Documentation ¶
Index ¶
- func CreateAPIServerCertAndKeyFiles(cfg *kubeadmapi.MasterConfiguration) error
- func CreateAPIServerEtcdClientCertAndKeyFiles(cfg *kubeadmapi.MasterConfiguration) error
- func CreateAPIServerKubeletClientCertAndKeyFiles(cfg *kubeadmapi.MasterConfiguration) error
- func CreateCACertAndKeyFiles(cfg *kubeadmapi.MasterConfiguration) error
- func CreateEtcdCACertAndKeyFiles(cfg *kubeadmapi.MasterConfiguration) error
- func CreateEtcdHealthcheckClientCertAndKeyFiles(cfg *kubeadmapi.MasterConfiguration) error
- func CreateEtcdPeerCertAndKeyFiles(cfg *kubeadmapi.MasterConfiguration) error
- func CreateEtcdServerCertAndKeyFiles(cfg *kubeadmapi.MasterConfiguration) error
- func CreateFrontProxyCACertAndKeyFiles(cfg *kubeadmapi.MasterConfiguration) error
- func CreateFrontProxyClientCertAndKeyFiles(cfg *kubeadmapi.MasterConfiguration) error
- func CreatePKIAssets(cfg *kubeadmapi.MasterConfiguration) error
- func CreateServiceAccountKeyAndPublicKeyFiles(cfg *kubeadmapi.MasterConfiguration) error
- func NewAPIServerCertAndKey(cfg *kubeadmapi.MasterConfiguration, caCert *x509.Certificate, ...) (*x509.Certificate, *rsa.PrivateKey, error)
- func NewAPIServerEtcdClientCertAndKey(caCert *x509.Certificate, caKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey, error)
- func NewAPIServerKubeletClientCertAndKey(caCert *x509.Certificate, caKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey, error)
- func NewCACertAndKey() (*x509.Certificate, *rsa.PrivateKey, error)
- func NewEtcdCACertAndKey() (*x509.Certificate, *rsa.PrivateKey, error)
- func NewEtcdHealthcheckClientCertAndKey(caCert *x509.Certificate, caKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey, error)
- func NewEtcdPeerCertAndKey(cfg *kubeadmapi.MasterConfiguration, caCert *x509.Certificate, ...) (*x509.Certificate, *rsa.PrivateKey, error)
- func NewEtcdServerCertAndKey(cfg *kubeadmapi.MasterConfiguration, caCert *x509.Certificate, ...) (*x509.Certificate, *rsa.PrivateKey, error)
- func NewFrontProxyCACertAndKey() (*x509.Certificate, *rsa.PrivateKey, error)
- func NewFrontProxyClientCertAndKey(frontProxyCACert *x509.Certificate, frontProxyCAKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey, error)
- func NewServiceAccountSigningKey() (*rsa.PrivateKey, error)
- func UsingExternalCA(cfg *kubeadmapi.MasterConfiguration) (bool, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CreateAPIServerCertAndKeyFiles ¶ added in v1.8.0
func CreateAPIServerCertAndKeyFiles(cfg *kubeadmapi.MasterConfiguration) error
CreateAPIServerCertAndKeyFiles create a new certificate and key files for the apiserver. If the apiserver certificate and key files already exists in the target folder, they are used only if evaluated equal; otherwise an error is returned. It assumes the cluster CA certificate and key files exist in the CertificatesDir.
func CreateAPIServerEtcdClientCertAndKeyFiles ¶ added in v1.10.8
func CreateAPIServerEtcdClientCertAndKeyFiles(cfg *kubeadmapi.MasterConfiguration) error
CreateAPIServerEtcdClientCertAndKeyFiles create a new client certificate for the apiserver calling etcd If the apiserver-etcd-client certificate and key file already exist in the target folder, they are used only if evaluated equal; otherwise an error is returned. It assumes the etcd CA certificate and key file exist in the CertificatesDir
func CreateAPIServerKubeletClientCertAndKeyFiles ¶ added in v1.8.0
func CreateAPIServerKubeletClientCertAndKeyFiles(cfg *kubeadmapi.MasterConfiguration) error
CreateAPIServerKubeletClientCertAndKeyFiles create a new certificate for kubelets calling apiserver. If the apiserver-kubelet-client certificate and key files already exists in the target folder, they are used only if evaluated equals; otherwise an error is returned. It assumes the cluster CA certificate and key files exist in the CertificatesDir.
func CreateCACertAndKeyFiles ¶ added in v1.10.8
func CreateCACertAndKeyFiles(cfg *kubeadmapi.MasterConfiguration) error
CreateCACertAndKeyFiles create a new self signed cluster CA certificate and key files. If the CA certificate and key files already exists in the target folder, they are used only if evaluated equal; otherwise an error is returned.
func CreateEtcdCACertAndKeyFiles ¶ added in v1.10.8
func CreateEtcdCACertAndKeyFiles(cfg *kubeadmapi.MasterConfiguration) error
CreateEtcdCACertAndKeyFiles create a self signed etcd CA certificate and key files. The etcd CA and client certs are used to secure communication between etcd peers and connections to etcd from the API server. This is a separate CA, so that kubernetes client identities cannot connect to etcd directly or peer with the etcd cluster. If the etcd CA certificate and key files already exists in the target folder, they are used only if evaluated equals; otherwise an error is returned.
func CreateEtcdHealthcheckClientCertAndKeyFiles ¶ added in v1.10.8
func CreateEtcdHealthcheckClientCertAndKeyFiles(cfg *kubeadmapi.MasterConfiguration) error
CreateEtcdHealthcheckClientCertAndKeyFiles create a new client certificate for liveness probes to healthcheck etcd If the etcd-healthcheck-client certificate and key file already exist in the target folder, they are used only if evaluated equal; otherwise an error is returned. It assumes the etcd CA certificate and key file exist in the CertificatesDir
func CreateEtcdPeerCertAndKeyFiles ¶ added in v1.10.8
func CreateEtcdPeerCertAndKeyFiles(cfg *kubeadmapi.MasterConfiguration) error
CreateEtcdPeerCertAndKeyFiles create a new certificate and key file for etcd peering. If the etcd peer certificate and key file already exist in the target folder, they are used only if evaluated equal; otherwise an error is returned. It assumes the etcd CA certificate and key file exist in the CertificatesDir
func CreateEtcdServerCertAndKeyFiles ¶ added in v1.10.8
func CreateEtcdServerCertAndKeyFiles(cfg *kubeadmapi.MasterConfiguration) error
CreateEtcdServerCertAndKeyFiles create a new certificate and key file for etcd. If the etcd serving certificate and key file already exist in the target folder, they are used only if evaluated equal; otherwise an error is returned. It assumes the etcd CA certificate and key file exist in the CertificatesDir
func CreateFrontProxyCACertAndKeyFiles ¶ added in v1.8.0
func CreateFrontProxyCACertAndKeyFiles(cfg *kubeadmapi.MasterConfiguration) error
CreateFrontProxyCACertAndKeyFiles create a self signed front proxy CA certificate and key files. Front proxy CA and client certs are used to secure a front proxy authenticator which is used to assert identity without the client cert; This is a separate CA, so that front proxy identities cannot hit the API and normal client certs cannot be used as front proxies. If the front proxy CA certificate and key files already exists in the target folder, they are used only if evaluated equals; otherwise an error is returned.
func CreateFrontProxyClientCertAndKeyFiles ¶ added in v1.8.0
func CreateFrontProxyClientCertAndKeyFiles(cfg *kubeadmapi.MasterConfiguration) error
CreateFrontProxyClientCertAndKeyFiles create a new certificate for proxy server client. If the front-proxy-client certificate and key files already exists in the target folder, they are used only if evaluated equals; otherwise an error is returned. It assumes the front proxy CA certificate and key files exist in the CertificatesDir.
