package secret

import "sigs.k8s.io/cluster-api/util/secret"

Index ¶

• Constants
• Variables
• func Get(ctx context.Context, c client.Reader, cluster client.ObjectKey, purpose Purpose) (*corev1.Secret, error)
• func GetFromNamespacedName(ctx context.Context, c client.Reader, clusterName client.ObjectKey, purpose Purpose) (*corev1.Secret, error)
• func Name(cluster string, suffix Purpose) string
• type Certificate
• func (c *Certificate) AsFiles() []bootstrapv1.File
• func (c *Certificate) AsSecret(clusterName client.ObjectKey, owner metav1.OwnerReference) *corev1.Secret
• func (c *Certificate) Generate() error
• func (c *Certificate) Hashes() ([]string, error)
• type Certificates
• func NewCertificatesForInitialControlPlane(config *v1beta1.ClusterConfiguration) Certificates
• func NewCertificatesForJoiningControlPlane() Certificates
• func NewCertificatesForWorker(caCertPath string) Certificates
• func NewControlPlaneJoinCerts(config *v1beta1.ClusterConfiguration) Certificates
• func (c Certificates) AsFiles() []bootstrapv1.File
• func (c Certificates) EnsureAllExist() error
• func (c Certificates) Generate() error
• func (c Certificates) GetByPurpose(purpose Purpose) *Certificate
• func (c Certificates) Lookup(ctx context.Context, ctrlclient client.Client, clusterName client.ObjectKey) error
• func (c Certificates) LookupOrGenerate(ctx context.Context, ctrlclient client.Client, clusterName client.ObjectKey, owner metav1.OwnerReference) error
• func (c Certificates) SaveGenerated(ctx context.Context, ctrlclient client.Client, clusterName client.ObjectKey, owner metav1.OwnerReference) error
• type Purpose
• func ParseSecretName(name string) (string, Purpose, error)

Package Files ¶

certificates.go consts.go secret.go

Constants ¶

const (
    // KubeconfigDataName is the key used to store a Kubeconfig in the secret's data field.
    KubeconfigDataName = "value"

    // TLSKeyDataName is the key used to store a TLS private key in the secret's data field.
    TLSKeyDataName = "tls.key"

    // TLSCrtDataName is the key used to store a TLS certificate in the secret's data field.
    TLSCrtDataName = "tls.crt"

    // Kubeconfig is the secret name suffix storing the Cluster Kubeconfig.
    Kubeconfig = Purpose("kubeconfig")

    // ClusterCA is the secret name suffix for APIServer CA.
    ClusterCA = Purpose("ca")

    // EtcdCA is the secret name suffix for the Etcd CA
    EtcdCA Purpose = "etcd"

    // ServiceAccount is the secret name suffix for the Service Account keys
    ServiceAccount Purpose = "sa"

    // FrontProxyCA is the secret name suffix for Front Proxy CA
    FrontProxyCA Purpose = "proxy"

    // APIServerEtcdClient is the secret name of user-supplied secret containing the apiserver-etcd-client key/cert
    APIServerEtcdClient Purpose = "apiserver-etcd-client"
)

const (
    DefaultCertificatesDir = "/etc/kubernetes/pki"
)

Variables ¶

var (
    // ErrMissingCertificate is an error indicating a certificate is entirely missing
    ErrMissingCertificate = errors.New("missing certificate")

    // ErrMissingCrt is an error indicating the crt file is missing from the certificate
    ErrMissingCrt = errors.New("missing crt data")

    // ErrMissingKey is an error indicating the key file is missing from the certificate
    ErrMissingKey = errors.New("missing key data")
)

func Get ¶ Uses

func Get(ctx context.Context, c client.Reader, cluster client.ObjectKey, purpose Purpose) (*corev1.Secret, error)

Get retrieves the specified Secret (if any) from the given cluster name and namespace.

func GetFromNamespacedName ¶ Uses

func GetFromNamespacedName(ctx context.Context, c client.Reader, clusterName client.ObjectKey, purpose Purpose) (*corev1.Secret, error)

GetFromNamespacedName retrieves the specified Secret (if any) from the given cluster name and namespace.

