import "sigs.k8s.io/cluster-api/util/secret"
certificates.go consts.go secret.go
const ( // KubeconfigDataName is the key used to store a Kubeconfig in the secret's data field. KubeconfigDataName = "value" // TLSKeyDataName is the key used to store a TLS private key in the secret's data field. TLSKeyDataName = "tls.key" // TLSCrtDataName is the key used to store a TLS certificate in the secret's data field. TLSCrtDataName = "tls.crt" // Kubeconfig is the secret name suffix storing the Cluster Kubeconfig. Kubeconfig = Purpose("kubeconfig") // ClusterCA is the secret name suffix for APIServer CA. ClusterCA = Purpose("ca") // EtcdCA is the secret name suffix for the Etcd CA EtcdCA Purpose = "etcd" // ServiceAccount is the secret name suffix for the Service Account keys ServiceAccount Purpose = "sa" // FrontProxyCA is the secret name suffix for Front Proxy CA FrontProxyCA Purpose = "proxy" // APIServerEtcdClient is the secret name of user-supplied secret containing the apiserver-etcd-client key/cert APIServerEtcdClient Purpose = "apiserver-etcd-client" )
const (
DefaultCertificatesDir = "/etc/kubernetes/pki"
)
var ( // ErrMissingCertificate is an error indicating a certificate is entirely missing ErrMissingCertificate = errors.New("missing certificate") // ErrMissingCrt is an error indicating the crt file is missing from the certificate ErrMissingCrt = errors.New("missing crt data") // ErrMissingKey is an error indicating the key file is missing from the certificate ErrMissingKey = errors.New("missing key data") )
func Get(ctx context.Context, c client.Reader, cluster client.ObjectKey, purpose Purpose) (*corev1.Secret, error)
Get retrieves the specified Secret (if any) from the given cluster name and namespace.
func GetFromNamespacedName(ctx context.Context, c client.Reader, clusterName client.ObjectKey, purpose Purpose) (*corev1.Secret, error)
GetFromNamespacedName retrieves the specified Secret (if any) from the given cluster name and namespace.
Name returns the name of the secret for a cluster.
type Certificate struct { Generated bool External bool Purpose Purpose KeyPair *certs.KeyPair CertFile, KeyFile string }
Certificate represents a single certificate CA.
func (c *Certificate) AsFiles() []bootstrapv1.File
AsFiles converts the certificate to a slice of Files that may have 0, 1 or 2 Files.
func (c *Certificate) AsSecret(clusterName client.ObjectKey, owner metav1.OwnerReference) *corev1.Secret
AsSecret converts a single certificate into a Kubernetes secret.
func (c *Certificate) Generate() error
func (c *Certificate) Hashes() ([]string, error)
Hashes hashes all the certificates stored in a CA certificate.
type Certificates []*Certificate
Certificates are the certificates necessary to bootstrap a cluster.
func NewCertificatesForInitialControlPlane(config *v1beta1.ClusterConfiguration) Certificates
NewCertificatesForInitialControlPlane returns a list of certificates configured for a control plane node
func NewCertificatesForJoiningControlPlane() Certificates
NewCertificatesForJoiningControlPlane gets any certs that exist and writes them to disk
Deprecated: this method is deprecated in favor of NewControlPlaneJoinCerts that provides full support for the external etcd scenario.
func NewCertificatesForWorker(caCertPath string) Certificates
NewCertificatesForWorker return an initialized but empty set of CA certificates needed to bootstrap a cluster.
func NewControlPlaneJoinCerts(config *v1beta1.ClusterConfiguration) Certificates
NewControlPlaneJoinCerts gets any certs that exist and writes them to disk
func (c Certificates) AsFiles() []bootstrapv1.File
AsFiles converts a slice of certificates into bootstrap files.
func (c Certificates) EnsureAllExist() error
EnsureAllExist ensure that there is some data present for every certificate
func (c Certificates) Generate() error
Generate will generate any certificates that do not have KeyPair data.
func (c Certificates) GetByPurpose(purpose Purpose) *Certificate
GetByPurpose returns a certificate by the given name. This could be removed if we use a map instead of a slice to hold certificates, however other code becomes more complex.
func (c Certificates) Lookup(ctx context.Context, ctrlclient client.Client, clusterName client.ObjectKey) error
Lookup looks up each certificate from secrets and populates the certificate with the secret data.
func (c Certificates) LookupOrGenerate(ctx context.Context, ctrlclient client.Client, clusterName client.ObjectKey, owner metav1.OwnerReference) error
LookupOrGenerate is a convenience function that wraps cluster bootstrap certificate behavior.
func (c Certificates) SaveGenerated(ctx context.Context, ctrlclient client.Client, clusterName client.ObjectKey, owner metav1.OwnerReference) error
SaveGenerated will save any certificates that have been generated as Kubernetes secrets.
Purpose is the name to append to the secret generated for a cluster.
ParseSecretName return the cluster name and the suffix Purpose in name is a valid cluster secrets, otherwise it return error.
Package secret imports 22 packages (graph) and is imported by 18 packages. Updated 2020-12-14. Refresh now. Tools for package owners.