kubeadm

package

v0.9.0 Latest Latest Go to latest Published: Mar 8, 2023 License: Apache-2.0 Imports: 69 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/superedge/edgeadm

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func AddClusterConfigFlags(flagSet *flag.FlagSet, cfg *kubeadmapiv1beta3.ClusterConfiguration, ...)
func AddInitConfigFlags(flagSet *flag.FlagSet, cfg *kubeadmapiv1beta3.InitConfiguration)
func AddInitOtherFlags(flagSet *flag.FlagSet, initOptions *initOptions)
func AddResetFlags(flagSet *flag.FlagSet, resetOptions *resetOptions)
func CreateCACertAndKeyFiles(certSpec *KubeadmCert, cfg *kubeadmapi.InitConfiguration) error
func CreateCSR(certSpec *KubeadmCert, cfg *kubeadmapi.InitConfiguration, path string) error
func CreateCertAndKeyFilesWithCA(certSpec *KubeadmCert, caCertSpec *KubeadmCert, ...) error
func CreateEdgePKIAssets(cfg *kubeadmapi.InitConfiguration) error
func CreateServiceAccountKeyAndPublicKeyFiles(certsDir string, keyType x509.PublicKeyAlgorithm) error
func LoadCertificateAuthority(pkiDir string, baseName string) (*x509.Certificate, crypto.Signer, error)
func NewCSR(certSpec *KubeadmCert, cfg *kubeadmapi.InitConfiguration) (*x509.CertificateRequest, crypto.Signer, error)
func NewCmdToken(out io.Writer, errW io.Writer) *cobra.Command
func NewCmdTokenGenerate(out io.Writer) *cobra.Command
func NewEdgeCertsPhase(config *cmd.EdgeadmConfig) workflow.Phase
func NewEdgeConfPhase(config *cmd.EdgeadmConfig) workflow.Phase
func NewInitCMD(out io.Writer, edgeConfig *cmd.EdgeadmConfig) *cobra.Command
func NewJoinCMD(out io.Writer, edgeConfig *cmd.EdgeadmConfig) *cobra.Command
func NewResetCMD(in io.Reader, out io.Writer, edgeConfig *cmd.EdgeadmConfig) *cobra.Command
func RunCreateToken(out io.Writer, client clientset.Interface, cfgPath string, ...) error
func RunDeleteTokens(out io.Writer, client clientset.Interface, tokenIDsOrTokens []string) error
func RunGenerateToken(out io.Writer) error
func RunListTokens(out io.Writer, errW io.Writer, client clientset.Interface, ...) error
func SharedCertificateExists(cfg *kubeadmapi.ClusterConfiguration) (bool, error)
func UsingExternalCA(cfg *kubeadmapi.ClusterConfiguration) (bool, error)
func UsingExternalFrontProxyCA(cfg *kubeadmapi.ClusterConfiguration) (bool, error)
type CertificateMap
- func (m CertificateMap) CertTree() (CertificateTree, error)
type CertificateTree
- func (t CertificateTree) CreateTree(ic *kubeadmapi.InitConfiguration) error
type Certificates
- func GetEdgeCertList() Certificates
- func (c Certificates) AsMap() CertificateMap
type KubeadmCert
- func (k *KubeadmCert) CreateAsCA(ic *kubeadmapi.InitConfiguration) (*x509.Certificate, crypto.Signer, error)
- func (k *KubeadmCert) CreateFromCA(ic *kubeadmapi.InitConfiguration, caCert *x509.Certificate, ...) error
- func (k *KubeadmCert) GetConfig(ic *kubeadmapi.InitConfiguration) (*pkiutil.CertConfig, error)

Constants ¶

View Source

const (
	IngressYaml = `` /* 439-byte string literal not displayed */

	IngressYamlPath = "/etc/kubernetes/kube-apiserver-conf/egress-selector-configuration.yaml"
)

View Source

const (
	IngressClientCertAndKeyBaseName = "tunnel-anp-client"
)

Variables ¶

View Source

var (
	// KubeadmCertRootCA is the definition of the Kubernetes Root CA for the API Server and kubelet.
	KubeadmCertRootCA = KubeadmCert{
		Name:     "ca",
		LongName: "self-signed Kubernetes CA to provision identities for other Kubernetes components",
		BaseName: kubeadmconstants.CACertAndKeyBaseName,
		// contains filtered or unexported fields
	}

