kubernetes: k8s.io/kubernetes/cmd/kubeadm/app/phases/certs/renewal Index | Files

package renewal

import "k8s.io/kubernetes/cmd/kubeadm/app/phases/certs/renewal"

Index

Package Files

apirenewer.go expiration.go filerenewer.go manager.go readwriter.go

type APIRenewer Uses

type APIRenewer struct {
    // contains filtered or unexported fields
}

APIRenewer define a certificate renewer implementation that uses the K8s certificate API

func NewAPIRenewer Uses

func NewAPIRenewer(client clientset.Interface) *APIRenewer

NewAPIRenewer a new certificate renewer implementation that uses the K8s certificate API

func (*APIRenewer) Renew Uses

func (r *APIRenewer) Renew(cfg *certutil.Config) (*x509.Certificate, crypto.Signer, error)

Renew a certificate using the K8s certificate API

type CertificateRenewHandler Uses

type CertificateRenewHandler struct {
    // Name of the certificate to be used for UX.
    // This value can be used to trigger operations on this certificate
    Name string

    // LongName of the certificate to be used for UX
    LongName string

    // FileName defines the name (or the BaseName) of the certificate file
    FileName string

    // CABaseName define the base name for the CA that should be used for certificate renewal
    CABaseName string
    // contains filtered or unexported fields
}

CertificateRenewHandler defines required info for renewing a certificate

type ExpirationInfo Uses

type ExpirationInfo struct {
    // Name of the certificate
    // For PKI certificates, it is the name defined in the certsphase package, while for certificates
    // embedded in the kubeConfig files, it is the kubeConfig file name defined in the kubeadm constants package.
    // If you use the CertificateRenewHandler returned by Certificates func, handler.Name already contains the right value.
    Name string

    // ExpirationDate defines certificate expiration date
    ExpirationDate time.Time

    // ExternallyManaged defines if the certificate is externally managed, that is when
    // the signing CA certificate is provided without the certificate key (In this case kubeadm can't renew the certificate)
    ExternallyManaged bool
}

ExpirationInfo defines expiration info for a certificate

func (*ExpirationInfo) ResidualTime Uses

func (e *ExpirationInfo) ResidualTime() time.Duration

ResidualTime returns the time missing to expiration

type FileRenewer Uses

type FileRenewer struct {
    // contains filtered or unexported fields
}

FileRenewer define a certificate renewer implementation that uses given CA cert and key for generating new certficiates

func NewFileRenewer Uses

func NewFileRenewer(caCert *x509.Certificate, caKey crypto.Signer) *FileRenewer

NewFileRenewer returns a new certificate renewer that uses given CA cert and key for generating new certficiates

func (*FileRenewer) Renew Uses

func (r *FileRenewer) Renew(cfg *certutil.Config) (*x509.Certificate, crypto.Signer, error)

Renew a certificate using a given CA cert and key

type Manager Uses

type Manager struct {
    // contains filtered or unexported fields
}

Manager can be used to coordinate certificate renewal and related processes, like CSR generation or checking certificate expiration

func NewManager Uses

func NewManager(cfg *kubeadmapi.ClusterConfiguration, kubernetesDir string) (*Manager, error)

NewManager return a new certificate renewal manager ready for handling certificates in the cluster

func (*Manager) Certificates Uses

func (rm *Manager) Certificates() []*CertificateRenewHandler

Certificates return the list of certificates controlled by this Manager

func (*Manager) CreateRenewCSR Uses

func (rm *Manager) CreateRenewCSR(name, outdir string) error

CreateRenewCSR generates CSR request for certificate renewal. For PKI certificates, use the name defined in the certsphase package, while for certificates embedded in the kubeConfig files, use the kubeConfig file name defined in the kubeadm constants package. If you use the CertificateRenewHandler returned by Certificates func, handler.Name already contains the right value.

func (*Manager) GetExpirationInfo Uses

func (rm *Manager) GetExpirationInfo(name string) (*ExpirationInfo, error)

GetExpirationInfo returns certificate expiration info. For PKI certificates, use the name defined in the certsphase package, while for certificates embedded in the kubeConfig files, use the kubeConfig file name defined in the kubeadm constants package. If you use the CertificateRenewHandler returned by Certificates func, handler.Name already contains the right value.

func (*Manager) IsExternallyManaged Uses

func (rm *Manager) IsExternallyManaged(h *CertificateRenewHandler) (bool, error)

IsExternallyManaged checks if we are in the external CA case (CA certificate provided without the certificate key)

func (*Manager) RenewUsingCSRAPI Uses

func (rm *Manager) RenewUsingCSRAPI(name string, client clientset.Interface) error

RenewUsingCSRAPI executes certificate renewal uses the K8s certificate API. For PKI certificates, use the name defined in the certsphase package, while for certificates embedded in the kubeConfig files, use the kubeConfig file name defined in the kubeadm constants package. If you use the CertificateRenewHandler returned by Certificates func, handler.Name already contains the right value.

func (*Manager) RenewUsingLocalCA Uses

func (rm *Manager) RenewUsingLocalCA(name string) (bool, error)

RenewUsingLocalCA executes certificate renewal using local certificate authorities for generating new certs. For PKI certificates, use the name defined in the certsphase package, while for certificates embedded in the kubeConfig files, use the kubeConfig file name defined in the kubeadm constants package. If you use the CertificateRenewHandler returned by Certificates func, handler.Name already contains the right value.

Package renewal imports 22 packages (graph) and is imported by 7 packages. Updated 2019-09-27. Refresh now. Tools for package owners.