Documentation ¶
Index ¶
- func CreateAPIServerCertAndKeyFiles(cfg *kubeadmapi.MasterConfiguration) error
- func CreateAPIServerKubeletClientCertAndKeyFiles(cfg *kubeadmapi.MasterConfiguration) error
- func CreateCACertAndKeyfiles(cfg *kubeadmapi.MasterConfiguration) error
- func CreateFrontProxyCACertAndKeyFiles(cfg *kubeadmapi.MasterConfiguration) error
- func CreateFrontProxyClientCertAndKeyFiles(cfg *kubeadmapi.MasterConfiguration) error
- func CreatePKIAssets(cfg *kubeadmapi.MasterConfiguration) error
- func CreateServiceAccountKeyAndPublicKeyFiles(cfg *kubeadmapi.MasterConfiguration) error
- func NewAPIServerCertAndKey(cfg *kubeadmapi.MasterConfiguration, caCert *x509.Certificate, ...) (*x509.Certificate, *rsa.PrivateKey, error)
- func NewAPIServerKubeletClientCertAndKey(caCert *x509.Certificate, caKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey, error)
- func NewCACertAndKey() (*x509.Certificate, *rsa.PrivateKey, error)
- func NewFrontProxyCACertAndKey() (*x509.Certificate, *rsa.PrivateKey, error)
- func NewFrontProxyClientCertAndKey(frontProxyCACert *x509.Certificate, frontProxyCAKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey, error)
- func NewServiceAccountSigningKey() (*rsa.PrivateKey, error)
- func UsingExternalCA(cfg *kubeadmapi.MasterConfiguration) (bool, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CreateAPIServerCertAndKeyFiles ¶
func CreateAPIServerCertAndKeyFiles(cfg *kubeadmapi.MasterConfiguration) error
CreateAPIServerCertAndKeyFiles create a new certificate and key files for the apiserver. If the apiserver certificate and key files already exists in the target folder, they are used only if evaluated equal; otherwise an error is returned. It assumes the cluster CA certificate and key files should exists into the CertificatesDir
func CreateAPIServerKubeletClientCertAndKeyFiles ¶
func CreateAPIServerKubeletClientCertAndKeyFiles(cfg *kubeadmapi.MasterConfiguration) error
CreateAPIServerKubeletClientCertAndKeyFiles create a new CA certificate for kubelets calling apiserver If the apiserver-kubelet-client certificate and key files already exists in the target folder, they are used only if evaluated equals; otherwise an error is returned. It assumes the cluster CA certificate and key files should exists into the CertificatesDir
func CreateCACertAndKeyfiles ¶
func CreateCACertAndKeyfiles(cfg *kubeadmapi.MasterConfiguration) error
CreateCACertAndKeyfiles create a new self signed CA certificate and key files. If the CA certificate and key files already exists in the target folder, they are used only if evaluated equal; otherwise an error is returned.
func CreateFrontProxyCACertAndKeyFiles ¶
func CreateFrontProxyCACertAndKeyFiles(cfg *kubeadmapi.MasterConfiguration) error
CreateFrontProxyCACertAndKeyFiles create a self signed front proxy CA certificate and key files. Front proxy CA and client certs are used to secure a front proxy authenticator which is used to assert identity without the client cert; This is a separte CA, so that front proxy identities cannot hit the API and normal client certs cannot be used as front proxies. If the front proxy CA certificate and key files already exists in the target folder, they are used only if evaluated equals; otherwise an error is returned.
func CreateFrontProxyClientCertAndKeyFiles ¶
func CreateFrontProxyClientCertAndKeyFiles(cfg *kubeadmapi.MasterConfiguration) error
CreateFrontProxyClientCertAndKeyFiles create a new certificate for proxy server client. If the front-proxy-client certificate and key files already exists in the target folder, they are used only if evaluated equals; otherwise an error is returned. It assumes the front proxy CAA certificate and key files should exists into the CertificatesDir
func CreatePKIAssets ¶
func CreatePKIAssets(cfg *kubeadmapi.MasterConfiguration) error
CreatePKIAssets will create and write to disk all PKI assets necessary to establish the control plane. If the PKI assets already exists in the target folder, they are used only if evaluated equal; otherwise an error is returned.
func CreateServiceAccountKeyAndPublicKeyFiles ¶
func CreateServiceAccountKeyAndPublicKeyFiles(cfg *kubeadmapi.MasterConfiguration) error
CreateServiceAccountKeyAndPublicKeyFiles create a new public/private key files for signing service account users. If the sa public/private key files already exists in the target folder, they are used only if evaluated equals; otherwise an error is returned.
func NewAPIServerCertAndKey ¶
func NewAPIServerCertAndKey(cfg *kubeadmapi.MasterConfiguration, caCert *x509.Certificate, caKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey, error)
NewAPIServerCertAndKey generate CA certificate for apiserver, signed by the given CA.
func NewAPIServerKubeletClientCertAndKey ¶
func NewAPIServerKubeletClientCertAndKey(caCert *x509.Certificate, caKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey, error)
NewAPIServerKubeletClientCertAndKey generate CA certificate for the apiservers to connect to the kubelets securely, signed by the given CA.
func NewCACertAndKey ¶
func NewCACertAndKey() (*x509.Certificate, *rsa.PrivateKey, error)
NewCACertAndKey will generate a self signed CA.
func NewFrontProxyCACertAndKey ¶
func NewFrontProxyCACertAndKey() (*x509.Certificate, *rsa.PrivateKey, error)
NewFrontProxyCACertAndKey generate a self signed front proxy CA.
func NewFrontProxyClientCertAndKey ¶
func NewFrontProxyClientCertAndKey(frontProxyCACert *x509.Certificate, frontProxyCAKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey, error)
NewFrontProxyClientCertAndKey generate CA certificate for proxy server client, signed by the given front proxy CA.
func NewServiceAccountSigningKey ¶
func NewServiceAccountSigningKey() (*rsa.PrivateKey, error)
NewServiceAccountSigningKey generate public/private key pairs for signing service account tokens.
func UsingExternalCA ¶
func UsingExternalCA(cfg *kubeadmapi.MasterConfiguration) (bool, error)
UsingExternalCA determines whether the user is relying on an external CA. We currently implicitly determine this is the case when the CA Cert is present but the CA Key is not. This allows us to, e.g., skip generating certs or not start the csr signing controller.
Types ¶
This section is empty.