context, certs map[string]CertificatePKI, ...) error
- func GenerateRKECACerts(ctx context.Context, certs map[string]CertificatePKI, ...) error
- func GenerateRKECerts(ctx context.Context, rkeConfig v3.RancherKubernetesEngineConfig, ...) (map[string]CertificatePKI, error)
- func GenerateRKEMasterCACert(ctx context.Context, certs map[string]CertificatePKI, ...) error
- func GenerateRKENodeCerts(ctx context.Context, rkeConfig v3.RancherKubernetesEngineConfig, ...) map[string]CertificatePKI
- func GenerateRKERequestHeaderCACert(ctx context.Context, certs map[string]CertificatePKI, ...) error
- func GenerateRKEServicesCSRs(ctx context.Context, certs map[string]CertificatePKI, ...) error
- func GenerateRKEServicesCerts(ctx context.Context, certs map[string]CertificatePKI, ...) error
- func GenerateServiceTokenKey(ctx context.Context, certs map[string]CertificatePKI, ...) error
- func GenerateSignedCertAndKey(caCrt *x509.Certificate, caKey *rsa.PrivateKey, serverCrt bool, ...) (*x509.Certificate, *rsa.PrivateKey, error)
- func GetAltNames(cpHosts []*hosts.Host, clusterDomain string, KubernetesServiceIP []net.IP, ...) *cert.AltNames
- func GetCertPath(name string) string
- func GetCertTempPath(name string) string
- func GetConfigPath(name string) string
- func GetConfigTempPath(name string) string
- func GetCrtNameForHost(host *hosts.Host, prefix string) string
- func GetIPHostAltnamesForHost(host *hosts.Host) *cert.AltNames
- func GetKeyPath(name string) string
- func GetKeyTempPath(name string) string
- func GetKubeConfigX509WithData(kubernetesURL string, clusterName string, componentName string, cacrt string, ...) string
- func GetKubernetesServiceIP(serviceClusterRange string) ([]net.IP, error)
- func GetLocalKubeConfig(configPath, configDir string) string
- func IsKubeletGenerateServingCertificateEnabledinConfig(rkeConfig *v3.RancherKubernetesEngineConfig) bool
- func IsValidCertStr(c string) (bool, error)
- func ReadCSRsAndKeysFromDir(certDir string) (map[string]CertificatePKI, error)
- func ReadCertToStr(file string) (string, error)
- func ReadCertsAndKeysFromDir(certDir string) (map[string]CertificatePKI, error)
- func RegenerateEtcdCertificate(ctx context.Context, crtMap map[string]CertificatePKI, etcdHost *hosts.Host, ...) (map[string]CertificatePKI, error)
- func RemoveAdminConfig(ctx context.Context, localConfigPath string)
- func SaveBackupBundleOnHost(ctx context.Context, host *hosts.Host, ...) error
- func TransformPEMToObject(in map[string]CertificatePKI) map[string]CertificatePKI
- func ValidateBundleContent(rkeConfig *v3.RancherKubernetesEngineConfig, ...) error
- func WriteCertificates(certDirPath string, certBundle map[string]CertificatePKI) error
- type CSRFunc
- type CertificatePKI
- type GenFunc
Constants ¶
View Source
const ( K8sBaseDir = "/etc/kubernetes/" CertPathPrefix = K8sBaseDir + "ssl/" CertificatesServiceName = "certificates" CrtDownloaderContainer = "cert-deployer" CertFetcherContainer = "cert-fetcher" CertificatesSecretName = "k8s-certs" TempCertPath = "/etc/kubernetes/.tmp/" ClusterConfig = "cluster.yml" ClusterStateFile = "cluster-state.yml" ClusterStateExt = ".rkestate" ClusterStateEnv = "CLUSTER_STATE" BundleCertPath = "/backup/pki.bundle.tar.gz" CACertName = "kube-ca" RequestHeaderCACertName = "kube-apiserver-requestheader-ca" KubeAPICertName = "kube-apiserver" KubeControllerCertName = "kube-controller-manager" KubeSchedulerCertName = "kube-scheduler" KubeProxyCertName = "kube-proxy" KubeNodeCertName = "kube-node" KubeletCertName = "kube-kubelet" EtcdCertName = "kube-etcd" EtcdClientCACertName = "kube-etcd-client-ca" EtcdClientCertName = "kube-etcd-client" APIProxyClientCertName = "kube-apiserver-proxy-client" ServiceAccountTokenKeyName = "kube-service-account-token" KubeNodeCommonName = "system:node" KubeNodeOrganizationName = "system:nodes" KubeAdminCertName = "kube-admin" KubeAdminOrganizationName = "system:masters" KubeAdminConfigPrefix = "kube_config_" )
View Source
const (
BundleCertContainer = "rke-bundle-cert"
)
View Source
const (
StateDeployerContainerName = "cluster-state-deployer"
)
Variables ¶
This section is empty.
