本文整理汇总了Golang中github.com/openshift/origin/pkg/cmd/server/admin.DefaultCABundleFile函数的典型用法代码示例。如果您正苦于以下问题:Golang DefaultCABundleFile函数的具体用法?Golang DefaultCABundleFile怎么用?Golang DefaultCABundleFile使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了DefaultCABundleFile函数的4个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。
示例1: CreateCerts
func (o MasterOptions) CreateCerts() error {
masterAddr, err := o.MasterArgs.GetMasterAddress()
if err != nil {
return err
}
publicMasterAddr, err := o.MasterArgs.GetMasterPublicAddress()
if err != nil {
return err
}
signerName := admin.DefaultSignerName()
hostnames, err := o.MasterArgs.GetServerCertHostnames()
if err != nil {
return err
}
mintAllCertsOptions := admin.CreateMasterCertsOptions{
CertDir: o.MasterArgs.ConfigDir.Value(),
SignerName: signerName,
Hostnames: hostnames.List(),
APIServerURL: masterAddr.String(),
APIServerCAFiles: o.MasterArgs.APIServerCAFiles,
CABundleFile: admin.DefaultCABundleFile(o.MasterArgs.ConfigDir.Value()),
PublicAPIServerURL: publicMasterAddr.String(),
Output: cmdutil.NewGLogWriterV(3),
}
if err := mintAllCertsOptions.Validate(nil); err != nil {
return err
}
if err := mintAllCertsOptions.CreateMasterCerts(); err != nil {
return err
}
return nil
}
示例2: CreateNodeConfig
func (o NodeOptions) CreateNodeConfig() error {
getSignerOptions := &admin.SignerCertOptions{
CertFile: admin.DefaultCertFilename(o.NodeArgs.MasterCertDir, admin.CAFilePrefix),
KeyFile: admin.DefaultKeyFilename(o.NodeArgs.MasterCertDir, admin.CAFilePrefix),
SerialFile: admin.DefaultSerialFilename(o.NodeArgs.MasterCertDir, admin.CAFilePrefix),
}
var dnsIP string
if len(o.NodeArgs.ClusterDNS) > 0 {
dnsIP = o.NodeArgs.ClusterDNS.String()
}
masterAddr, err := o.NodeArgs.KubeConnectionArgs.GetKubernetesAddress(o.NodeArgs.DefaultKubernetesURL)
if err != nil {
return err
}
hostnames, err := o.NodeArgs.GetServerCertHostnames()
if err != nil {
return err
}
nodeConfigDir := o.NodeArgs.ConfigDir.Value()
createNodeConfigOptions := admin.CreateNodeConfigOptions{
SignerCertOptions: getSignerOptions,
NodeConfigDir: nodeConfigDir,
NodeName: o.NodeArgs.NodeName,
Hostnames: hostnames.List(),
VolumeDir: o.NodeArgs.VolumeDir,
ImageTemplate: o.NodeArgs.ImageFormatArgs.ImageTemplate,
AllowDisabledDocker: o.NodeArgs.AllowDisabledDocker,
DNSDomain: o.NodeArgs.ClusterDomain,
DNSIP: dnsIP,
ListenAddr: o.NodeArgs.ListenArg.ListenAddr,
NetworkPluginName: o.NodeArgs.NetworkPluginName,
APIServerURL: masterAddr.String(),
APIServerCAFiles: []string{admin.DefaultCABundleFile(o.NodeArgs.MasterCertDir)},
NodeClientCAFile: getSignerOptions.CertFile,
ExpireDays: o.ExpireDays,
Output: cmdutil.NewGLogWriterV(3),
}
if err := createNodeConfigOptions.Validate(nil); err != nil {
return err
}
if err := createNodeConfigOptions.CreateNodeFolder(); err != nil {
return err
}
return nil
}
示例3: BuildSerializeableMasterConfig
//.........这里部分代码省略.........
DefaultNodeSelector: "",
ProjectRequestMessage: "",
ProjectRequestTemplate: "",
// Allocator defaults on
SecurityAllocator: &configapi.SecurityAllocator{},
},
NetworkConfig: configapi.MasterNetworkConfig{
NetworkPluginName: args.NetworkArgs.NetworkPluginName,
ClusterNetworkCIDR: args.NetworkArgs.ClusterNetworkCIDR,
HostSubnetLength: args.NetworkArgs.HostSubnetLength,
ServiceNetworkCIDR: args.NetworkArgs.ServiceNetworkCIDR,
},
VolumeConfig: configapi.MasterVolumeConfig{
DynamicProvisioningEnabled: true,
},
ControllerConfig: configapi.ControllerConfig{
ServiceServingCert: configapi.ServiceServingCert{
Signer: &serviceServingCertSigner,
},
},
}
if args.ListenArg.UseTLS() {
config.ServingInfo.ServerCert = admin.DefaultMasterServingCertInfo(args.ConfigDir.Value())
config.ServingInfo.ClientCA = admin.DefaultAPIClientCAFile(args.ConfigDir.Value())
config.AssetConfig.ServingInfo.ServerCert = admin.DefaultAssetServingCertInfo(args.ConfigDir.Value())
if oauthConfig != nil {
s := admin.DefaultCABundleFile(args.ConfigDir.Value())
oauthConfig.MasterCA = &s
}
// Only set up ca/cert info for kubelet connections if we're self-hosting Kubernetes
if builtInKubernetes {
config.KubeletClientInfo.CA = admin.DefaultRootCAFile(args.ConfigDir.Value())
config.KubeletClientInfo.ClientCert = kubeletClientInfo.CertLocation
config.ServiceAccountConfig.MasterCA = admin.DefaultCABundleFile(args.ConfigDir.Value())
}
// Only set up ca/cert info for etcd connections if we're self-hosting etcd
if builtInEtcd {
config.EtcdClientInfo.CA = admin.DefaultRootCAFile(args.ConfigDir.Value())
config.EtcdClientInfo.ClientCert = etcdClientInfo.CertLocation
}
}
if builtInKubernetes {
// When we start Kubernetes, we're responsible for generating all the managed service accounts
config.ServiceAccountConfig.ManagedNames = []string{
bootstrappolicy.DefaultServiceAccountName,
bootstrappolicy.BuilderServiceAccountName,
bootstrappolicy.DeployerServiceAccountName,
}
// We also need the private key file to give to the token generator
config.ServiceAccountConfig.PrivateKeyFile = admin.DefaultServiceAccountPrivateKeyFile(args.ConfigDir.Value())
// We also need the public key file to give to the authenticator
config.ServiceAccountConfig.PublicKeyFiles = []string{
admin.DefaultServiceAccountPublicKeyFile(args.ConfigDir.Value()),
}
} else {
// When running against an external Kubernetes, we're only responsible for the builder and deployer accounts.
示例4: BuildSerializeableMasterConfig
//.........这里部分代码省略.........
BindAddress: dnsServingInfo.BindAddress,
BindNetwork: dnsServingInfo.BindNetwork,
},
MasterClients: configapi.MasterClients{
OpenShiftLoopbackKubeConfig: admin.DefaultKubeConfigFilename(args.ConfigDir.Value(), bootstrappolicy.MasterUnqualifiedUsername),
ExternalKubernetesKubeConfig: args.KubeConnectionArgs.ClientConfigLoadingRules.ExplicitPath,
},
EtcdClientInfo: configapi.EtcdConnectionInfo{
URLs: []string{etcdAddress.String()},
},
KubeletClientInfo: configapi.KubeletConnectionInfo{
Port: ports.KubeletPort,
},
PolicyConfig: configapi.PolicyConfig{
BootstrapPolicyFile: args.GetPolicyFile(),
OpenShiftSharedResourcesNamespace: bootstrappolicy.DefaultOpenShiftSharedResourcesNamespace,
},
ImageConfig: configapi.ImageConfig{
Format: args.ImageFormatArgs.ImageTemplate.Format,
Latest: args.ImageFormatArgs.ImageTemplate.Latest,
},
ProjectConfig: configapi.ProjectConfig{
DefaultNodeSelector: "",
ProjectRequestMessage: "",
ProjectRequestTemplate: "",
// Allocator defaults on
SecurityAllocator: &configapi.SecurityAllocator{},
},
NetworkConfig: configapi.MasterNetworkConfig{
NetworkPluginName: args.NetworkArgs.NetworkPluginName,
ClusterNetworkCIDR: args.NetworkArgs.ClusterNetworkCIDR,
HostSubnetLength: args.NetworkArgs.HostSubnetLength,
ServiceNetworkCIDR: args.NetworkArgs.ServiceNetworkCIDR,
},
}
if args.ListenArg.UseTLS() {
config.ServingInfo.ServerCert = admin.DefaultMasterServingCertInfo(args.ConfigDir.Value())
config.ServingInfo.ClientCA = admin.DefaultAPIClientCAFile(args.ConfigDir.Value())
config.AssetConfig.ServingInfo.ServerCert = admin.DefaultAssetServingCertInfo(args.ConfigDir.Value())
if oauthConfig != nil {
s := admin.DefaultCABundleFile(args.ConfigDir.Value())
oauthConfig.MasterCA = &s
}
// Only set up ca/cert info for kubelet connections if we're self-hosting Kubernetes
if builtInKubernetes {
config.KubeletClientInfo.CA = admin.DefaultRootCAFile(args.ConfigDir.Value())
config.KubeletClientInfo.ClientCert = kubeletClientInfo.CertLocation
config.ServiceAccountConfig.MasterCA = admin.DefaultCABundleFile(args.ConfigDir.Value())
}
// Only set up ca/cert info for etcd connections if we're self-hosting etcd
if builtInEtcd {
config.EtcdClientInfo.CA = admin.DefaultRootCAFile(args.ConfigDir.Value())
config.EtcdClientInfo.ClientCert = etcdClientInfo.CertLocation
}
}
if builtInKubernetes {
// When we start Kubernetes, we're responsible for generating all the managed service accounts
config.ServiceAccountConfig.ManagedNames = []string{
bootstrappolicy.DefaultServiceAccountName,
bootstrappolicy.BuilderServiceAccountName,
bootstrappolicy.DeployerServiceAccountName,
}
// We also need the private key file to give to the token generator
config.ServiceAccountConfig.PrivateKeyFile = admin.DefaultServiceAccountPrivateKeyFile(args.ConfigDir.Value())
// We also need the public key file to give to the authenticator
config.ServiceAccountConfig.PublicKeyFiles = []string{
admin.DefaultServiceAccountPublicKeyFile(args.ConfigDir.Value()),
}
} else {
// When running against an external Kubernetes, we're only responsible for the builder and deployer accounts.
// We don't have the private key, but we need to get the public key to authenticate signed tokens.
// TODO: JTL: take arg for public key(s)?
config.ServiceAccountConfig.ManagedNames = []string{
bootstrappolicy.BuilderServiceAccountName,
bootstrappolicy.DeployerServiceAccountName,
}
config.ServiceAccountConfig.PublicKeyFiles = []string{}
}
internal, err := applyDefaults(config, configapiv1.SchemeGroupVersion)
if err != nil {
return nil, err
}
return internal.(*configapi.MasterConfig), nil
}