Documentation
¶
Overview ¶
Package kubernetes implements safe Talos API PKI rotation for the cluster.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Rotate ¶
Rotate rotates the Kubernetes API PKI.
The process overview:
- fetch current information
- verify connectivity with the existing PKI
- add new Kubernetes CA as accepted
- verify connectivity
- make new CA issuing, old CA is still accepted
- verify connectivity with the new PKI
- remove old CA
- verify connectivity with the new PKI.
Types ¶
type Options ¶
type Options struct {
// DryRun is the flag to enable dry-run mode.
//
// In dry-run mode, the rotation process will not make any changes to the cluster.
DryRun bool
// TalosClient is a Talos API client
TalosClient *client.Client
// ClusterInfo provides information about cluster topology.
ClusterInfo cluster.Info
// NewKubernetesCA is the new CA for Kubernetes API.
NewKubernetesCA *x509.PEMEncodedCertificateAndKey
// EncoderOption is the option for encoding machine configuration (while patching).
EncoderOption encoder.Option
// Printf is the function used to print messages.
Printf func(format string, args ...any)
}
Options is the input to the Kubernetes API rotation process.
Source Files
Click to show internal directories.
Click to hide internal directories.