certificates

package
v0.23.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 4, 2025 License: Apache-2.0 Imports: 21 Imported by: 0

Documentation

Overview

Package certificates provides functionality for managing and renewing certificates in EKS Anywhere clusters.

Index

Constants

This section is empty.

Variables

View Source 
var VerbosityLevel int

VerbosityLevel controls the detail level of logging output.

Functions

func PopulateConfig added in v0.23.1 

func PopulateConfig(ctx context.Context, cfg *RenewalConfig, kubeClient kubernetes.Client, cluster *types.Cluster) error

PopulateConfig fills in the configuration with control plane and etcd node IPs from the Kubernetes cluster.

func ValidateComponentWithConfig added in v0.23.1 

func ValidateComponentWithConfig(component string, config *RenewalConfig) error

ValidateComponentWithConfig validates that the specified component is compatible with the configuration.

func ValidateConfig added in v0.23.1 

func ValidateConfig(config *RenewalConfig, component string) error

ValidateConfig validates the certificate renewal configuration and ensures all required fields are present.

Types

type BottlerocketRenewer added in v0.23.1 

type BottlerocketRenewer struct {
	// contains filtered or unexported fields
}

BottlerocketRenewer implements OSRenewer for Bottlerocket systems.

func NewBottlerocketRenewer added in v0.23.1 

func NewBottlerocketRenewer(backupDir string) *BottlerocketRenewer

NewBottlerocketRenewer creates a new BottlerocketRenewer.

func (*BottlerocketRenewer) CopyEtcdCertsToLocal added in v0.23.1 

func (b *BottlerocketRenewer) CopyEtcdCertsToLocal(ctx context.Context, node string, ssh SSHRunner) error

CopyEtcdCertsToLocal copies the etcd certificates from the specified node to the local machine.

func (*BottlerocketRenewer) RenewControlPlaneCerts added in v0.23.1 

func (b *BottlerocketRenewer) RenewControlPlaneCerts(
	ctx context.Context,
	node string,
	cfg *RenewalConfig,
	component string,
	ssh SSHRunner,
) error

RenewControlPlaneCerts renews certificates for control plane nodes.

func (*BottlerocketRenewer) RenewEtcdCerts added in v0.23.1 

func (b *BottlerocketRenewer) RenewEtcdCerts(ctx context.Context, node string, ssh SSHRunner) error

RenewEtcdCerts renews etcd certificates on a Bottlerocket node.

func (*BottlerocketRenewer) TransferCertsToControlPlaneFromLocal added in v0.23.1 

func (b *BottlerocketRenewer) TransferCertsToControlPlaneFromLocal(
	ctx context.Context, node string, ssh SSHRunner,
) error

TransferCertsToControlPlaneFromLocal transfers etcd client certificates to a control plane node.

type CertificateScanner 

type CertificateScanner interface {
	CheckCertificateExpiry(ctx context.Context, cluster *anywherev1.Cluster) ([]anywherev1.ClusterCertificateInfo, error)
	UpdateClusterCertificateStatus(ctx context.Context, cluster *anywherev1.Cluster) error
}

CertificateScanner defines the interface for checking certificate expiration.

type DefaultSSHRunner added in v0.23.1 

type DefaultSSHRunner struct {
	// contains filtered or unexported fields
}

DefaultSSHRunner is the default implementation of SSHRunner.

func NewSSHRunner added in v0.23.1 

func NewSSHRunner(cfg SSHConfig) (*DefaultSSHRunner, error)

NewSSHRunner creates a new SSH runner with the given configuration.

func (*DefaultSSHRunner) RunCommand added in v0.23.1 

func (r *DefaultSSHRunner) RunCommand(ctx context.Context, node string, cmd string, opts ...SSHOption) (string, error)

RunCommand executes a command on the remote node via SSH and returns the output.

type LinuxRenewer added in v0.23.1 

type LinuxRenewer struct {
	// contains filtered or unexported fields
}

LinuxRenewer implements OSRenewer for Linux-based systems (Ubuntu / RHEL).

func NewLinuxRenewer added in v0.23.1 

func NewLinuxRenewer(backupDir string) *LinuxRenewer

NewLinuxRenewer creates a new renewer for Linux-based operating systems.

func (*LinuxRenewer) CopyEtcdCertsToLocal added in v0.23.1 

func (l *LinuxRenewer) CopyEtcdCertsToLocal(
	ctx context.Context,
	node string,
	ssh SSHRunner,
) error

CopyEtcdCertsToLocal copies the etcd certificates from the specified node to the local machine.

func (*LinuxRenewer) RenewControlPlaneCerts added in v0.23.1 

func (l *LinuxRenewer) RenewControlPlaneCerts(
	ctx context.Context,
	node string,
	cfg *RenewalConfig,
	component string,
	ssh SSHRunner,
) error

RenewControlPlaneCerts renews certificates for control plane nodes.

func (*LinuxRenewer) RenewEtcdCerts added in v0.23.1 

func (l *LinuxRenewer) RenewEtcdCerts(
	ctx context.Context,
	node string,
	ssh SSHRunner,
) error

RenewEtcdCerts renews certificates for etcd nodes.

func (*LinuxRenewer) TransferCertsToControlPlaneFromLocal added in v0.23.1 

func (l *LinuxRenewer) TransferCertsToControlPlaneFromLocal(
	ctx context.Context, node string, ssh SSHRunner,
) error

TransferCertsToControlPlaneFromLocal transfers etcd client certificates to a control plane node.

type MachineInfo 

type MachineInfo struct {
	Name string
	IP   string
}

MachineInfo holds machine name and IP information.

type NodeConfig 

type NodeConfig struct {
	Nodes []string  `yaml:"nodes"`
	SSH   SSHConfig `yaml:"ssh"`
}

NodeConfig holds configuration for a group of nodes.

type OSRenewer added in v0.23.1 

type OSRenewer interface {
	RenewControlPlaneCerts(ctx context.Context, node string, config *RenewalConfig, component string, sshRunner SSHRunner) error
	RenewEtcdCerts(ctx context.Context, node string, sshRunner SSHRunner) error
	CopyEtcdCertsToLocal(ctx context.Context, node string, sshRunner SSHRunner) error
	TransferCertsToControlPlaneFromLocal(ctx context.Context, node string, sshRunner SSHRunner) error
}

OSRenewer defines the interface for OS-specific certificate renewal operations.

func BuildOSRenewer added in v0.23.1 

func BuildOSRenewer(osType string, backupDir string) OSRenewer

BuildOSRenewer creates a new OSRenewer based on the OS type.

type OSType added in v0.23.1 

type OSType string

OSType represents the type of operating system. 

const (
	// OSTypeLinux represents Linux-based operating systems.
	OSTypeLinux OSType = "linux"
	// OSTypeBottlerocket represents Bottlerocket OS.
	OSTypeBottlerocket OSType = "bottlerocket"
)

type RenewalConfig 

type RenewalConfig struct {
	ClusterName  string     `yaml:"clusterName"`
	OS           string     `yaml:"os"`
	ControlPlane NodeConfig `yaml:"controlPlane"`
	Etcd         NodeConfig `yaml:"etcd"`
}

RenewalConfig defines the configuration for certificate renewal operations.

func ParseConfig 

func ParseConfig(path string) (*RenewalConfig, error)

ParseConfig reads and parses a certificate renewal configuration file.

type Renewer added in v0.23.1 

type Renewer struct {
	BackupDir       string
	Kubectl         kubernetes.Client
	SSHEtcd         SSHRunner
	SSHControlPlane SSHRunner
	OS              OSRenewer
}

Renewer handles the certificate renewal process for EKS Anywhere clusters.

func NewRenewer added in v0.23.1 

func NewRenewer(kubectl kubernetes.Client, osType string, cfg *RenewalConfig) (*Renewer, error)

NewRenewer creates a new certificate renewer instance with a timestamped backup directory.

func (*Renewer) RenewCertificates added in v0.23.1 

func (r *Renewer) RenewCertificates(ctx context.Context, cfg *RenewalConfig, component string) error

RenewCertificates orchestrates the certificate renewal process for the specified component.

type SSHConfig added in v0.23.1 

type SSHConfig struct {
	User     string `yaml:"sshUser"`
	KeyPath  string `yaml:"sshKey"`
	Password string `yaml:"-"` // enviroment vairables
}

SSHConfig holds the SSH credential information.

type SSHOption added in v0.23.1 

type SSHOption func(*sshConfigOption)

SSHOption represents a configuration option for SSH operations.

func WithSSHLogging added in v0.23.1 

func WithSSHLogging(display bool) SSHOption

WithSSHLogging configures whether SSH command output should be displayed in logs.

type SSHRunner added in v0.23.1 

type SSHRunner interface {
	// RunCommand runs a command on the remote host and returns the output
	RunCommand(ctx context.Context, node string, cmd string, opts ...SSHOption) (string, error)
}

SSHRunner provides methods for running commands over SSH.

type Scanner 

type Scanner struct {
	// contains filtered or unexported fields
}

Scanner implements the CertificateScanner interface and provides certificate checking functionality.

func NewCertificateScanner 

func NewCertificateScanner(client client.Client, logger logr.Logger) *Scanner

NewCertificateScanner creates a new certificate service.

func (*Scanner) CheckCertificateExpiry 

func (s *Scanner) CheckCertificateExpiry(ctx context.Context, cluster *anywherev1.Cluster) ([]anywherev1.ClusterCertificateInfo, error)

CheckCertificateExpiry checks the certificate expiration for control plane and etcd machines.

func (*Scanner) UpdateClusterCertificateStatus 

func (s *Scanner) UpdateClusterCertificateStatus(ctx context.Context, cluster *anywherev1.Cluster) error

UpdateClusterCertificateStatus updates the cluster status with certificate information.

Source Files

View all Source files

Directories

Path Synopsis
Package mocks is a generated GoMock package.
 Package mocks is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.