cluster-api: sigs.k8s.io/cluster-api/util/secret Index | Files

package secret

import "sigs.k8s.io/cluster-api/util/secret"

Index

Package Files

certificates.go consts.go secret.go

Constants

const (
    // KubeconfigDataName is the key used to store a Kubeconfig in the secret's data field.
    KubeconfigDataName = "value"

    // TLSKeyDataName is the key used to store a TLS private key in the secret's data field.
    TLSKeyDataName = "tls.key"

    // TLSCrtDataName is the key used to store a TLS certificate in the secret's data field.
    TLSCrtDataName = "tls.crt"

    // Kubeconfig is the secret name suffix storing the Cluster Kubeconfig.
    Kubeconfig = Purpose("kubeconfig")

    // ClusterCA is the secret name suffix for APIServer CA.
    ClusterCA = Purpose("ca")

    // EtcdCA is the secret name suffix for the Etcd CA
    EtcdCA Purpose = "etcd"

    // ServiceAccount is the secret name suffix for the Service Account keys
    ServiceAccount Purpose = "sa"

    // FrontProxyCA is the secret name suffix for Front Proxy CA
    FrontProxyCA Purpose = "proxy"

    // APIServerEtcdClient is the secret name of user-supplied secret containing the apiserver-etcd-client key/cert
    APIServerEtcdClient Purpose = "apiserver-etcd-client"
)
const (
    DefaultCertificatesDir = "/etc/kubernetes/pki"
)

Variables

var (
    // ErrMissingCertificate is an error indicating a certificate is entirely missing
    ErrMissingCertificate = errors.New("missing certificate")

    // ErrMissingCrt is an error indicating the crt file is missing from the certificate
    ErrMissingCrt = errors.New("missing crt data")

    // ErrMissingKey is an error indicating the key file is missing from the certificate
    ErrMissingKey = errors.New("missing key data")
)

func Get Uses

func Get(ctx context.Context, c client.Reader, cluster client.ObjectKey, purpose Purpose) (*corev1.Secret, error)

Get retrieves the specified Secret (if any) from the given cluster name and namespace.

func GetFromNamespacedName Uses

func GetFromNamespacedName(ctx context.Context, c client.Reader, clusterName client.ObjectKey, purpose Purpose) (*corev1.Secret, error)

GetFromNamespacedName retrieves the specified Secret (if any) from the given cluster name and namespace.

func Name Uses

func Name(cluster string, suffix Purpose) string

Name returns the name of the secret for a cluster.

type Certificate Uses

type Certificate struct {
    Generated         bool
    External          bool
    Purpose           Purpose
    KeyPair           *certs.KeyPair
    CertFile, KeyFile string
}

Certificate represents a single certificate CA.

func (*Certificate) AsFiles Uses

func (c *Certificate) AsFiles() []bootstrapv1.File

AsFiles converts the certificate to a slice of Files that may have 0, 1 or 2 Files.

func (*Certificate) AsSecret Uses

func (c *Certificate) AsSecret(clusterName client.ObjectKey, owner metav1.OwnerReference) *corev1.Secret

AsSecret converts a single certificate into a Kubernetes secret.

func (*Certificate) Hashes Uses

func (c *Certificate) Hashes() ([]string, error)

Hashes hashes all the certificates stored in a CA certificate.

type Certificates Uses

type Certificates []*Certificate

Certificates are the certificates necessary to bootstrap a cluster.

func NewCertificatesForInitialControlPlane Uses

func NewCertificatesForInitialControlPlane(config *v1beta1.ClusterConfiguration) Certificates

NewCertificatesForInitialControlPlane returns a list of certificates configured for a control plane node

func NewCertificatesForJoiningControlPlane Uses

func NewCertificatesForJoiningControlPlane() Certificates

NewCertificatesForJoiningControlPlane gets any certs that exist and writes them to disk

Deprecated: this method is deprecated in favor of NewControlPlaneJoinCerts that provides full support for the external etcd scenario.

func NewCertificatesForWorker Uses

func NewCertificatesForWorker(caCertPath string) Certificates

NewCertificatesForWorker return an initialized but empty set of CA certificates needed to bootstrap a cluster.

func NewControlPlaneJoinCerts Uses

func NewControlPlaneJoinCerts(config *v1beta1.ClusterConfiguration) Certificates

NewControlPlaneJoinCerts gets any certs that exist and writes them to disk

func (Certificates) AsFiles Uses

func (c Certificates) AsFiles() []bootstrapv1.File

AsFiles converts a slice of certificates into bootstrap files.

func (Certificates) EnsureAllExist Uses

func (c Certificates) EnsureAllExist() error

EnsureAllExist ensure that there is some data present for every certificate

func (Certificates) Generate Uses

func (c Certificates) Generate() error

Generate will generate any certificates that do not have KeyPair data.

func (Certificates) GetByPurpose Uses

func (c Certificates) GetByPurpose(purpose Purpose) *Certificate

GetByPurpose returns a certificate by the given name. This could be removed if we use a map instead of a slice to hold certificates, however other code becomes more complex.

func (Certificates) Lookup Uses

func (c Certificates) Lookup(ctx context.Context, ctrlclient client.Client, clusterName client.ObjectKey) error

Lookup looks up each certificate from secrets and populates the certificate with the secret data.

func (Certificates) LookupOrGenerate Uses

func (c Certificates) LookupOrGenerate(ctx context.Context, ctrlclient client.Client, clusterName client.ObjectKey, owner metav1.OwnerReference) error

LookupOrGenerate is a convenience function that wraps cluster bootstrap certificate behavior.

func (Certificates) SaveGenerated Uses

func (c Certificates) SaveGenerated(ctx context.Context, ctrlclient client.Client, clusterName client.ObjectKey, owner metav1.OwnerReference) error

SaveGenerated will save any certificates that have been generated as Kubernetes secrets.

type Purpose Uses

type Purpose string

Purpose is the name to append to the secret generated for a cluster.

func ParseSecretName Uses

func ParseSecretName(name string) (string, Purpose, error)

ParseSecretName return the cluster name and the suffix Purpose in name is a valid cluster secrets, otherwise it return error.

Package secret imports 22 packages (graph) and is imported by 16 packages. Updated 2020-10-29. Refresh now. Tools for package owners.