Functions ¶
func DeepEqualIPsAltNames ¶ added in v1.0.0
func DeployAdminConfig ¶
func DeployCertificatesOnPlaneHost ¶ added in v0.1.1
func DeployStateOnPlaneHost ¶ added in v0.1.10
func FetchFileFromHost ¶ added in v0.1.7
func GenerateAPIProxyClientCSR ¶ added in v0.2.0
func GenerateAPIProxyClientCSR(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig) error
func GenerateAPIProxyClientCertificate ¶ added in v0.2.0
func GenerateAPIProxyClientCertificate(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error
func GenerateCACertAndKey ¶ added in v0.1.9
func GenerateCACertAndKey(commonName string, privateKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey, error)
func GenerateCertSigningRequestAndKey ¶ added in v0.2.0
func GenerateEtcdCSRs ¶ added in v0.2.0
func GenerateEtcdCSRs(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig) error
func GenerateEtcdCertificates ¶ added in v0.2.0
func GenerateEtcdCertificates(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error
func GenerateExternalEtcdCertificates ¶ added in v0.2.0
func GenerateExternalEtcdCertificates(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error
func GenerateKubeAPICSR ¶ added in v0.2.0
func GenerateKubeAPICSR(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig) error
func GenerateKubeAPICertificate ¶ added in v0.2.0
func GenerateKubeAPICertificate(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error
func GenerateKubeAdminCSR ¶ added in v0.2.0
func GenerateKubeAdminCSR(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig) error
func GenerateKubeAdminCertificate ¶ added in v0.2.0
func GenerateKubeAdminCertificate(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error
func GenerateKubeControllerCSR ¶ added in v0.2.0
func GenerateKubeControllerCSR(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig) error
func GenerateKubeControllerCertificate ¶ added in v0.2.0
func GenerateKubeControllerCertificate(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error
func GenerateKubeNodeCSR ¶ added in v0.2.0
func GenerateKubeNodeCSR(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig) error
func GenerateKubeNodeCertificate ¶ added in v0.2.0
func GenerateKubeNodeCertificate(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error
func GenerateKubeProxyCSR ¶ added in v0.2.0
func GenerateKubeProxyCSR(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig) error
func GenerateKubeProxyCertificate ¶ added in v0.2.0
func GenerateKubeProxyCertificate(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error
func GenerateKubeSchedulerCSR ¶ added in v0.2.0
func GenerateKubeSchedulerCSR(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig) error
func GenerateKubeSchedulerCertificate ¶ added in v0.2.0
func GenerateKubeSchedulerCertificate(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error
func GenerateKubeletCSR ¶ added in v1.0.0
func GenerateKubeletCSR(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig) error
func GenerateKubeletCertificate ¶ added in v1.0.0
func GenerateKubeletCertificate(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error
func GenerateRKECACerts ¶ added in v0.2.0
func GenerateRKECerts ¶ added in v0.1.2
func GenerateRKECerts(ctx context.Context, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string) (map[string]CertificatePKI, error)
func GenerateRKEMasterCACert ¶ added in v0.2.0
func GenerateRKENodeCerts ¶ added in v0.1.2
func GenerateRKENodeCerts(ctx context.Context, rkeConfig v3.RancherKubernetesEngineConfig, nodeAddress string, certBundle map[string]CertificatePKI) map[string]CertificatePKI
