Documentation
¶
Index ¶
- Variables
- func DefaultKubeiCfg(k *Kubei)
- func DefaultkubeadmCfg(k *Kubeadm, ki *Kubei)
- func GetAPIServerAltNames(node *Node, cfg *kubeadmapi.InitConfiguration) (*certutil.AltNames, error)
- func GetEtcdAltNames(node *Node, cfg *kubeadmapi.InitConfiguration) (*certutil.AltNames, error)
- func GetEtcdPeerAltNames(node *Node, cfg *kubeadmapi.InitConfiguration) (*certutil.AltNames, error)
- type Addons
- type Calico
- type Cert
- func (c *Cert) CreateAsCA(node *Node, ic *kubeadmapi.InitConfiguration) error
- func (c *Cert) CreateFromCA(node *Node, ic *kubeadmapi.InitConfiguration, caCert *x509.Certificate, ...) error
- func (c *Cert) CreateKubeConfig(ic *kubeadmapi.InitConfiguration, caCert *x509.Certificate) error
- func (c *Cert) GetConfig(node *Node, ic *kubeadmapi.InitConfiguration) (*pkiutil.CertConfig, error)
- type CertificateMap
- type CertificateTree
- type Certificates
- type Cluster
- type ClusterNodes
- type ConfigMutatorsFunc
- type ContainerEngine
- type Docker
- type Flannel
- type HA
- type HostInfo
- type Image
- type Install
- type JumpServer
- type Kubeadm
- type Kubei
- type Kubernetes
- type LocalSLB
- type NetworkPlugins
- type Nginx
- type Node
- type Reset
- type Token
Constants ¶
This section is empty.
Variables ¶
View Source
var ( // CertRootCA is the definition of the Kubernetes Root CA for the API Server and kubelet. CertRootCA = Cert{ Name: "ca", LongName: "self-signed Kubernetes CA to provision identities for other Kubernetes components", BaseName: kubeadmconstants.CACertAndKeyBaseName, Config: pkiutil.CertConfig{ Config: certutil.Config{ CommonName: "kubernetes", }, }, } // CertAPIServer is the definition of the cert used to serve the Kubernetes API. CertAPIServer = Cert{ Name: "apiserver", LongName: "certificate for serving the Kubernetes API", BaseName: kubeadmconstants.APIServerCertAndKeyBaseName, CAName: "ca", Config: pkiutil.CertConfig{ Config: certutil.Config{ CommonName: kubeadmconstants.APIServerCertCommonName, Usages: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, }, }, ConfigMutators: []ConfigMutatorsFunc{ makeAltNamesMutator(GetAPIServerAltNames), }, } // CertKubeletClient is the definition of the cert used by the API server to access the kubelet. CertKubeletClient = Cert{ Name: "apiserver-kubelet-client", LongName: "certificate for the API server to connect to kubelet", BaseName: kubeadmconstants.APIServerKubeletClientCertAndKeyBaseName, CAName: "ca", Config: pkiutil.CertConfig{ Config: certutil.Config{ CommonName: kubeadmconstants.APIServerKubeletClientCertCommonName, Organization: []string{kubeadmconstants.SystemPrivilegedGroup}, Usages: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}, }, }, } // CertFrontProxyCA is the definition of the CA used for the front end proxy. CertFrontProxyCA = Cert{ Name: "front-proxy-ca", LongName: "self-signed CA to provision identities for front proxy", BaseName: kubeadmconstants.FrontProxyCACertAndKeyBaseName, Config: pkiutil.CertConfig{ Config: certutil.Config{ CommonName: "front-proxy-ca", }, }, } // CertFrontProxyClient is the definition of the cert used by the API server to access the front proxy. CertFrontProxyClient = Cert{ Name: "front-proxy-client", BaseName: kubeadmconstants.FrontProxyClientCertAndKeyBaseName, LongName: "certificate for the front proxy client", CAName: "front-proxy-ca", Config: pkiutil.CertConfig{ Config: certutil.Config{ CommonName: kubeadmconstants.FrontProxyClientCertCommonName, Usages: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}, }, }, } // CertEtcdCA is the definition of the root CA used by the hosted etcd server. CertEtcdCA = Cert{ Name: "etcd-ca", LongName: "self-signed CA to provision identities for etcd", BaseName: kubeadmconstants.EtcdCACertAndKeyBaseName, Config: pkiutil.CertConfig{ Config: certutil.Config{ CommonName: "etcd-ca", }, }, } // CertEtcdServer is the definition of the cert used to serve etcd to clients. CertEtcdServer = Cert{ Name: "etcd-server", LongName: "certificate for serving etcd", BaseName: kubeadmconstants.EtcdServerCertAndKeyBaseName, CAName: "etcd-ca", Config: pkiutil.CertConfig{ Config: certutil.Config{ Usages: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth}, }, }, ConfigMutators: []ConfigMutatorsFunc{ makeAltNamesMutator(GetEtcdAltNames), setCommonNameToNodeName(), }, } // CertEtcdPeer is the definition of the cert used by etcd peers to access each other. CertEtcdPeer = Cert{ Name: "etcd-peer", LongName: "certificate for etcd nodes to communicate with each other", BaseName: kubeadmconstants.EtcdPeerCertAndKeyBaseName, CAName: "etcd-ca", Config: pkiutil.CertConfig{ Config: certutil.Config{ Usages: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth}, }, }, ConfigMutators: []ConfigMutatorsFunc{ makeAltNamesMutator(GetEtcdPeerAltNames), setCommonNameToNodeName(), }, } // CertEtcdHealthcheck is the definition of the cert used by Kubernetes to check the health of the etcd server. CertEtcdHealthcheck = Cert{ Name: "etcd-healthcheck-client", LongName: "certificate for liveness probes to healthcheck etcd", BaseName: kubeadmconstants.EtcdHealthcheckClientCertAndKeyBaseName, CAName: "etcd-ca", Config: pkiutil.CertConfig{ Config: certutil.Config{ CommonName: kubeadmconstants.EtcdHealthcheckClientCertCommonName, Organization: []string{kubeadmconstants.SystemPrivilegedGroup}, Usages: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}, }, }, } // CertEtcdAPIClient is the definition of the cert used by the API server to access etcd. CertEtcdAPIClient = Cert{ Name: "apiserver-etcd-client", LongName: "certificate the apiserver uses to access etcd", BaseName: kubeadmconstants.APIServerEtcdClientCertAndKeyBaseName, CAName: "etcd-ca", Config: pkiutil.CertConfig{ Config: certutil.Config{ CommonName: kubeadmconstants.APIServerEtcdClientCertCommonName, Organization: []string{kubeadmconstants.SystemPrivilegedGroup}, Usages: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}, }, }, } // CertAPIServerKubeletClient is the definition of the cert used by the kubelet to access the API server. CertAPIServerKubeletClient = Cert{ Name: "kubelet", LongName: "certificate for the kubelet to access the API server", BaseName: kubeadmconstants.KubeletKubeConfigFileName, CAName: "ca", IsKubeConfig: true, Config: pkiutil.CertConfig{ Config: certutil.Config{ CommonName: kubeadmconstants.APIServerKubeletClientCertCommonName, Organization: []string{kubeadmconstants.NodesGroup}, Usages: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}, }, }, ConfigMutators: []ConfigMutatorsFunc{ setCommonNameToKubelet(), }, } // CertAPIServerKubeletClient is the definition of the cert used by the kubelet to access the API server. CertAPIServerControllerManagerClient = Cert{ Name: "controller-manager", LongName: "certificate for the kube-controller-manager to access the API server", BaseName: kubeadmconstants.ControllerManagerKubeConfigFileName, CAName: "ca", IsKubeConfig: true, Config: pkiutil.CertConfig{ Config: certutil.Config{ CommonName: kubeadmconstants.ControllerManagerUser, Usages: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}, }, }, } // CertAPIServerKubeletClient is the definition of the cert used by the kubelet to access the API server. CertAPIServerSchedulerClient = Cert{ Name: "scheduler", LongName: "certificate for the kube-scheduler to access the API server", BaseName: kubeadmconstants.SchedulerKubeConfigFileName, CAName: "ca", IsKubeConfig: true, Config: pkiutil.CertConfig{ Config: certutil.Config{ CommonName: kubeadmconstants.SchedulerUser, Usages: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}, }, }, } // CertAPIServerKubeletClient is the definition of the cert used by the kubelet to access the API server. CertAPIServerAdminClient = Cert{ Name: "admin", LongName: "certificate for the kube-admin to access the API server", BaseName: kubeadmconstants.AdminKubeConfigFileName, CAName: "ca", IsKubeConfig: true, Config: pkiutil.CertConfig{ Config: certutil.Config{ CommonName: "kubernetes-admin", Organization: []string{kubeadmconstants.SystemPrivilegedGroup}, Usages: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}, }, }, } )
Functions ¶
func DefaultKubeiCfg ¶
func DefaultKubeiCfg(k *Kubei)
func DefaultkubeadmCfg ¶
func GetAPIServerAltNames ¶
func GetAPIServerAltNames(node *Node, cfg *kubeadmapi.InitConfiguration) (*certutil.AltNames, error)
GetAPIServerAltNames builds an AltNames object for to be used when generating apiserver certificate
func GetEtcdAltNames ¶
func GetEtcdAltNames(node *Node, cfg *kubeadmapi.InitConfiguration) (*certutil.AltNames, error)
GetEtcdAltNames builds an AltNames object for generating the etcd server certificate. `advertise address` and localhost are included in the SAN since this is the interfaces the etcd static pod listens on. The user can override the listen address with `Etcd.ExtraArgs` and add SANs with `Etcd.ServerCertSANs`.
