certs

package
v1.10.0-alpha.2...-72cec4d Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 7, 2018 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CreateAPIServerCertAndKeyFiles

func CreateAPIServerCertAndKeyFiles(cfg *kubeadmapi.MasterConfiguration) error

CreateAPIServerCertAndKeyFiles create a new certificate and key files for the apiserver. If the apiserver certificate and key files already exists in the target folder, they are used only if evaluated equal; otherwise an error is returned. It assumes the cluster CA certificate and key files should exists into the CertificatesDir

func CreateAPIServerKubeletClientCertAndKeyFiles

func CreateAPIServerKubeletClientCertAndKeyFiles(cfg *kubeadmapi.MasterConfiguration) error

CreateAPIServerKubeletClientCertAndKeyFiles create a new CA certificate for kubelets calling apiserver If the apiserver-kubelet-client certificate and key files already exists in the target folder, they are used only if evaluated equals; otherwise an error is returned. It assumes the cluster CA certificate and key files should exists into the CertificatesDir

func CreateCACertAndKeyfiles

func CreateCACertAndKeyfiles(cfg *kubeadmapi.MasterConfiguration) error

CreateCACertAndKeyfiles create a new self signed CA certificate and key files. If the CA certificate and key files already exists in the target folder, they are used only if evaluated equal; otherwise an error is returned.

func CreateFrontProxyCACertAndKeyFiles

func CreateFrontProxyCACertAndKeyFiles(cfg *kubeadmapi.MasterConfiguration) error

CreateFrontProxyCACertAndKeyFiles create a self signed front proxy CA certificate and key files. Front proxy CA and client certs are used to secure a front proxy authenticator which is used to assert identity without the client cert; This is a separte CA, so that front proxy identities cannot hit the API and normal client certs cannot be used as front proxies. If the front proxy CA certificate and key files already exists in the target folder, they are used only if evaluated equals; otherwise an error is returned.

func CreateFrontProxyClientCertAndKeyFiles

func CreateFrontProxyClientCertAndKeyFiles(cfg *kubeadmapi.MasterConfiguration) error

CreateFrontProxyClientCertAndKeyFiles create a new certificate for proxy server client. If the front-proxy-client certificate and key files already exists in the target folder, they are used only if evaluated equals; otherwise an error is returned. It assumes the front proxy CAA certificate and key files should exists into the CertificatesDir

func CreatePKIAssets

func CreatePKIAssets(cfg *kubeadmapi.MasterConfiguration) error

CreatePKIAssets will create and write to disk all PKI assets necessary to establish the control plane. If the PKI assets already exists in the target folder, they are used only if evaluated equal; otherwise an error is returned.

func CreateServiceAccountKeyAndPublicKeyFiles

func CreateServiceAccountKeyAndPublicKeyFiles(cfg *kubeadmapi.MasterConfiguration) error

CreateServiceAccountKeyAndPublicKeyFiles create a new public/private key files for signing service account users. If the sa public/private key files already exists in the target folder, they are used only if evaluated equals; otherwise an error is returned.

func NewAPIServerCertAndKey

func NewAPIServerCertAndKey(cfg *kubeadmapi.MasterConfiguration, caCert *x509.Certificate, caKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey, error)

NewAPIServerCertAndKey generate CA certificate for apiserver, signed by the given CA.

func NewAPIServerKubeletClientCertAndKey

func NewAPIServerKubeletClientCertAndKey(caCert *x509.Certificate, caKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey, error)

NewAPIServerKubeletClientCertAndKey generate CA certificate for the apiservers to connect to the kubelets securely, signed by the given CA.

func NewCACertAndKey

func NewCACertAndKey() (*x509.Certificate, *rsa.PrivateKey, error)

NewCACertAndKey will generate a self signed CA.

func NewFrontProxyCACertAndKey

func NewFrontProxyCACertAndKey() (*x509.Certificate, *rsa.PrivateKey, error)

NewFrontProxyCACertAndKey generate a self signed front proxy CA.

func NewFrontProxyClientCertAndKey

func NewFrontProxyClientCertAndKey(frontProxyCACert *x509.Certificate, frontProxyCAKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey, error)

NewFrontProxyClientCertAndKey generate CA certificate for proxy server client, signed by the given front proxy CA.

func NewServiceAccountSigningKey

func NewServiceAccountSigningKey() (*rsa.PrivateKey, error)

NewServiceAccountSigningKey generate public/private key pairs for signing service account tokens.

func UsingExternalCA

func UsingExternalCA(cfg *kubeadmapi.MasterConfiguration) (bool, error)

UsingExternalCA determines whether the user is relying on an external CA. We currently implicitly determine this is the case when the CA Cert is present but the CA Key is not. This allows us to, e.g., skip generating certs or not start the csr signing controller.

Types

This section is empty.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL