pki

package

v0.0.0-...-0a488ca Latest Latest Go to latest Published: Jun 25, 2019 License: Apache-2.0 Imports: 28 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/moelsayed/rke

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func DeployAdminConfig(ctx context.Context, kubeConfig, localConfigPath string) error
func DeployCertificatesOnHost(ctx context.Context, host *hosts.Host, crtMap map[string]CertificatePKI, ...) error
func DeployCertificatesOnPlaneHost(ctx context.Context, host *hosts.Host, ...) error
func DeployStateOnPlaneHost(ctx context.Context, host *hosts.Host, stateDownloaderImage string, ...) error
func ExtractBackupBundleOnHost(ctx context.Context, host *hosts.Host, ...) error
func FetchCertificatesFromHost(ctx context.Context, extraHosts []*hosts.Host, host *hosts.Host, ...) (map[string]CertificatePKI, error)
func FetchFileFromHost(ctx context.Context, filePath, image string, host *hosts.Host, ...) (string, error)
func GenerateAPIProxyClientCSR(ctx context.Context, certs map[string]CertificatePKI, ...) error
func GenerateAPIProxyClientCertificate(ctx context.Context, certs map[string]CertificatePKI, ...) error
func GenerateCACertAndKey(commonName string, privateKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey, error)
func GenerateCertSigningRequestAndKey(serverCrt bool, commonName string, altNames *cert.AltNames, ...) ([]byte, *rsa.PrivateKey, error)
func GenerateEtcdCSRs(ctx context.Context, certs map[string]CertificatePKI, ...) error
func GenerateEtcdCertificates(ctx context.Context, certs map[string]CertificatePKI, ...) error
func GenerateExternalEtcdCertificates(ctx context.Context, certs map[string]CertificatePKI, ...) error
func GenerateKubeAPICSR(ctx context.Context, certs map[string]CertificatePKI, ...) error
func GenerateKubeAPICertificate(ctx context.Context, certs map[string]CertificatePKI, ...) error
func GenerateKubeAdminCSR(ctx context.Context, certs map[string]CertificatePKI, ...) error
func GenerateKubeAdminCertificate(ctx context.Context, certs map[string]CertificatePKI, ...) error
func GenerateKubeControllerCSR(ctx context.Context, certs map[string]CertificatePKI, ...) error
func GenerateKubeControllerCertificate(ctx context.Context, certs map[string]CertificatePKI, ...) error
func GenerateKubeNodeCSR(ctx context.Context, certs map[string]CertificatePKI, ...) error
func GenerateKubeNodeCertificate(ctx context.Context, certs map[string]CertificatePKI, ...) error
func GenerateKubeProxyCSR(ctx context.Context, certs map[string]CertificatePKI, ...) error
func GenerateKubeProxyCertificate(ctx context.Context, certs map[string]CertificatePKI, ...) error
func GenerateKubeSchedulerCSR(ctx context.Context, certs map[string]CertificatePKI, ...) error
func GenerateKubeSchedulerCertificate(ctx context.Context, certs map[string]CertificatePKI, ...) error
func GenerateRKECACerts(ctx context.Context, certs map[string]CertificatePKI, ...) error
func GenerateRKECerts(ctx context.Context, rkeConfig v3.RancherKubernetesEngineConfig, ...) (map[string]CertificatePKI, error)
func GenerateRKEMasterCACert(ctx context.Context, certs map[string]CertificatePKI, ...) error
func GenerateRKENodeCerts(ctx context.Context, rkeConfig v3.RancherKubernetesEngineConfig, ...) map[string]CertificatePKI
func GenerateRKERequestHeaderCACert(ctx context.Context, certs map[string]CertificatePKI, ...) error
func GenerateRKEServicesCSRs(ctx context.Context, certs map[string]CertificatePKI, ...) error
func GenerateRKEServicesCerts(ctx context.Context, certs map[string]CertificatePKI, ...) error
func GenerateServiceTokenKey(ctx context.Context, certs map[string]CertificatePKI, ...) error
func GenerateSignedCertAndKey(caCrt *x509.Certificate, caKey *rsa.PrivateKey, serverCrt bool, ...) (*x509.Certificate, *rsa.PrivateKey, error)
func GetAltNames(cpHosts []*hosts.Host, clusterDomain string, KubernetesServiceIP net.IP, ...) *cert.AltNames
func GetCertPath(name string) string
func GetCertTempPath(name string) string
func GetConfigPath(name string) string
func GetConfigTempPath(name string) string
func GetEtcdCrtName(address string) string
func GetKeyPath(name string) string
func GetKeyTempPath(name string) string
func GetKubeConfigX509WithData(kubernetesURL string, clusterName string, componentName string, cacrt string, ...) string
func GetKubernetesServiceIP(serviceClusterRange string) (net.IP, error)
func GetLocalKubeConfig(configPath, configDir string) string
func IsValidCertStr(c string) (bool, error)
func ReadCSRsAndKeysFromDir(certDir string) (map[string]CertificatePKI, error)
func ReadCertToStr(file string) (string, error)
func ReadCertsAndKeysFromDir(certDir string) (map[string]CertificatePKI, error)
func RegenerateEtcdCertificate(ctx context.Context, crtMap map[string]CertificatePKI, etcdHost *hosts.Host, ...) (map[string]CertificatePKI, error)
func RemoveAdminConfig(ctx context.Context, localConfigPath string)
func SaveBackupBundleOnHost(ctx context.Context, host *hosts.Host, ...) error
func TransformPEMToObject(in map[string]CertificatePKI) map[string]CertificatePKI
func ValidateBundleContent(rkeConfig *v3.RancherKubernetesEngineConfig, ...) error
func WriteCertificates(certDirPath string, certBundle map[string]CertificatePKI) error
type CSRFunc
type CertificatePKI
- func ToCertObject(componentName, commonName, ouName string, certificate *x509.Certificate, ...) CertificatePKI
- func (c *CertificatePKI) CertToEnv() string
- func (c *CertificatePKI) ConfigToEnv() string
- func (c *CertificatePKI) KeyToEnv() string
- func (c *CertificatePKI) ToEnv() []string
type GenFunc