	KubeadmIngress = KubeadmCert{
		Name:     "ingress-client",
		LongName: "self-signed CA to provision identities for etcd",
		BaseName: IngressClientCertAndKeyBaseName,
		CAName:   "ca",
		// contains filtered or unexported fields
	}
)

Functions ¶

func AddClusterConfigFlags ¶

func AddClusterConfigFlags(flagSet *flag.FlagSet, cfg *kubeadmapiv1beta3.ClusterConfiguration, featureGatesString *string)

AddClusterConfigFlags adds cluster flags bound to the config to the specified flagset

func AddInitConfigFlags ¶

func AddInitConfigFlags(flagSet *flag.FlagSet, cfg *kubeadmapiv1beta3.InitConfiguration)

AddInitConfigFlags adds init flags bound to the config to the specified flagset

func AddInitOtherFlags ¶

func AddInitOtherFlags(flagSet *flag.FlagSet, initOptions *initOptions)

AddInitOtherFlags adds init flags that are not bound to a configuration file to the given flagset Note: All flags that are not bound to the cfg object should be allowed in cmd/kubeadm/app/apis/kubeadm/validation/validation.go

func AddResetFlags ¶

func AddResetFlags(flagSet *flag.FlagSet, resetOptions *resetOptions)

AddResetFlags adds reset flags

func CreateCACertAndKeyFiles ¶

func CreateCACertAndKeyFiles(certSpec *KubeadmCert, cfg *kubeadmapi.InitConfiguration) error

CreateCACertAndKeyFiles generates and writes out a given certificate authority. The certSpec should be one of the variables from this package.

func CreateCSR ¶

func CreateCSR(certSpec *KubeadmCert, cfg *kubeadmapi.InitConfiguration, path string) error

CreateCSR creates a certificate signing request

func CreateCertAndKeyFilesWithCA ¶

func CreateCertAndKeyFilesWithCA(certSpec *KubeadmCert, caCertSpec *KubeadmCert, cfg *kubeadmapi.InitConfiguration) error

CreateCertAndKeyFilesWithCA loads the given certificate authority from disk, then generates and writes out the given certificate and key. The certSpec and caCertSpec should both be one of the variables from this package.

func CreateEdgePKIAssets ¶ added in v0.9.0

func CreateEdgePKIAssets(cfg *kubeadmapi.InitConfiguration) error

func CreateServiceAccountKeyAndPublicKeyFiles ¶

func CreateServiceAccountKeyAndPublicKeyFiles(certsDir string, keyType x509.PublicKeyAlgorithm) error

CreateServiceAccountKeyAndPublicKeyFiles creates new public/private key files for signing service account users. If the sa public/private key files already exist in the target folder, they are used only if evaluated equals; otherwise an error is returned.

func LoadCertificateAuthority ¶

func LoadCertificateAuthority(pkiDir string, baseName string) (*x509.Certificate, crypto.Signer, error)

LoadCertificateAuthority tries to load a CA in the given directory with the given name.

func NewCSR ¶

func NewCSR(certSpec *KubeadmCert, cfg *kubeadmapi.InitConfiguration) (*x509.CertificateRequest, crypto.Signer, error)

NewCSR will generate a new CSR and accompanying key

func NewCmdToken ¶

func NewCmdToken(out io.Writer, errW io.Writer) *cobra.Command

NewCmdToken returns cobra.Command for token management

func NewCmdTokenGenerate ¶

func NewCmdTokenGenerate(out io.Writer) *cobra.Command

NewCmdTokenGenerate returns cobra.Command to generate new token

func NewEdgeCertsPhase ¶

func NewEdgeCertsPhase(config *cmd.EdgeadmConfig) workflow.Phase

NewCertsPhase returns the phase for the certs

func NewEdgeConfPhase ¶

func NewEdgeConfPhase(config *cmd.EdgeadmConfig) workflow.Phase

NewCertsPhase returns the phase for the certs

func NewInitCMD ¶

func NewInitCMD(out io.Writer, edgeConfig *cmd.EdgeadmConfig) *cobra.Command

func NewJoinCMD ¶

func NewJoinCMD(out io.Writer, edgeConfig *cmd.EdgeadmConfig) *cobra.Command

func NewResetCMD ¶

func NewResetCMD(in io.Reader, out io.Writer, edgeConfig *cmd.EdgeadmConfig) *cobra.Command

func RunCreateToken ¶

func RunCreateToken(out io.Writer, client clientset.Interface, cfgPath string, initCfg *kubeadmapiv1beta3.InitConfiguration, printJoinCommand bool, certificateKey string, kubeConfigFile string) error

RunCreateToken generates a new bootstrap token and stores it as a secret on the server.

func RunDeleteTokens ¶

func RunDeleteTokens(out io.Writer, client clientset.Interface, tokenIDsOrTokens []string) error

RunDeleteTokens removes a bootstrap tokens from the server.

func RunGenerateToken ¶

func RunGenerateToken(out io.Writer) error

RunGenerateToken just generates a random token for the user

func RunListTokens ¶

func RunListTokens(out io.Writer, errW io.Writer, client clientset.Interface, printer output.Printer) error

RunListTokens lists details on all existing bootstrap tokens on the server.

func SharedCertificateExists ¶

func SharedCertificateExists(cfg *kubeadmapi.ClusterConfiguration) (bool, error)

SharedCertificateExists verifies if the shared certificates - the certificates that must be equal across control-plane nodes: ca.key, ca.crt, sa.key, sa.pub + etcd/ca.key, etcd/ca.crt if local/stacked etcd

func UsingExternalCA ¶

func UsingExternalCA(cfg *kubeadmapi.ClusterConfiguration) (bool, error)

UsingExternalCA determines whether the user is relying on an external CA. We currently implicitly determine this is the case when the CA Cert is present but the CA Key is not. This allows us to, e.g., skip generating certs or not start the csr signing controller. In case we are using an external front-proxy CA, the function validates the certificates signed by front-proxy CA that should be provided by the user.

func UsingExternalFrontProxyCA ¶

func UsingExternalFrontProxyCA(cfg *kubeadmapi.ClusterConfiguration) (bool, error)

UsingExternalFrontProxyCA determines whether the user is relying on an external front-proxy CA. We currently implicitly determine this is the case when the front proxy CA Cert is present but the front proxy CA Key is not. In case we are using an external front-proxy CA, the function validates the certificates signed by front-proxy CA that should be provided by the user.

Types ¶

type CertificateMap ¶

type CertificateMap map[string]*KubeadmCert

CertificateMap is a flat map of certificates, keyed by Name.

func (CertificateMap) CertTree ¶

func (m CertificateMap) CertTree() (CertificateTree, error)

CertTree returns a one-level-deep tree, mapping a CA cert to an array of certificates that should be signed by it.

type CertificateTree ¶

type CertificateTree map[*KubeadmCert]Certificates

CertificateTree is represents a one-level-deep tree, mapping a CA to the certs that depend on it.

func (CertificateTree) CreateTree ¶

func (t CertificateTree) CreateTree(ic *kubeadmapi.InitConfiguration) error

CreateTree creates the CAs, certs signed by the CAs, and writes them all to disk.

type Certificates ¶

type Certificates []*KubeadmCert

Certificates is a list of Certificates that Kubeadm should create.

func GetEdgeCertList ¶

func GetEdgeCertList() Certificates

GetDefaultCertList returns all of the certificates kubeadm requires to function.

func (Certificates) AsMap ¶

func (c Certificates) AsMap() CertificateMap

AsMap returns the list of certificates as a map, keyed by name.

type KubeadmCert ¶

type KubeadmCert struct {
	Name     string
	LongName string
	BaseName string
	CAName   string
	// contains filtered or unexported fields
}

KubeadmCert represents a certificate that Kubeadm will create to function properly.

func (*KubeadmCert) CreateAsCA ¶

func (k *KubeadmCert) CreateAsCA(ic *kubeadmapi.InitConfiguration) (*x509.Certificate, crypto.Signer, error)

CreateAsCA creates a certificate authority, writing the files to disk and also returning the created CA so it can be used to sign child certs.

func (*KubeadmCert) CreateFromCA ¶

func (k *KubeadmCert) CreateFromCA(ic *kubeadmapi.InitConfiguration, caCert *x509.Certificate, caKey crypto.Signer) error

CreateFromCA makes and writes a certificate using the given CA cert and key.

func (*KubeadmCert) GetConfig ¶

func (k *KubeadmCert) GetConfig(ic *kubeadmapi.InitConfiguration) (*pkiutil.CertConfig, error)

GetConfig returns the definition for the given cert given the provided InitConfiguration

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL