rundata

package
v0.7.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 30, 2021 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// CertRootCA is the definition of the Kubernetes Root CA for the API Server and kubelet.
	CertRootCA = Cert{
		Name:     "ca",
		LongName: "self-signed Kubernetes CA to provision identities for other Kubernetes components",
		BaseName: kubeadmconstants.CACertAndKeyBaseName,
		Config: pkiutil.CertConfig{
			Config: certutil.Config{
				CommonName: "kubernetes",
			},
		},
	}
	// CertAPIServer is the definition of the cert used to serve the Kubernetes API.
	CertAPIServer = Cert{
		Name:     "apiserver",
		LongName: "certificate for serving the Kubernetes API",
		BaseName: kubeadmconstants.APIServerCertAndKeyBaseName,
		CAName:   "ca",
		Config: pkiutil.CertConfig{
			Config: certutil.Config{
				CommonName: kubeadmconstants.APIServerCertCommonName,
				Usages:     []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
			},
		},
		ConfigMutators: []ConfigMutatorsFunc{
			makeAltNamesMutator(GetAPIServerAltNames),
		},
	}
	// CertKubeletClient is the definition of the cert used by the API server to access the kubelet.
	CertKubeletClient = Cert{
		Name:     "apiserver-kubelet-client",
		LongName: "certificate for the API server to connect to kubelet",
		BaseName: kubeadmconstants.APIServerKubeletClientCertAndKeyBaseName,
		CAName:   "ca",
		Config: pkiutil.CertConfig{
			Config: certutil.Config{
				CommonName:   kubeadmconstants.APIServerKubeletClientCertCommonName,
				Organization: []string{kubeadmconstants.SystemPrivilegedGroup},
				Usages:       []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
			},
		},
	}

	// CertFrontProxyCA is the definition of the CA used for the front end proxy.
	CertFrontProxyCA = Cert{
		Name:     "front-proxy-ca",
		LongName: "self-signed CA to provision identities for front proxy",
		BaseName: kubeadmconstants.FrontProxyCACertAndKeyBaseName,
		Config: pkiutil.CertConfig{
			Config: certutil.Config{
				CommonName: "front-proxy-ca",
			},
		},
	}

	// CertFrontProxyClient is the definition of the cert used by the API server to access the front proxy.
	CertFrontProxyClient = Cert{
		Name:     "front-proxy-client",
		BaseName: kubeadmconstants.FrontProxyClientCertAndKeyBaseName,
		LongName: "certificate for the front proxy client",
		CAName:   "front-proxy-ca",
		Config: pkiutil.CertConfig{
			Config: certutil.Config{
				CommonName: kubeadmconstants.FrontProxyClientCertCommonName,
				Usages:     []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
			},
		},
	}