Constants ¶

View Source

const (
	CertPathPrefix          = "/etc/kubernetes/ssl/"
	CertificatesServiceName = "certificates"
	CrtDownloaderContainer  = "cert-deployer"
	CertFetcherContainer    = "cert-fetcher"
	CertificatesSecretName  = "k8s-certs"
	TempCertPath            = "/etc/kubernetes/.tmp/"
	ClusterConfig           = "cluster.yml"
	ClusterStateFile        = "cluster-state.yml"
	ClusterStateEnv         = "CLUSTER_STATE"
	BundleCertPath          = "/backup/pki.bundle.tar.gz"

	CACertName                 = "kube-ca"
	RequestHeaderCACertName    = "kube-apiserver-requestheader-ca"
	KubeAPICertName            = "kube-apiserver"
	KubeControllerCertName     = "kube-controller-manager"
	KubeSchedulerCertName      = "kube-scheduler"
	KubeProxyCertName          = "kube-proxy"
	KubeNodeCertName           = "kube-node"
	EtcdCertName               = "kube-etcd"
	EtcdClientCACertName       = "kube-etcd-client-ca"
	EtcdClientCertName         = "kube-etcd-client"
	APIProxyClientCertName     = "kube-apiserver-proxy-client"
	ServiceAccountTokenKeyName = "kube-service-account-token"

	KubeNodeCommonName       = "system:node"
	KubeNodeOrganizationName = "system:nodes"

	KubeAdminCertName         = "kube-admin"
	KubeAdminOrganizationName = "system:masters"
	KubeAdminConfigPrefix     = "kube_config_"
)

View Source

const (
	BundleCertContainer = "rke-bundle-cert"
)

View Source

const (
	StateDeployerContainerName = "cluster-state-deployer"
)

Variables ¶

This section is empty.

Functions ¶

func DeployAdminConfig ¶

func DeployAdminConfig(ctx context.Context, kubeConfig, localConfigPath string) error

func DeployCertificatesOnHost ¶

func DeployCertificatesOnHost(ctx context.Context, host *hosts.Host, crtMap map[string]CertificatePKI, certDownloaderImage, certPath string, prsMap map[string]v3.PrivateRegistry) error

func DeployCertificatesOnPlaneHost ¶

func DeployCertificatesOnPlaneHost(ctx context.Context, host *hosts.Host, rkeConfig v3.RancherKubernetesEngineConfig, crtMap map[string]CertificatePKI, certDownloaderImage string, prsMap map[string]v3.PrivateRegistry, forceDeploy bool) error

func DeployStateOnPlaneHost ¶

func DeployStateOnPlaneHost(ctx context.Context, host *hosts.Host, stateDownloaderImage string, prsMap map[string]v3.PrivateRegistry, clusterState string) error