func CreatePKIAssets ¶
func CreatePKIAssets(cfg *kubeadmapi.MasterConfiguration) error
CreatePKIAssets will create and write to disk all PKI assets necessary to establish the control plane. If the PKI assets already exists in the target folder, they are used only if evaluated equal; otherwise an error is returned.
func CreateServiceAccountKeyAndPublicKeyFiles ¶ added in v1.8.0
func CreateServiceAccountKeyAndPublicKeyFiles(cfg *kubeadmapi.MasterConfiguration) error
CreateServiceAccountKeyAndPublicKeyFiles create a new public/private key files for signing service account users. If the sa public/private key files already exists in the target folder, they are used only if evaluated equals; otherwise an error is returned.
func NewAPIServerCertAndKey ¶ added in v1.8.0
func NewAPIServerCertAndKey(cfg *kubeadmapi.MasterConfiguration, caCert *x509.Certificate, caKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey, error)
NewAPIServerCertAndKey generate certificate for apiserver, signed by the given CA.
func NewAPIServerEtcdClientCertAndKey ¶ added in v1.10.8
func NewAPIServerEtcdClientCertAndKey(caCert *x509.Certificate, caKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey, error)
NewAPIServerEtcdClientCertAndKey generate certificate for the apiservers to connect to etcd securely, signed by the given CA.
func NewAPIServerKubeletClientCertAndKey ¶ added in v1.8.0
func NewAPIServerKubeletClientCertAndKey(caCert *x509.Certificate, caKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey, error)
NewAPIServerKubeletClientCertAndKey generate certificate for the apiservers to connect to the kubelets securely, signed by the given CA.
func NewCACertAndKey ¶ added in v1.8.0
func NewCACertAndKey() (*x509.Certificate, *rsa.PrivateKey, error)
NewCACertAndKey will generate a self signed CA.
func NewEtcdCACertAndKey ¶ added in v1.10.8
func NewEtcdCACertAndKey() (*x509.Certificate, *rsa.PrivateKey, error)
NewEtcdCACertAndKey generate a self signed etcd CA.
func NewEtcdHealthcheckClientCertAndKey ¶ added in v1.10.8
func NewEtcdHealthcheckClientCertAndKey(caCert *x509.Certificate, caKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey, error)
NewEtcdHealthcheckClientCertAndKey generate certificate for liveness probes to healthcheck etcd, signed by the given CA.
func NewEtcdPeerCertAndKey ¶ added in v1.10.8
func NewEtcdPeerCertAndKey(cfg *kubeadmapi.MasterConfiguration, caCert *x509.Certificate, caKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey, error)
NewEtcdPeerCertAndKey generate certificate for etcd peering, signed by the given CA.
func NewEtcdServerCertAndKey ¶ added in v1.10.8
func NewEtcdServerCertAndKey(cfg *kubeadmapi.MasterConfiguration, caCert *x509.Certificate, caKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey, error)
NewEtcdServerCertAndKey generate certificate for etcd, signed by the given CA.
func NewFrontProxyCACertAndKey ¶ added in v1.8.0
func NewFrontProxyCACertAndKey() (*x509.Certificate, *rsa.PrivateKey, error)
NewFrontProxyCACertAndKey generate a self signed front proxy CA.
func NewFrontProxyClientCertAndKey ¶ added in v1.8.0
func NewFrontProxyClientCertAndKey(frontProxyCACert *x509.Certificate, frontProxyCAKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey, error)
NewFrontProxyClientCertAndKey generate certificate for proxy server client, signed by the given front proxy CA.
func NewServiceAccountSigningKey ¶ added in v1.8.0
func NewServiceAccountSigningKey() (*rsa.PrivateKey, error)
NewServiceAccountSigningKey generate public/private key pairs for signing service account tokens.
func UsingExternalCA ¶ added in v1.8.0
func UsingExternalCA(cfg *kubeadmapi.MasterConfiguration) (bool, error)
UsingExternalCA determines whether the user is relying on an external CA. We currently implicitly determine this is the case when the CA Cert is present but the CA Key is not. This allows us to, e.g., skip generating certs or not start the csr signing controller.
Types ¶
This section is empty.