	// CertEtcdCA is the definition of the root CA used by the hosted etcd server.
	CertEtcdCA = Cert{
		Name:     "etcd-ca",
		LongName: "self-signed CA to provision identities for etcd",
		BaseName: kubeadmconstants.EtcdCACertAndKeyBaseName,
		Config: pkiutil.CertConfig{
			Config: certutil.Config{
				CommonName: "etcd-ca",
			},
		},
	}
	// CertEtcdServer is the definition of the cert used to serve etcd to clients.
	CertEtcdServer = Cert{
		Name:     "etcd-server",
		LongName: "certificate for serving etcd",
		BaseName: kubeadmconstants.EtcdServerCertAndKeyBaseName,
		CAName:   "etcd-ca",
		Config: pkiutil.CertConfig{
			Config: certutil.Config{
				Usages: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth},
			},
		},
		ConfigMutators: []ConfigMutatorsFunc{
			makeAltNamesMutator(GetEtcdAltNames),
			setCommonNameToNodeName(),
		},
	}
	// CertEtcdPeer is the definition of the cert used by etcd peers to access each other.
	CertEtcdPeer = Cert{
		Name:     "etcd-peer",
		LongName: "certificate for etcd nodes to communicate with each other",
		BaseName: kubeadmconstants.EtcdPeerCertAndKeyBaseName,
		CAName:   "etcd-ca",
		Config: pkiutil.CertConfig{
			Config: certutil.Config{
				Usages: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth},
			},
		},
		ConfigMutators: []ConfigMutatorsFunc{
			makeAltNamesMutator(GetEtcdPeerAltNames),
			setCommonNameToNodeName(),
		},
	}
	// CertEtcdHealthcheck is the definition of the cert used by Kubernetes to check the health of the etcd server.
	CertEtcdHealthcheck = Cert{
		Name:     "etcd-healthcheck-client",
		LongName: "certificate for liveness probes to healthcheck etcd",
		BaseName: kubeadmconstants.EtcdHealthcheckClientCertAndKeyBaseName,
		CAName:   "etcd-ca",
		Config: pkiutil.CertConfig{
			Config: certutil.Config{
				CommonName:   kubeadmconstants.EtcdHealthcheckClientCertCommonName,
				Organization: []string{kubeadmconstants.SystemPrivilegedGroup},
				Usages:       []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
			},
		},
	}
	// CertEtcdAPIClient is the definition of the cert used by the API server to access etcd.
	CertEtcdAPIClient = Cert{
		Name:     "apiserver-etcd-client",
		LongName: "certificate the apiserver uses to access etcd",
		BaseName: kubeadmconstants.APIServerEtcdClientCertAndKeyBaseName,
		CAName:   "etcd-ca",
		Config: pkiutil.CertConfig{
			Config: certutil.Config{
				CommonName:   kubeadmconstants.APIServerEtcdClientCertCommonName,
				Organization: []string{kubeadmconstants.SystemPrivilegedGroup},
				Usages:       []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
			},
		},
	}

	// CertAPIServerKubeletClient is the definition of the cert used by the kubelet to access the API server.
	CertAPIServerKubeletClient = Cert{
		Name:         "kubelet",
		LongName:     "certificate for the kubelet to access the API server",
		BaseName:     kubeadmconstants.KubeletKubeConfigFileName,
		CAName:       "ca",
		IsKubeConfig: true,
		Config: pkiutil.CertConfig{
			Config: certutil.Config{
				CommonName:   kubeadmconstants.APIServerKubeletClientCertCommonName,
				Organization: []string{kubeadmconstants.NodesGroup},
				Usages:       []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
			},
		},
		ConfigMutators: []ConfigMutatorsFunc{
			setCommonNameToKubelet(),
		},
	}

	// CertAPIServerKubeletClient is the definition of the cert used by the kubelet to access the API server.
	CertAPIServerControllerManagerClient = Cert{
		Name:         "controller-manager",
		LongName:     "certificate for the kube-controller-manager to access the API server",
		BaseName:     kubeadmconstants.ControllerManagerKubeConfigFileName,
		CAName:       "ca",
		IsKubeConfig: true,
		Config: pkiutil.CertConfig{
			Config: certutil.Config{
				CommonName: kubeadmconstants.ControllerManagerUser,
				Usages:     []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
			},
		},
	}

	// CertAPIServerKubeletClient is the definition of the cert used by the kubelet to access the API server.
	CertAPIServerSchedulerClient = Cert{
		Name:         "scheduler",
		LongName:     "certificate for the kube-scheduler to access the API server",
		BaseName:     kubeadmconstants.SchedulerKubeConfigFileName,
		CAName:       "ca",
		IsKubeConfig: true,
		Config: pkiutil.CertConfig{
			Config: certutil.Config{
				CommonName: kubeadmconstants.SchedulerUser,
				Usages:     []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
			},
		},
	}

	// CertAPIServerKubeletClient is the definition of the cert used by the kubelet to access the API server.
	CertAPIServerAdminClient = Cert{
		Name:         "admin",
		LongName:     "certificate for the kube-admin to access the API server",
		BaseName:     kubeadmconstants.AdminKubeConfigFileName,
		CAName:       "ca",
		IsKubeConfig: true,
		Config: pkiutil.CertConfig{
			Config: certutil.Config{
				CommonName:   "kubernetes-admin",
				Organization: []string{kubeadmconstants.SystemPrivilegedGroup},
				Usages:       []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
			},
		},
	}
)

Functions

func DefaultKubeiCfg 

func DefaultKubeiCfg(k *Kubei)

func DefaultkubeadmCfg 

func DefaultkubeadmCfg(k *Kubeadm, ki *Kubei)

func GetAPIServerAltNames 

func GetAPIServerAltNames(node *Node, cfg *kubeadmapi.InitConfiguration) (*certutil.AltNames, error)

GetAPIServerAltNames builds an AltNames object for to be used when generating apiserver certificate

func GetEtcdAltNames 

func GetEtcdAltNames(node *Node, cfg *kubeadmapi.InitConfiguration) (*certutil.AltNames, error)

GetEtcdAltNames builds an AltNames object for generating the etcd server certificate. `advertise address` and localhost are included in the SAN since this is the interfaces the etcd static pod listens on. The user can override the listen address with `Etcd.ExtraArgs` and add SANs with `Etcd.ServerCertSANs`.

func GetEtcdPeerAltNames 

func GetEtcdPeerAltNames(node *Node, cfg *kubeadmapi.InitConfiguration) (*certutil.AltNames, error)

GetEtcdPeerAltNames builds an AltNames object for generating the etcd peer certificate. Hostname and `API.AdvertiseAddress` are included if the user chooses to promote the single node etcd cluster into a multi-node one (stacked etcd). The user can override the listen address with `Etcd.ExtraArgs` and add SANs with `Etcd.PeerCertSANs`.

Types

type Addons 

type Addons struct {
}

type Calico 

type Calico struct {
	Image Image
}

func (*Calico) GetImage 

func (c *Calico) GetImage(image string) string

type Cert 

type Cert struct {
	Name         string
	LongName     string
	BaseName     string
	CAName       string
	IsKubeConfig bool
	Cert         *x509.Certificate
	Key          crypto.Signer
	// Some attributes will depend on the InitConfiguration, only known at runtime.
	// These functions will be run in series, passed both the InitConfiguration and a cert Config.
	ConfigMutators []ConfigMutatorsFunc
	Config         pkiutil.CertConfig
	KubeConfig     clientcmdapi.Config
}

Cert represents a certificate that will create to function properly.

func (*Cert) CreateAsCA 

func (c *Cert) CreateAsCA(node *Node, ic *kubeadmapi.InitConfiguration) error

CreateAsCA creates a certificate authority, writing the files to disk and also returning the created CA so it can be used to sign child certs.

func (*Cert) CreateFromCA 

func (c *Cert) CreateFromCA(node *Node, ic *kubeadmapi.InitConfiguration, caCert *x509.Certificate, caKey crypto.Signer) error

CreateFromCA makes and writes a certificate using the given CA cert and key.

func (*Cert) CreateKubeConfig 

func (c *Cert) CreateKubeConfig(ic *kubeadmapi.InitConfiguration, caCert *x509.Certificate) error

func (*Cert) GetConfig 

func (c *Cert) GetConfig(node *Node, ic *kubeadmapi.InitConfiguration) (*pkiutil.CertConfig, error)

GetConfig returns the definition for the given cert given the provided InitConfiguration

type CertificateMap 

type CertificateMap map[string]*Cert

CertificateMap is a flat map of certificates, keyed by Name.

func (CertificateMap) CertTree 

func (m CertificateMap) CertTree() (CertificateTree, error)

CertTree returns a one-level-deep tree, mapping a CA cert to an array of certificates that should be signed by it.

type CertificateTree 

type CertificateTree map[*Cert]Certificates

CertificateTree is represents a one-level-deep tree, mapping a CA to the certs that depend on it.

func (CertificateTree) Create 

func (t CertificateTree) Create(node *Node, ic *kubeadmapi.InitConfiguration, notAfterTime time.Duration) error