func ExtractBackupBundleOnHost ¶

func ExtractBackupBundleOnHost(ctx context.Context, host *hosts.Host, alpineSystemImage, etcdSnapshotPath string, prsMap map[string]v3.PrivateRegistry) error

func FetchCertificatesFromHost ¶

func FetchCertificatesFromHost(ctx context.Context, extraHosts []*hosts.Host, host *hosts.Host, image, localConfigPath string, prsMap map[string]v3.PrivateRegistry) (map[string]CertificatePKI, error)

func FetchFileFromHost ¶

func FetchFileFromHost(ctx context.Context, filePath, image string, host *hosts.Host, prsMap map[string]v3.PrivateRegistry, containerName, state string) (string, error)

func GenerateAPIProxyClientCSR ¶

func GenerateAPIProxyClientCSR(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig) error

func GenerateAPIProxyClientCertificate ¶

func GenerateAPIProxyClientCertificate(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error

func GenerateCACertAndKey ¶

func GenerateCACertAndKey(commonName string, privateKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey, error)

func GenerateCertSigningRequestAndKey ¶

func GenerateCertSigningRequestAndKey(
	serverCrt bool,
	commonName string,
	altNames *cert.AltNames,
	reusedKey *rsa.PrivateKey,
	orgs []string) ([]byte, *rsa.PrivateKey, error)

func GenerateEtcdCSRs ¶

func GenerateEtcdCSRs(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig) error

func GenerateEtcdCertificates ¶

func GenerateEtcdCertificates(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error

func GenerateExternalEtcdCertificates ¶

func GenerateExternalEtcdCertificates(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error

func GenerateKubeAPICSR ¶

func GenerateKubeAPICSR(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig) error

func GenerateKubeAPICertificate ¶

func GenerateKubeAPICertificate(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error

func GenerateKubeAdminCSR ¶

func GenerateKubeAdminCSR(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig) error

func GenerateKubeAdminCertificate ¶

func GenerateKubeAdminCertificate(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error

func GenerateKubeControllerCSR ¶

func GenerateKubeControllerCSR(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig) error

func GenerateKubeControllerCertificate ¶

func GenerateKubeControllerCertificate(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error

func GenerateKubeNodeCSR ¶

func GenerateKubeNodeCSR(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig) error

func GenerateKubeNodeCertificate ¶

func GenerateKubeNodeCertificate(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error

func GenerateKubeProxyCSR ¶

func GenerateKubeProxyCSR(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig) error

func GenerateKubeProxyCertificate ¶

func GenerateKubeProxyCertificate(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error

func GenerateKubeSchedulerCSR ¶

func GenerateKubeSchedulerCSR(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig) error

func GenerateKubeSchedulerCertificate ¶

func GenerateKubeSchedulerCertificate(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error

func GenerateRKECACerts ¶

func GenerateRKECACerts(ctx context.Context, certs map[string]CertificatePKI, configPath, configDir string) error

func GenerateRKECerts ¶

func GenerateRKECerts(ctx context.Context, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string) (map[string]CertificatePKI, error)

func GenerateRKEMasterCACert ¶

func GenerateRKEMasterCACert(ctx context.Context, certs map[string]CertificatePKI, configPath, configDir string) error

func GenerateRKENodeCerts ¶

func GenerateRKENodeCerts(ctx context.Context, rkeConfig v3.RancherKubernetesEngineConfig, nodeAddress string, certBundle map[string]CertificatePKI) map[string]CertificatePKI

func GenerateRKERequestHeaderCACert ¶

func GenerateRKERequestHeaderCACert(ctx context.Context, certs map[string]CertificatePKI, configPath, configDir string) error

func GenerateRKEServicesCSRs ¶

func GenerateRKEServicesCSRs(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig) error

func GenerateRKEServicesCerts ¶

func GenerateRKEServicesCerts(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error

func GenerateServiceTokenKey ¶

func GenerateServiceTokenKey(ctx context.Context, certs map[string]CertificatePKI, rkeConfig v3.RancherKubernetesEngineConfig, configPath, configDir string, rotate bool) error

func GenerateSignedCertAndKey ¶

func GenerateSignedCertAndKey(
	caCrt *x509.Certificate,
	caKey *rsa.PrivateKey,
	serverCrt bool,
	commonName string,
	altNames *cert.AltNames,
	reusedKey *rsa.PrivateKey,
	orgs []string) (*x509.Certificate, *rsa.PrivateKey, error)

