renewal

package
v1.18.5-rc.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 25, 2020 License: Apache-2.0 Imports: 23 Imported by: 38

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type APIRenewer added in v1.15.0

type APIRenewer struct {
	// contains filtered or unexported fields
}

APIRenewer define a certificate renewer implementation that uses the K8s certificate API

func NewAPIRenewer added in v1.15.0

func NewAPIRenewer(client clientset.Interface) *APIRenewer

NewAPIRenewer a new certificate renewer implementation that uses the K8s certificate API

func (*APIRenewer) Renew added in v1.15.0

Renew a certificate using the K8s certificate API

type CAExpirationHandler added in v1.17.0

type CAExpirationHandler struct {
	// Name of the CA to be used for UX.
	// This value can be used to trigger operations on this CA
	Name string

	// LongName of the CA to be used for UX
	LongName string

	// FileName defines the name (or the BaseName) of the CA file
	FileName string
	// contains filtered or unexported fields
}

CAExpirationHandler defines required info for CA expiration check

type CertificateRenewHandler added in v1.15.0

type CertificateRenewHandler struct {
	// Name of the certificate to be used for UX.
	// This value can be used to trigger operations on this certificate
	Name string

	// LongName of the certificate to be used for UX
	LongName string

	// FileName defines the name (or the BaseName) of the certificate file
	FileName string

	// CAName defines the name for the CA on which this certificate depends
	CAName string

	// CABaseName defines the base name for the CA that should be used for certificate renewal
	CABaseName string
	// contains filtered or unexported fields
}

CertificateRenewHandler defines required info for renewing a certificate

type ExpirationInfo added in v1.15.0

type ExpirationInfo struct {
	// Name of the certificate
	// For PKI certificates, it is the name defined in the certsphase package, while for certificates
	// embedded in the kubeConfig files, it is the kubeConfig file name defined in the kubeadm constants package.
	// If you use the CertificateRenewHandler returned by Certificates func, handler.Name already contains the right value.
	Name string

	// ExpirationDate defines certificate expiration date
	ExpirationDate time.Time

	// ExternallyManaged defines if the certificate is externally managed, that is when
	// the signing CA certificate is provided without the certificate key (In this case kubeadm can't renew the certificate)
	ExternallyManaged bool
}

ExpirationInfo defines expiration info for a certificate

func (*ExpirationInfo) ResidualTime added in v1.15.0

func (e *ExpirationInfo) ResidualTime() time.Duration

ResidualTime returns the time missing to expiration

type FileRenewer added in v1.15.0

type FileRenewer struct {
	// contains filtered or unexported fields
}

FileRenewer define a certificate renewer implementation that uses given CA cert and key for generating new certficiates

func NewFileRenewer added in v1.15.0

func NewFileRenewer(caCert *x509.Certificate, caKey crypto.Signer) *FileRenewer

NewFileRenewer returns a new certificate renewer that uses given CA cert and key for generating new certficiates

func (*FileRenewer) Renew added in v1.15.0

Renew a certificate using a given CA cert and key

type Manager added in v1.15.0

type Manager struct {
	// contains filtered or unexported fields
}

Manager can be used to coordinate certificate renewal and related processes, like CSR generation or checking certificate expiration

func NewManager added in v1.15.0

func NewManager(cfg *kubeadmapi.ClusterConfiguration, kubernetesDir string) (*Manager, error)

NewManager return a new certificate renewal manager ready for handling certificates in the cluster

func (*Manager) CAExists added in v1.17.0

func (rm *Manager) CAExists(name string) (bool, error)

CAExists returns true if a certificate authority exists.

func (*Manager) CAs added in v1.17.0

func (rm *Manager) CAs() []*CAExpirationHandler

CAs returns the list of CAs related to the certificates that are controlled by this manager

func (*Manager) CertificateExists added in v1.17.0

func (rm *Manager) CertificateExists(name string) (bool, error)

CertificateExists returns true if a certificate exists.

func (*Manager) Certificates added in v1.15.0

func (rm *Manager) Certificates() []*CertificateRenewHandler

Certificates returns the list of certificates controlled by this Manager

func (*Manager) CreateRenewCSR added in v1.15.0

func (rm *Manager) CreateRenewCSR(name, outdir string) error

CreateRenewCSR generates CSR request for certificate renewal. For PKI certificates, use the name defined in the certsphase package, while for certificates embedded in the kubeConfig files, use the kubeConfig file name defined in the kubeadm constants package. If you use the CertificateRenewHandler returned by Certificates func, handler.Name already contains the right value.

func (*Manager) GetCAExpirationInfo added in v1.17.0

func (rm *Manager) GetCAExpirationInfo(name string) (*ExpirationInfo, error)

GetCAExpirationInfo returns CA expiration info.

func (*Manager) GetCertificateExpirationInfo added in v1.17.0

func (rm *Manager) GetCertificateExpirationInfo(name string) (*ExpirationInfo, error)

GetCertificateExpirationInfo returns certificate expiration info. For PKI certificates, use the name defined in the certsphase package, while for certificates embedded in the kubeConfig files, use the kubeConfig file name defined in the kubeadm constants package. If you use the CertificateRenewHandler returned by Certificates func, handler.Name already contains the right value.

func (*Manager) IsExternallyManaged added in v1.15.0

func (rm *Manager) IsExternallyManaged(caBaseName string) (bool, error)

IsExternallyManaged checks if we are in the external CA case (CA certificate provided without the certificate key)

func (*Manager) RenewUsingCSRAPI added in v1.15.0

func (rm *Manager) RenewUsingCSRAPI(name string, client clientset.Interface) error

RenewUsingCSRAPI executes certificate renewal uses the K8s certificate API. For PKI certificates, use the name defined in the certsphase package, while for certificates embedded in the kubeConfig files, use the kubeConfig file name defined in the kubeadm constants package. If you use the CertificateRenewHandler returned by Certificates func, handler.Name already contains the right value.

func (*Manager) RenewUsingLocalCA added in v1.15.0

func (rm *Manager) RenewUsingLocalCA(name string) (bool, error)

RenewUsingLocalCA executes certificate renewal using local certificate authorities for generating new certs. For PKI certificates, use the name defined in the certsphase package, while for certificates embedded in the kubeConfig files, use the kubeConfig file name defined in the kubeadm constants package. If you use the CertificateRenewHandler returned by Certificates func, handler.Name already contains the right value.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL