cluster

Documentation

Index

• Constants
• Variables
• type Certificate
  • func (c *Certificate) AsFiles() []bootstrapv1.File
  • func (c *Certificate) AsSecret(cluster *clusterv1.Cluster, config *bootstrapv1.KubeadmConfig) *corev1.Secret
  • func (c *Certificate) Hashes() ([]string, error)
• type Certificates
  • func NewCertificatesForInitialControlPlane(config *v1beta1.ClusterConfiguration) Certificates
  • func NewCertificatesForJoiningControlPlane() Certificates
  • func NewCertificatesForWorker(caCertPath string) Certificates
  • func (c Certificates) AsFiles() []bootstrapv1.File
  • func (c Certificates) EnsureAllExist() error
  • func (c Certificates) Generate() error
  • func (c Certificates) GetByPurpose(purpose secret.Purpose) *Certificate
  • func (c Certificates) Lookup(ctx context.Context, ctrlclient client.Client, cluster *clusterv1.Cluster) error
  • func (c Certificates) LookupOrGenerate(ctx context.Context, ctrlclient client.Client, cluster *clusterv1.Cluster, ...) error
  • func (c Certificates) SaveGenerated(ctx context.Context, ctrlclient client.Client, cluster *clusterv1.Cluster, ...) error

Constants

const (

	// EtcdCA is the secret name suffix for the Etcd CA
	EtcdCA secret.Purpose = "etcd"

	// ServiceAccount is the secret name suffix for the Service Account keys
	ServiceAccount secret.Purpose = "sa"

	// FrontProxyCA is the secret name suffix for Front Proxy CA
	FrontProxyCA secret.Purpose = "proxy"

	// APIServerEtcdClient is the secret name of user-supplied secret containing the apiserver-etcd-client key/cert
	APIServerEtcdClient secret.Purpose = "apiserver-etcd-client"
)

Variables

var (
	// ErrMissingCertificate is an error indicating a certificate is entirely missing
	ErrMissingCertificate = errors.New("missing certificate")

	// ErrMissingCrt is an error indicating the crt file is missing from the certificate
	ErrMissingCrt = errors.New("missing crt data")

	// ErrMissingKey is an error indicating the key file is missing from the certificate
	ErrMissingKey = errors.New("missing key data")
)

Types

type Certificate

type Certificate struct {
	Generated         bool
	Purpose           secret.Purpose
	KeyPair           *certs.KeyPair
	CertFile, KeyFile string
}

Certificate represents a single certificate CA.

func (*Certificate) AsFiles

func (c *Certificate) AsFiles() []bootstrapv1.File

AsFiles converts the certificate to a slice of Files that may have 0, 1 or 2 Files.

func (*Certificate) AsSecret

func (c *Certificate) AsSecret(cluster *clusterv1.Cluster, config *bootstrapv1.KubeadmConfig) *corev1.Secret

AsSecret converts a single certificate into a Kubernetes secret.

func (*Certificate) Hashes

func (c *Certificate) Hashes() ([]string, error)

Hashes hashes all the certificates stored in a CA certificate.

type Certificates

type Certificates []*Certificate

Certificates are the certificates necessary to bootstrap a cluster.

func NewCertificatesForInitialControlPlane

func NewCertificatesForInitialControlPlane(config *v1beta1.ClusterConfiguration) Certificates

NewCertificatesForInitialControlPlane returns a list of certificates configured for a control plane node

func NewCertificatesForJoiningControlPlane

func NewCertificatesForJoiningControlPlane() Certificates

NewCertificatesForJoiningControlPlane gets any certs that exist and writes them to disk

func NewCertificatesForWorker

func NewCertificatesForWorker(caCertPath string) Certificates

NewCertificatesForWorker return an initialized but empty set of CA certificates needed to bootstrap a cluster.

func (Certificates) AsFiles

func (c Certificates) AsFiles() []bootstrapv1.File

AsFiles converts a slice of certificates into bootstrap files.

func (Certificates) EnsureAllExist

func (c Certificates) EnsureAllExist() error

EnsureAllExist ensure that there is some data present for every certificate

func (Certificates) Generate

func (c Certificates) Generate() error

Generate will generate any certificates that do not have KeyPair data.

func (Certificates) GetByPurpose

func (c Certificates) GetByPurpose(purpose secret.Purpose) *Certificate

GetByPurpose returns a certificate by the given name. This could be removed if we use a map instead of a slice to hold certificates, however other code becomes more complex.

func (Certificates) Lookup

func (c Certificates) Lookup(ctx context.Context, ctrlclient client.Client, cluster *clusterv1.Cluster) error

Lookup looks up each certificate from secrets and populates the certificate with the secret data.

func (Certificates) LookupOrGenerate

func (c Certificates) LookupOrGenerate(ctx context.Context, ctrlclient client.Client, cluster *clusterv1.Cluster, config *bootstrapv1.KubeadmConfig) error

LookupOrGenerate is a convenience function that wraps cluster bootstrap certificate behavior.

func (Certificates) SaveGenerated

func (c Certificates) SaveGenerated(ctx context.Context, ctrlclient client.Client, cluster *clusterv1.Cluster, config *bootstrapv1.KubeadmConfig) error

SaveGenerated will save any certificates that have been generated as Kubernetes secrets.