kubernetes: k8s.io/kubernetes/cmd/kubeadm/app/phases/certs/renewal Index | Files

package renewal

import "k8s.io/kubernetes/cmd/kubeadm/app/phases/certs/renewal"

Index

Package Files

apirenewer.go expiration.go filerenewer.go manager.go readwriter.go

type APIRenewer Uses

type APIRenewer struct {
    // contains filtered or unexported fields
}

APIRenewer define a certificate renewer implementation that uses the K8s certificate API

func NewAPIRenewer Uses

func NewAPIRenewer(client clientset.Interface) *APIRenewer

NewAPIRenewer a new certificate renewer implementation that uses the K8s certificate API

func (*APIRenewer) Renew Uses

func (r *APIRenewer) Renew(cfg *certutil.Config) (*x509.Certificate, crypto.Signer, error)

Renew a certificate using the K8s certificate API

type CAExpirationHandler Uses

type CAExpirationHandler struct {
    // Name of the CA to be used for UX.
    // This value can be used to trigger operations on this CA
    Name string

    // LongName of the CA to be used for UX
    LongName string

    // FileName defines the name (or the BaseName) of the CA file
    FileName string
    // contains filtered or unexported fields
}

CAExpirationHandler defines required info for CA expiration check

type CertificateRenewHandler Uses

type CertificateRenewHandler struct {
    // Name of the certificate to be used for UX.
    // This value can be used to trigger operations on this certificate
    Name string

    // LongName of the certificate to be used for UX
    LongName string

    // FileName defines the name (or the BaseName) of the certificate file
    FileName string

    // CAName defines the name for the CA on which this certificate depends
    CAName string

    // CABaseName defines the base name for the CA that should be used for certificate renewal
    CABaseName string
    // contains filtered or unexported fields
}

CertificateRenewHandler defines required info for renewing a certificate

type ExpirationInfo Uses

type ExpirationInfo struct {
    // Name of the certificate
    // For PKI certificates, it is the name defined in the certsphase package, while for certificates
    // embedded in the kubeConfig files, it is the kubeConfig file name defined in the kubeadm constants package.
    // If you use the CertificateRenewHandler returned by Certificates func, handler.Name already contains the right value.
    Name string

    // ExpirationDate defines certificate expiration date
    ExpirationDate time.Time

    // ExternallyManaged defines if the certificate is externally managed, that is when
    // the signing CA certificate is provided without the certificate key (In this case kubeadm can't renew the certificate)
    ExternallyManaged bool
}

ExpirationInfo defines expiration info for a certificate

func (*ExpirationInfo) ResidualTime Uses

func (e *ExpirationInfo) ResidualTime() time.Duration

ResidualTime returns the time missing to expiration

type FileRenewer Uses

type FileRenewer struct {
    // contains filtered or unexported fields
}

FileRenewer define a certificate renewer implementation that uses given CA cert and key for generating new certficiates

func NewFileRenewer Uses

func NewFileRenewer(caCert *x509.Certificate, caKey crypto.Signer) *FileRenewer

NewFileRenewer returns a new certificate renewer that uses given CA cert and key for generating new certficiates

func (*FileRenewer) Renew Uses

func (r *FileRenewer) Renew(cfg *certutil.Config) (*x509.Certificate, crypto.Signer, error)

Renew a certificate using a given CA cert and key

type Manager Uses

type Manager struct {
    // contains filtered or unexported fields
}

Manager can be used to coordinate certificate renewal and related processes, like CSR generation or checking certificate expiration

func NewManager Uses

func NewManager(cfg *kubeadmapi.ClusterConfiguration, kubernetesDir string) (*Manager, error)

NewManager return a new certificate renewal manager ready for handling certificates in the cluster

func (*Manager) CAExists Uses

func (rm *Manager) CAExists(name string) (bool, error)

CAExists returns true if a certificate authority exists.

func (*Manager) CAs Uses

func (rm *Manager) CAs() []*CAExpirationHandler

CAs returns the list of CAs related to the certificates that are controlled by this manager

func (*Manager) CertificateExists Uses

func (rm *Manager) CertificateExists(name string) (bool, error)

CertificateExists returns true if a certificate exists.

func (*Manager) Certificates Uses

func (rm *Manager) Certificates() []*CertificateRenewHandler

Certificates returns the list of certificates controlled by this Manager

func (*Manager) CreateRenewCSR Uses

func (rm *Manager) CreateRenewCSR(name, outdir string) error

CreateRenewCSR generates CSR request for certificate renewal. For PKI certificates, use the name defined in the certsphase package, while for certificates embedded in the kubeConfig files, use the kubeConfig file name defined in the kubeadm constants package. If you use the CertificateRenewHandler returned by Certificates func, handler.Name already contains the right value.

func (*Manager) GetCAExpirationInfo Uses

func (rm *Manager) GetCAExpirationInfo(name string) (*ExpirationInfo, error)

GetCAExpirationInfo returns CA expiration info.

func (*Manager) GetCertificateExpirationInfo Uses

func (rm *Manager) GetCertificateExpirationInfo(name string) (*ExpirationInfo, error)

GetCertificateExpirationInfo returns certificate expiration info. For PKI certificates, use the name defined in the certsphase package, while for certificates embedded in the kubeConfig files, use the kubeConfig file name defined in the kubeadm constants package. If you use the CertificateRenewHandler returned by Certificates func, handler.Name already contains the right value.

func (*Manager) IsExternallyManaged Uses

func (rm *Manager) IsExternallyManaged(caBaseName string) (bool, error)

IsExternallyManaged checks if we are in the external CA case (CA certificate provided without the certificate key)

func (*Manager) RenewUsingCSRAPI Uses

func (rm *Manager) RenewUsingCSRAPI(name string, client clientset.Interface) error

RenewUsingCSRAPI executes certificate renewal uses the K8s certificate API. For PKI certificates, use the name defined in the certsphase package, while for certificates embedded in the kubeConfig files, use the kubeConfig file name defined in the kubeadm constants package. If you use the CertificateRenewHandler returned by Certificates func, handler.Name already contains the right value.

func (*Manager) RenewUsingLocalCA Uses

func (rm *Manager) RenewUsingLocalCA(name string) (bool, error)

RenewUsingLocalCA executes certificate renewal using local certificate authorities for generating new certs. For PKI certificates, use the name defined in the certsphase package, while for certificates embedded in the kubeConfig files, use the kubeConfig file name defined in the kubeadm constants package. If you use the CertificateRenewHandler returned by Certificates func, handler.Name already contains the right value.

Package renewal imports 23 packages (graph) and is imported by 8 packages. Updated 2019-11-13. Refresh now. Tools for package owners.