func GenerateRKERequestHeaderCACert ¶ added in v0.2.0
func GenerateRKEServicesCSRs ¶ added in v0.2.0
func GenerateRKEServicesCSRs(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig) error
func GenerateRKEServicesCerts ¶ added in v0.2.0
func GenerateRKEServicesCerts(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error
func GenerateServiceTokenKey ¶ added in v0.2.0
func GenerateServiceTokenKey(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error
func GenerateSignedCertAndKey ¶ added in v0.1.1
func GenerateSignedCertAndKey( caCrt *x509.Certificate, caKey *rsa.PrivateKey, serverCrt bool, commonName string, altNames *cert.AltNames, reusedKey *rsa.PrivateKey, orgs []string) (*x509.Certificate, *rsa.PrivateKey, error)
func GetAltNames ¶
func GetCertPath ¶ added in v0.1.1
func GetCertTempPath ¶ added in v0.1.1
func GetConfigPath ¶ added in v0.1.1
func GetConfigTempPath ¶ added in v0.1.1
func GetCrtNameForHost ¶ added in v1.0.0
func GetIPHostAltnamesForHost ¶ added in v1.0.0
func GetKeyPath ¶ added in v0.1.1
func GetKeyTempPath ¶ added in v0.1.1
func GetKubernetesServiceIP ¶ added in v0.1.2
func GetLocalKubeConfig ¶ added in v0.1.2
func IsKubeletGenerateServingCertificateEnabledinConfig ¶ added in v1.0.0
func IsKubeletGenerateServingCertificateEnabledinConfig(rkeConfig *v3.RancherKubernetesEngineConfig) bool
func IsValidCertStr ¶ added in v0.2.5
func ReadCSRsAndKeysFromDir ¶ added in v0.2.0
func ReadCSRsAndKeysFromDir(certDir string) (map[string]CertificatePKI, error)
func ReadCertToStr ¶ added in v0.2.5
func ReadCertsAndKeysFromDir ¶ added in v0.2.0
func ReadCertsAndKeysFromDir(certDir string) (map[string]CertificatePKI, error)
func RegenerateEtcdCertificate ¶ added in v0.1.1
func RemoveAdminConfig ¶
func SaveBackupBundleOnHost ¶ added in v0.1.8
func TransformPEMToObject ¶ added in v0.2.0
func TransformPEMToObject(in map[string]CertificatePKI) map[string]CertificatePKI
func ValidateBundleContent ¶ added in v0.2.0
func ValidateBundleContent(rkeConfig *v3.RancherKubernetesEngineConfig, certBundle map[string]CertificatePKI, configPath, configDir string) error
func WriteCertificates ¶ added in v0.2.0
func WriteCertificates(certDirPath string, certBundle map[string]CertificatePKI) error
Types ¶
type CSRFunc ¶ added in v0.2.0
type CSRFunc func(context.Context, map[string]CertificatePKI, v3.RancherKubernetesEngineConfig) error
type CertificatePKI ¶
type CertificatePKI struct { Certificate *x509.Certificate `json:"-"` Key *rsa.PrivateKey `json:"-"` CSR *x509.CertificateRequest `json:"-"` CertificatePEM string `json:"certificatePEM"` KeyPEM string `json:"keyPEM"` CSRPEM string `json:"-"` Config string `json:"config"` Name string `json:"name"` CommonName string `json:"commonName"` OUName string `json:"ouName"` EnvName string `json:"envName"` Path string `json:"path"` KeyEnvName string `json:"keyEnvName"` KeyPath string `json:"keyPath"` ConfigEnvName string `json:"configEnvName"` ConfigPath string `json:"configPath"` }
func ToCertObject ¶ added in v0.1.1
func ToCertObject(componentName, commonName, ouName string, certificate *x509.Certificate, key *rsa.PrivateKey, csrASN1 []byte) CertificatePKI
func (*CertificatePKI) CertToEnv ¶
func (c *CertificatePKI) CertToEnv() string
func (*CertificatePKI) ConfigToEnv ¶
func (c *CertificatePKI) ConfigToEnv() string
func (*CertificatePKI) KeyToEnv ¶
func (c *CertificatePKI) KeyToEnv() string
func (*CertificatePKI) ToEnv ¶
func (c *CertificatePKI) ToEnv() []string
Source Files ¶
Click to show internal directories.
Click to hide internal directories.