Create creates the CAs, certs signed by the CAs.

func (CertificateTree) CreateKubeConfig 

func (t CertificateTree) CreateKubeConfig(ic *kubeadmapi.InitConfiguration) error

type Certificates 

type Certificates []*Cert

Certificates is a list of Certificates

func GetDefaultCertList 

func GetDefaultCertList() Certificates

GetDefaultCertList

func (Certificates) AsMap 

func (c Certificates) AsMap() CertificateMap

AsMap returns the list of certificates as a map, keyed by name.

type Cluster 

type Cluster struct {
	*Kubei
	Kubeadm *Kubeadm
	Mutex   sync.Mutex
}

func NewCluster 

func NewCluster() *Cluster

func (*Cluster) String added in v0.6.1 

func (c *Cluster) String() string

type ClusterNodes 

type ClusterNodes struct {
	Masters []*Node
	Workers []*Node
}

func (*ClusterNodes) GetAllMastersHost 

func (c *ClusterNodes) GetAllMastersHost() []string

func (*ClusterNodes) GetAllNodes 

func (c *ClusterNodes) GetAllNodes() []*Node

type ConfigMutatorsFunc 

type ConfigMutatorsFunc func(*Node, *kubeadmapi.InitConfiguration, *pkiutil.CertConfig) error

type ContainerEngine 

type ContainerEngine struct {
	Type   string
	Docker Docker
}

type Docker 

type Docker struct {
	Version        string
	CGroupDriver   string
	LogDriver      string
	LogOptsMaxSize string
	StorageDriver  string
}

type Flannel 

type Flannel struct {
	Image       Image
	BackendType string
}

type HA 

type HA struct {
	// LocalSLB、None
	// TODO ExternalSLB
	Type     string
	LocalSLB LocalSLB
}

type HostInfo 

type HostInfo struct {
	Host     string
	User     string
	Password string
	Port     string
	Key      string
}

type Image 

type Image struct {
	ImageRepository string
	ImageName       string
	ImageTag        string
}

func (*Image) GetImage 

func (i *Image) GetImage() string

type Install 

type Install struct {
	Type string
}

type JumpServer 

type JumpServer struct {
	*ssh.Client
	HostInfo HostInfo
}

type Kubeadm 

type Kubeadm struct {
	kubeadmapi.InitConfiguration
}

func NewKubeadm 

func NewKubeadm() *Kubeadm

type Kubei 

type Kubei struct {
	ContainerEngine  ContainerEngine
	Kubernetes       Kubernetes
	ClusterNodes     ClusterNodes
	NetworkPlugins   NetworkPlugins
	HA               HA
	JumpServer       JumpServer
	Install          Install
	Reset            Reset
	Addons           Addons
	OfflineFile      string
	Online           bool
	CertNotAfterTime int
}

func NewKubei 

func NewKubei() *Kubei

type Kubernetes 

type Kubernetes struct {
	Version string
	Token   Token
}

type LocalSLB 

type LocalSLB struct {
	// Default Nginx
	// TODO HAproxy
	Type  string
	Nginx Nginx
}

type NetworkPlugins 

type NetworkPlugins struct {
	// network plugins, calico, flannel, none
	Type    string
	Flannel Flannel
	Calico  Calico
}

type Nginx 

type Nginx struct {
	Port  string
	Image Image
}

type Node 

type Node struct {
	SSH                   *ssh.Client
	HostInfo              HostInfo
	CertificateTree       CertificateTree
	Name                  string
	PackageManagementType string
	InstallType           string
	IsSend                bool
}

func (*Node) Run 

func (n *Node) Run(cmd string) error

func (*Node) RunOut 

func (n *Node) RunOut(cmd string) ([]byte, error)

type Reset 

type Reset struct {
	RemoveContainerEngine bool
	RemoveKubeComponent   bool
}

type Token 

type Token struct {
	Token          string
	CaCertHash     string
	CertificateKey string
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.