func GetEtcdPeerAltNames ¶
func GetEtcdPeerAltNames(node *Node, cfg *kubeadmapi.InitConfiguration) (*certutil.AltNames, error)
GetEtcdPeerAltNames builds an AltNames object for generating the etcd peer certificate. Hostname and `API.AdvertiseAddress` are included if the user chooses to promote the single node etcd cluster into a multi-node one (stacked etcd). The user can override the listen address with `Etcd.ExtraArgs` and add SANs with `Etcd.PeerCertSANs`.
Types ¶
type Cert ¶
type Cert struct {
Name string
LongName string
BaseName string
CAName string
IsKubeConfig bool
Cert *x509.Certificate
Key crypto.Signer
// Some attributes will depend on the InitConfiguration, only known at runtime.
// These functions will be run in series, passed both the InitConfiguration and a cert Config.
ConfigMutators []ConfigMutatorsFunc
Config pkiutil.CertConfig
KubeConfig clientcmdapi.Config
}
Cert represents a certificate that will create to function properly.
func (*Cert) CreateAsCA ¶
func (c *Cert) CreateAsCA(node *Node, ic *kubeadmapi.InitConfiguration) error
CreateAsCA creates a certificate authority, writing the files to disk and also returning the created CA so it can be used to sign child certs.
func (*Cert) CreateFromCA ¶
func (c *Cert) CreateFromCA(node *Node, ic *kubeadmapi.InitConfiguration, caCert *x509.Certificate, caKey crypto.Signer) error
CreateFromCA makes and writes a certificate using the given CA cert and key.
func (*Cert) CreateKubeConfig ¶
func (c *Cert) CreateKubeConfig(ic *kubeadmapi.InitConfiguration, caCert *x509.Certificate) error
func (*Cert) GetConfig ¶
func (c *Cert) GetConfig(node *Node, ic *kubeadmapi.InitConfiguration) (*pkiutil.CertConfig, error)
GetConfig returns the definition for the given cert given the provided InitConfiguration
type CertificateMap ¶
CertificateMap is a flat map of certificates, keyed by Name.
func (CertificateMap) CertTree ¶
func (m CertificateMap) CertTree() (CertificateTree, error)
CertTree returns a one-level-deep tree, mapping a CA cert to an array of certificates that should be signed by it.
type CertificateTree ¶
type CertificateTree map[*Cert]Certificates
CertificateTree is represents a one-level-deep tree, mapping a CA to the certs that depend on it.
func (CertificateTree) Create ¶
func (t CertificateTree) Create(node *Node, ic *kubeadmapi.InitConfiguration, notAfterTime time.Duration) error
Create creates the CAs, certs signed by the CAs.
func (CertificateTree) CreateKubeConfig ¶
func (t CertificateTree) CreateKubeConfig(ic *kubeadmapi.InitConfiguration) error
type Certificates ¶
type Certificates []*Cert
Certificates is a list of Certificates
func (Certificates) AsMap ¶
func (c Certificates) AsMap() CertificateMap
AsMap returns the list of certificates as a map, keyed by name.
type Cluster ¶
func NewCluster ¶
func NewCluster() *Cluster
type ClusterNodes ¶
func (*ClusterNodes) GetAllMastersHost ¶
func (c *ClusterNodes) GetAllMastersHost() []string
func (*ClusterNodes) GetAllNodes ¶
func (c *ClusterNodes) GetAllNodes() []*Node
type ConfigMutatorsFunc ¶
type ConfigMutatorsFunc func(*Node, *kubeadmapi.InitConfiguration, *pkiutil.CertConfig) error
type ContainerEngine ¶
type JumpServer ¶
type Kubeadm ¶
type Kubeadm struct {
kubeadmapi.InitConfiguration
}
func NewKubeadm ¶
func NewKubeadm() *Kubeadm
type Kubei ¶
type Kubei struct {
ContainerEngine ContainerEngine
Kubernetes Kubernetes
ClusterNodes ClusterNodes
NetworkPlugins NetworkPlugins
HA HA
JumpServer JumpServer
Install Install
Reset Reset
Addons Addons
OfflineFile string
Online bool
CertNotAfterTime int
}
type Kubernetes ¶
type NetworkPlugins ¶
Source Files
Click to show internal directories.
Click to hide internal directories.