certs

package
v0.0.0-...-3abba25 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 15, 2018 License: Apache-2.0 Imports: 10 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CreateAPIServerCertAndKeyFiles 

func CreateAPIServerCertAndKeyFiles(cfg *kubeadmapi.MasterConfiguration) error

CreateAPIServerCertAndKeyFiles create a new certificate and key files for the apiserver. If the apiserver certificate and key files already exists in the target folder, they are used only if evaluated equal; otherwise an error is returned. It assumes the cluster CA certificate and key files exist in the CertificatesDir.

func CreateAPIServerEtcdClientCertAndKeyFiles 

func CreateAPIServerEtcdClientCertAndKeyFiles(cfg *kubeadmapi.MasterConfiguration) error

CreateAPIServerEtcdClientCertAndKeyFiles create a new client certificate for the apiserver calling etcd If the apiserver-etcd-client certificate and key file already exist in the target folder, they are used only if evaluated equal; otherwise an error is returned. It assumes the etcd CA certificate and key file exist in the CertificatesDir

func CreateAPIServerKubeletClientCertAndKeyFiles 

func CreateAPIServerKubeletClientCertAndKeyFiles(cfg *kubeadmapi.MasterConfiguration) error

CreateAPIServerKubeletClientCertAndKeyFiles create a new certificate for kubelets calling apiserver. If the apiserver-kubelet-client certificate and key files already exists in the target folder, they are used only if evaluated equals; otherwise an error is returned. It assumes the cluster CA certificate and key files exist in the CertificatesDir.

func CreateCACertAndKeyFiles 

func CreateCACertAndKeyFiles(cfg *kubeadmapi.MasterConfiguration) error

CreateCACertAndKeyFiles create a new self signed cluster CA certificate and key files. If the CA certificate and key files already exists in the target folder, they are used only if evaluated equal; otherwise an error is returned.

func CreateEtcdCACertAndKeyFiles 

func CreateEtcdCACertAndKeyFiles(cfg *kubeadmapi.MasterConfiguration) error

CreateEtcdCACertAndKeyFiles create a self signed etcd CA certificate and key files. The etcd CA and client certs are used to secure communication between etcd peers and connections to etcd from the API server. This is a separate CA, so that kubernetes client identities cannot connect to etcd directly or peer with the etcd cluster. If the etcd CA certificate and key files already exists in the target folder, they are used only if evaluated equals; otherwise an error is returned.

func CreateEtcdHealthcheckClientCertAndKeyFiles 

func CreateEtcdHealthcheckClientCertAndKeyFiles(cfg *kubeadmapi.MasterConfiguration) error

CreateEtcdHealthcheckClientCertAndKeyFiles create a new client certificate for liveness probes to healthcheck etcd If the etcd-healthcheck-client certificate and key file already exist in the target folder, they are used only if evaluated equal; otherwise an error is returned. It assumes the etcd CA certificate and key file exist in the CertificatesDir

func CreateEtcdPeerCertAndKeyFiles 

func CreateEtcdPeerCertAndKeyFiles(cfg *kubeadmapi.MasterConfiguration) error

CreateEtcdPeerCertAndKeyFiles create a new certificate and key file for etcd peering. If the etcd peer certificate and key file already exist in the target folder, they are used only if evaluated equal; otherwise an error is returned. It assumes the etcd CA certificate and key file exist in the CertificatesDir

func CreateEtcdServerCertAndKeyFiles 

func CreateEtcdServerCertAndKeyFiles(cfg *kubeadmapi.MasterConfiguration) error

CreateEtcdServerCertAndKeyFiles create a new certificate and key file for etcd. If the etcd serving certificate and key file already exist in the target folder, they are used only if evaluated equal; otherwise an error is returned. It assumes the etcd CA certificate and key file exist in the CertificatesDir

func CreateFrontProxyCACertAndKeyFiles 

func CreateFrontProxyCACertAndKeyFiles(cfg *kubeadmapi.MasterConfiguration) error

CreateFrontProxyCACertAndKeyFiles create a self signed front proxy CA certificate and key files. Front proxy CA and client certs are used to secure a front proxy authenticator which is used to assert identity without the client cert; This is a separate CA, so that front proxy identities cannot hit the API and normal client certs cannot be used as front proxies. If the front proxy CA certificate and key files already exists in the target folder, they are used only if evaluated equals; otherwise an error is returned.

func CreateFrontProxyClientCertAndKeyFiles 

func CreateFrontProxyClientCertAndKeyFiles(cfg *kubeadmapi.MasterConfiguration) error

CreateFrontProxyClientCertAndKeyFiles create a new certificate for proxy server client. If the front-proxy-client certificate and key files already exists in the target folder, they are used only if evaluated equals; otherwise an error is returned. It assumes the front proxy CA certificate and key files exist in the CertificatesDir.

func CreatePKIAssets 

func CreatePKIAssets(cfg *kubeadmapi.MasterConfiguration) error

CreatePKIAssets will create and write to disk all PKI assets necessary to establish the control plane. If the PKI assets already exists in the target folder, they are used only if evaluated equal; otherwise an error is returned.

func CreateServiceAccountKeyAndPublicKeyFiles 

func CreateServiceAccountKeyAndPublicKeyFiles(cfg *kubeadmapi.MasterConfiguration) error

CreateServiceAccountKeyAndPublicKeyFiles create a new public/private key files for signing service account users. If the sa public/private key files already exists in the target folder, they are used only if evaluated equals; otherwise an error is returned.

func NewAPIServerCertAndKey 

func NewAPIServerCertAndKey(cfg *kubeadmapi.MasterConfiguration, caCert *x509.Certificate, caKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey, error)

NewAPIServerCertAndKey generate certificate for apiserver, signed by the given CA.

func NewAPIServerEtcdClientCertAndKey 

func NewAPIServerEtcdClientCertAndKey(caCert *x509.Certificate, caKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey, error)

NewAPIServerEtcdClientCertAndKey generate certificate for the apiservers to connect to etcd securely, signed by the given CA.

func NewAPIServerKubeletClientCertAndKey 

func NewAPIServerKubeletClientCertAndKey(caCert *x509.Certificate, caKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey, error)

NewAPIServerKubeletClientCertAndKey generate certificate for the apiservers to connect to the kubelets securely, signed by the given CA.

func NewCACertAndKey 

func NewCACertAndKey() (*x509.Certificate, *rsa.PrivateKey, error)

NewCACertAndKey will generate a self signed CA.

func NewEtcdCACertAndKey 

func NewEtcdCACertAndKey() (*x509.Certificate, *rsa.PrivateKey, error)

NewEtcdCACertAndKey generate a self signed etcd CA.

func NewEtcdHealthcheckClientCertAndKey 

func NewEtcdHealthcheckClientCertAndKey(caCert *x509.Certificate, caKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey, error)

NewEtcdHealthcheckClientCertAndKey generate certificate for liveness probes to healthcheck etcd, signed by the given CA.

func NewEtcdPeerCertAndKey 

func NewEtcdPeerCertAndKey(cfg *kubeadmapi.MasterConfiguration, caCert *x509.Certificate, caKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey, error)

NewEtcdPeerCertAndKey generate certificate for etcd peering, signed by the given CA.

func NewEtcdServerCertAndKey 

func NewEtcdServerCertAndKey(cfg *kubeadmapi.MasterConfiguration, caCert *x509.Certificate, caKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey, error)

NewEtcdServerCertAndKey generate certificate for etcd, signed by the given CA.

func NewFrontProxyCACertAndKey 

func NewFrontProxyCACertAndKey() (*x509.Certificate, *rsa.PrivateKey, error)

NewFrontProxyCACertAndKey generate a self signed front proxy CA.

func NewFrontProxyClientCertAndKey 

func NewFrontProxyClientCertAndKey(frontProxyCACert *x509.Certificate, frontProxyCAKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey, error)

NewFrontProxyClientCertAndKey generate certificate for proxy server client, signed by the given front proxy CA.

func NewServiceAccountSigningKey 

func NewServiceAccountSigningKey() (*rsa.PrivateKey, error)

NewServiceAccountSigningKey generate public/private key pairs for signing service account tokens.

func UsingExternalCA 

func UsingExternalCA(cfg *kubeadmapi.MasterConfiguration) (bool, error)

UsingExternalCA determines whether the user is relying on an external CA. We currently implicitly determine this is the case when both the CA Cert and the front proxy CA Cert are present but the CA Key and front proxy CA Key are not. This allows us to, e.g., skip generating certs or not start the csr signing controller.

Types

This section is empty.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.