certificate

package

v0.1.0 Latest Latest Go to latest Published: Jun 8, 2021 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation ¶

Overview ¶

Package certificate contains helpers for managing KeyPairs.

Index ¶

Constants
type KeyPair
- func (k *KeyPair) AsSecret(clusterName client.ObjectKey, owner metav1.OwnerReference) *corev1.Secret
type KeyPairs

Constants ¶

View Source

const (

	// EtcdClient defines the client cert name for etcd.
	EtcdClient secret.Purpose = "etcd-client"

	// EtcdHealthClient defines the client cert name for etcd.
	EtcdHealthClient secret.Purpose = "etcd-health-client"

	// APIServerClient defines the client cert name for apiserver.
	APIServerClient secret.Purpose = "apiserver-client"

	// APIServerEtcdClient mirrors capi APIServerEtcdClient.
	APIServerEtcdClient secret.Purpose = secret.APIServerEtcdClient

	// KubeletClient defines the client cert name for kubelet.
	KubeletClient secret.Purpose = "kubelet-client"

	// ProxyClient defines the client cert name for the front proxy.
	ProxyClient secret.Purpose = "proxy-client"

	// ControllerManagerKubeconfig defines the secret purpose for KCM Kubeconfigs.
	ControllerManagerKubeconfig secret.Purpose = "controller-manager-kubeconfig"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type KeyPair ¶

type KeyPair struct {
	Purpose   secret.Purpose
	Cert      *x509.Certificate
	Key       crypto.Signer
	Generated bool
	New       bool
}

KeyPair defines a cert/key pair that is used for the Kubernetes clients this was inspired by CAPI's KCP and how it manages CAs.

func NewAPIServerCrtAndKey ¶

func NewAPIServerCrtAndKey(ca *KeyPair, clusterName, clusterDomainArg, apiserverDomain string, apiserverIPs ...string) (*KeyPair, error)

NewAPIServerCrtAndKey creates crt and key for apiserver using ca.

func NewAPIServerKubeletClientCertAndKey ¶

func NewAPIServerKubeletClientCertAndKey(ca *KeyPair) (*KeyPair, error)

NewAPIServerKubeletClientCertAndKey creates certificate for the apiservers to connect to the kubelets securely, signed by the ca.

func NewEtcdHealthcheckClientCertAndKey ¶

func NewEtcdHealthcheckClientCertAndKey(ca *KeyPair) (*KeyPair, error)

NewEtcdHealthcheckClientCertAndKey creates certificate for liveness probes to healthcheck etcd, signed by the given ca.

func NewEtcdServerCertAndKey ¶

func NewEtcdServerCertAndKey(ca *KeyPair, etcdDomains []string) (*KeyPair, error)

NewEtcdServerCertAndKey creates new crt-key pair using ca for etcd.

func NewFrontProxyClientCertAndKey ¶

func NewFrontProxyClientCertAndKey(ca *KeyPair) (*KeyPair, error)

NewFrontProxyClientCertAndKey creates crt-key pair for proxy client using ca.

func (*KeyPair) AsSecret ¶

func (k *KeyPair) AsSecret(clusterName client.ObjectKey, owner metav1.OwnerReference) *corev1.Secret

AsSecret will take a KeyPair and convert it into a corev1.Secret.

type KeyPairs ¶

type KeyPairs []*KeyPair

KeyPairs defines a set of keypairs to act on, this is useful in providing helpers to operate on many keypairs.

func (KeyPairs) Lookup ¶

func (kp KeyPairs) Lookup(ctx context.Context, cli client.Client, clusterName client.ObjectKey) error

Lookup looks up each certificate from secrets and populates the certificate with the secret data.

func (KeyPairs) LookupOrSave ¶

func (kp KeyPairs) LookupOrSave(ctx context.Context, ctrlclient client.Client, clusterName client.ObjectKey, owner metav1.OwnerReference) error

LookupOrSave is a convenience function that wraps cluster bootstrap certificate behavior.

func (KeyPairs) SaveGenerated ¶

func (kp KeyPairs) SaveGenerated(ctx context.Context, ctrlclient client.Client, clusterName client.ObjectKey, owner metav1.OwnerReference) error

SaveGenerated will save any certificates that have been generated as Kubernetes secrets.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
util Package util contains helpers for creating private keys and certs.	Package util contains helpers for creating private keys and certs.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL