kubernetesk8s.io/kubernetes/cmd/kubeadm/app/phases/certs/pkiutil Index | Files

package pkiutil

import "k8s.io/kubernetes/cmd/kubeadm/app/phases/certs/pkiutil"

Index

Functions

func CertOrKeyExist 

func CertOrKeyExist(pkiPath, name string) bool

CertOrKeyExist returns a boolean whether the cert or the key exists

func GetAPIServerAltNames 

func GetAPIServerAltNames(cfg *kubeadmapi.MasterConfiguration) (*certutil.AltNames, error)

GetAPIServerAltNames builds an AltNames object for to be used when generating apiserver certificate

func GetEtcdAltNames 

func GetEtcdAltNames(cfg *kubeadmapi.MasterConfiguration) (*certutil.AltNames, error)

GetEtcdAltNames builds an AltNames object for generating the etcd server certificate. `localhost` is included in the SAN since this is the interface the etcd static pod listens on. Hostname and `API.AdvertiseAddress` are excluded since etcd does not listen on this interface by default. The user can override the listen address with `Etcd.ExtraArgs` and add SANs with `Etcd.ServerCertSANs`.

func GetEtcdPeerAltNames 

func GetEtcdPeerAltNames(cfg *kubeadmapi.MasterConfiguration) (*certutil.AltNames, error)

GetEtcdPeerAltNames builds an AltNames object for generating the etcd peer certificate. `localhost` is excluded from the SAN since etcd will not refer to itself as a peer. Hostname and `API.AdvertiseAddress` are included if the user chooses to promote the single node etcd cluster into a multi-node one. The user can override the listen address with `Etcd.ExtraArgs` and add SANs with `Etcd.PeerCertSANs`.

func HasServerAuth 

func HasServerAuth(cert *x509.Certificate) bool

HasServerAuth returns true if the given certificate is a ServerAuth

func NewCertAndKey 

func NewCertAndKey(caCert *x509.Certificate, caKey *rsa.PrivateKey, config certutil.Config) (*x509.Certificate, *rsa.PrivateKey, error)

NewCertAndKey creates new certificate and key by passing the certificate authority certificate and key

func NewCertificateAuthority 

func NewCertificateAuthority() (*x509.Certificate, *rsa.PrivateKey, error)

NewCertificateAuthority creates new certificate and private key for the certificate authority

func TryLoadCertAndKeyFromDisk 

func TryLoadCertAndKeyFromDisk(pkiPath, name string) (*x509.Certificate, *rsa.PrivateKey, error)

TryLoadCertAndKeyFromDisk tries to load a cert and a key from the disk and validates that they are valid

func TryLoadCertFromDisk 

func TryLoadCertFromDisk(pkiPath, name string) (*x509.Certificate, error)

TryLoadCertFromDisk tries to load the cert from the disk and validates that it is valid

func TryLoadKeyFromDisk 

func TryLoadKeyFromDisk(pkiPath, name string) (*rsa.PrivateKey, error)

TryLoadKeyFromDisk tries to load the key from the disk and validates that it is valid

func TryLoadPrivatePublicKeyFromDisk 

func TryLoadPrivatePublicKeyFromDisk(pkiPath, name string) (*rsa.PrivateKey, *rsa.PublicKey, error)

TryLoadPrivatePublicKeyFromDisk tries to load the key from the disk and validates that it is valid

func WriteCert 

func WriteCert(pkiPath, name string, cert *x509.Certificate) error

WriteCert stores the given certificate at the given location

func WriteCertAndKey 

func WriteCertAndKey(pkiPath string, name string, cert *x509.Certificate, key *rsa.PrivateKey) error

WriteCertAndKey stores certificate and key at the specified location

func WriteKey 

func WriteKey(pkiPath, name string, key *rsa.PrivateKey) error

WriteKey stores the given key at the given location

func WritePublicKey 

func WritePublicKey(pkiPath, name string, key *rsa.PublicKey) error

WritePublicKey stores the given public key at the given location

Source Files

pki_helpers.go

Version
v1.10.4-beta.0
Published
May 21, 2018
Platform
linux/amd64
Imports
12 packages
Last checked
15 minutes ago

Tools for package owners.