const ( // KubeconfigDataName is the key used to store a Kubeconfig in the secret's data field. KubeconfigDataName = "value" // TLSKeyDataName is the key used to store a TLS private key in the secret's data field. TLSKeyDataName = "tls.key" // TLSCrtDataName is the key used to store a TLS certificate in the secret's data field. TLSCrtDataName = "tls.crt" // Kubeconfig is the secret name suffix storing the Cluster Kubeconfig. Kubeconfig = Purpose("kubeconfig") // ClusterCA is the secret name suffix for APIServer CA. ClusterCA = Purpose("ca") // EtcdCA is the secret name suffix for the Etcd CA EtcdCA Purpose = "etcd" // ServiceAccount is the secret name suffix for the Service Account keys ServiceAccount Purpose = "sa" // FrontProxyCA is the secret name suffix for Front Proxy CA FrontProxyCA Purpose = "proxy" // APIServerEtcdClient is the secret name of user-supplied secret containing the apiserver-etcd-client key/cert APIServerEtcdClient Purpose = "apiserver-etcd-client" )
const ( DefaultCertificatesDir = "/etc/kubernetes/pki" )
var ( // ErrMissingCertificate is an error indicating a certificate is entirely missing ErrMissingCertificate = errors.New("missing certificate") // ErrMissingCrt is an error indicating the crt file is missing from the certificate ErrMissingCrt = errors.New("missing crt data") // ErrMissingKey is an error indicating the key file is missing from the certificate ErrMissingKey = errors.New("missing key data") )
Get retrieves the specified Secret (if any) from the given cluster name and namespace.
GetFromNamespacedName retrieves the specified Secret (if any) from the given cluster name and namespace.
Name returns the name of the secret for a cluster.
Certificate represents a single certificate CA.
AsFiles converts the certificate to a slice of Files that may have 0, 1 or 2 Files.
func (c *Certificate) AsSecret(clusterName client.ObjectKey, owner metav1.OwnerReference) *corev1.Secret
AsSecret converts a single certificate into a Kubernetes secret.
Hashes hashes all the certificates stored in a CA certificate.
Certificates are the certificates necessary to bootstrap a cluster.
NewCertificatesForInitialControlPlane returns a list of certificates configured for a control plane node
NewCertificatesForJoiningControlPlane gets any certs that exist and writes them to disk
Deprecated: this method is deprecated in favor of NewControlPlaneJoinCerts that provides full support for the external etcd scenario.
NewCertificatesForWorker return an initialized but empty set of CA certificates needed to bootstrap a cluster.
NewControlPlaneJoinCerts gets any certs that exist and writes them to disk
AsFiles converts a slice of certificates into bootstrap files.
EnsureAllExist ensure that there is some data present for every certificate
Generate will generate any certificates that do not have KeyPair data.
GetByPurpose returns a certificate by the given name. This could be removed if we use a map instead of a slice to hold certificates, however other code becomes more complex.
Lookup looks up each certificate from secrets and populates the certificate with the secret data.
func (c Certificates) LookupOrGenerate(ctx context.Context, ctrlclient client.Client, clusterName client.ObjectKey, owner metav1.OwnerReference) error
LookupOrGenerate is a convenience function that wraps cluster bootstrap certificate behavior.
func (c Certificates) SaveGenerated(ctx context.Context, ctrlclient client.Client, clusterName client.ObjectKey, owner metav1.OwnerReference) error
SaveGenerated will save any certificates that have been generated as Kubernetes secrets.
Purpose is the name to append to the secret generated for a cluster.
ParseSecretName return the cluster name and the suffix Purpose in name is a valid cluster secrets, otherwise it return error.