func Name ¶ Uses

func Name(cluster string, suffix Purpose) string

Name returns the name of the secret for a cluster.

type Certificate ¶ Uses

type Certificate struct {
    Generated         bool
    External          bool
    Purpose           Purpose
    KeyPair           *certs.KeyPair
    CertFile, KeyFile string
}

Certificate represents a single certificate CA.

func (*Certificate) AsFiles ¶ Uses

func (c *Certificate) AsFiles() []bootstrapv1.File

AsFiles converts the certificate to a slice of Files that may have 0, 1 or 2 Files.

func (*Certificate) AsSecret ¶ Uses

func (c *Certificate) AsSecret(clusterName client.ObjectKey, owner metav1.OwnerReference) *corev1.Secret

AsSecret converts a single certificate into a Kubernetes secret.

func (*Certificate) Generate ¶ Uses

func (c *Certificate) Generate() error

func (*Certificate) Hashes ¶ Uses

func (c *Certificate) Hashes() ([]string, error)

Hashes hashes all the certificates stored in a CA certificate.

type Certificates ¶ Uses

type Certificates []*Certificate

Certificates are the certificates necessary to bootstrap a cluster.

func NewCertificatesForInitialControlPlane ¶ Uses

func NewCertificatesForInitialControlPlane(config *v1beta1.ClusterConfiguration) Certificates

NewCertificatesForInitialControlPlane returns a list of certificates configured for a control plane node

func NewCertificatesForJoiningControlPlane ¶ Uses

func NewCertificatesForJoiningControlPlane() Certificates

NewCertificatesForJoiningControlPlane gets any certs that exist and writes them to disk

Deprecated: this method is deprecated in favor of NewControlPlaneJoinCerts that provides full support for the external etcd scenario.

func NewCertificatesForWorker ¶ Uses

func NewCertificatesForWorker(caCertPath string) Certificates

NewCertificatesForWorker return an initialized but empty set of CA certificates needed to bootstrap a cluster.

func NewControlPlaneJoinCerts ¶ Uses

func NewControlPlaneJoinCerts(config *v1beta1.ClusterConfiguration) Certificates

NewControlPlaneJoinCerts gets any certs that exist and writes them to disk

func (Certificates) AsFiles ¶ Uses

func (c Certificates) AsFiles() []bootstrapv1.File

AsFiles converts a slice of certificates into bootstrap files.

func (Certificates) EnsureAllExist ¶ Uses

func (c Certificates) EnsureAllExist() error

EnsureAllExist ensure that there is some data present for every certificate

func (Certificates) Generate ¶ Uses

func (c Certificates) Generate() error

Generate will generate any certificates that do not have KeyPair data.

func (Certificates) GetByPurpose ¶ Uses

func (c Certificates) GetByPurpose(purpose Purpose) *Certificate

GetByPurpose returns a certificate by the given name. This could be removed if we use a map instead of a slice to hold certificates, however other code becomes more complex.

func (Certificates) Lookup ¶ Uses

func (c Certificates) Lookup(ctx context.Context, ctrlclient client.Client, clusterName client.ObjectKey) error

Lookup looks up each certificate from secrets and populates the certificate with the secret data.

func (Certificates) LookupOrGenerate ¶ Uses

func (c Certificates) LookupOrGenerate(ctx context.Context, ctrlclient client.Client, clusterName client.ObjectKey, owner metav1.OwnerReference) error

LookupOrGenerate is a convenience function that wraps cluster bootstrap certificate behavior.

func (Certificates) SaveGenerated ¶ Uses

func (c Certificates) SaveGenerated(ctx context.Context, ctrlclient client.Client, clusterName client.ObjectKey, owner metav1.OwnerReference) error

SaveGenerated will save any certificates that have been generated as Kubernetes secrets.

type Purpose ¶ Uses

type Purpose string

Purpose is the name to append to the secret generated for a cluster.

func ParseSecretName ¶ Uses

func ParseSecretName(name string) (string, Purpose, error)

ParseSecretName return the cluster name and the suffix Purpose in name is a valid cluster secrets, otherwise it return error.