func GetAltNames ¶

func GetAltNames(cpHosts []*hosts.Host, clusterDomain string, KubernetesServiceIP net.IP, SANs []string) *cert.AltNames

func GetCertPath ¶

func GetCertPath(name string) string

func GetCertTempPath ¶

func GetCertTempPath(name string) string

func GetConfigPath ¶

func GetConfigPath(name string) string

func GetConfigTempPath ¶

func GetConfigTempPath(name string) string

func GetEtcdCrtName ¶

func GetEtcdCrtName(address string) string

func GetKeyPath ¶

func GetKeyPath(name string) string

func GetKeyTempPath ¶

func GetKeyTempPath(name string) string

func GetKubeConfigX509WithData ¶

func GetKubeConfigX509WithData(kubernetesURL string, clusterName string, componentName string, cacrt string, crt string, key string) string

func GetKubernetesServiceIP ¶

func GetKubernetesServiceIP(serviceClusterRange string) (net.IP, error)

func GetLocalKubeConfig ¶

func GetLocalKubeConfig(configPath, configDir string) string

func IsValidCertStr ¶

func IsValidCertStr(c string) (bool, error)

func ReadCSRsAndKeysFromDir ¶

func ReadCSRsAndKeysFromDir(certDir string) (map[string]CertificatePKI, error)

func ReadCertToStr ¶

func ReadCertToStr(file string) (string, error)

func ReadCertsAndKeysFromDir ¶

func ReadCertsAndKeysFromDir(certDir string) (map[string]CertificatePKI, error)

func RegenerateEtcdCertificate ¶

func RegenerateEtcdCertificate(
	ctx context.Context,
	crtMap map[string]CertificatePKI,
	etcdHost *hosts.Host,
	etcdHosts []*hosts.Host,
	clusterDomain string,
	KubernetesServiceIP net.IP) (map[string]CertificatePKI, error)

func RemoveAdminConfig ¶

func RemoveAdminConfig(ctx context.Context, localConfigPath string)

func SaveBackupBundleOnHost ¶

func SaveBackupBundleOnHost(ctx context.Context, host *hosts.Host, alpineSystemImage, etcdSnapshotPath string, prsMap map[string]v3.PrivateRegistry) error

func TransformPEMToObject ¶

func TransformPEMToObject(in map[string]CertificatePKI) map[string]CertificatePKI

func ValidateBundleContent ¶

func ValidateBundleContent(rkeConfig *v3.RancherKubernetesEngineConfig, certBundle map[string]CertificatePKI, configPath, configDir string) error

func WriteCertificates ¶

func WriteCertificates(certDirPath string, certBundle map[string]CertificatePKI) error

Types ¶

type CSRFunc ¶

type CSRFunc func(context.Context, map[string]CertificatePKI, v3.RancherKubernetesEngineConfig) error

type CertificatePKI ¶

type CertificatePKI struct {
	Certificate    *x509.Certificate        `json:"-"`
	Key            *rsa.PrivateKey          `json:"-"`
	CSR            *x509.CertificateRequest `json:"-"`
	CertificatePEM string                   `json:"certificatePEM"`
	KeyPEM         string                   `json:"keyPEM"`
	CSRPEM         string                   `json:"-"`
	Config         string                   `json:"config"`
	Name           string                   `json:"name"`
	CommonName     string                   `json:"commonName"`
	OUName         string                   `json:"ouName"`
	EnvName        string                   `json:"envName"`
	Path           string                   `json:"path"`
	KeyEnvName     string                   `json:"keyEnvName"`
	KeyPath        string                   `json:"keyPath"`
	ConfigEnvName  string                   `json:"configEnvName"`
	ConfigPath     string                   `json:"configPath"`
}

func ToCertObject ¶

func ToCertObject(componentName, commonName, ouName string, certificate *x509.Certificate, key *rsa.PrivateKey, csrASN1 []byte) CertificatePKI

func (*CertificatePKI) CertToEnv ¶

func (c *CertificatePKI) CertToEnv() string

func (*CertificatePKI) ConfigToEnv ¶

func (c *CertificatePKI) ConfigToEnv() string

func (*CertificatePKI) KeyToEnv ¶

func (c *CertificatePKI) KeyToEnv() string

func (*CertificatePKI) ToEnv ¶

func (c *CertificatePKI) ToEnv() []string

type GenFunc ¶

type GenFunc func(context.Context, map[string]CertificatePKI, v3.RancherKubernetesEngineConfig, string, string, bool) error

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL