k3s/pkg/cli/cmds/certs.go

87 lines
2.4 KiB
Go
Raw Normal View History

package cmds
import (
"github.com/k3s-io/k3s/pkg/version"
"github.com/urfave/cli"
)
const CertCommand = "certificate"
type CertRotateCA struct {
CACertPath string
Force bool
}
var (
ServicesList cli.StringSlice
CertRotateCAConfig CertRotateCA
CertRotateCommandFlags = []cli.Flag{
DebugFlag,
ConfigFlag,
LogFile,
AlsoLogToStderr,
DataDirFlag,
&cli.StringSliceFlag{
Name: "service,s",
Usage: "List of services to rotate certificates for. Options include (admin, api-server, controller-manager, scheduler, " + version.Program + "-controller, " + version.Program + "-server, cloud-controller, etcd, auth-proxy, kubelet, kube-proxy)",
Value: &ServicesList,
},
}
CertRotateCACommandFlags = []cli.Flag{
cli.StringFlag{
Name: "server,s",
Usage: "(cluster) Server to connect to",
EnvVar: version.ProgramUpper + "_URL",
Value: "https://127.0.0.1:6443",
Destination: &ServerConfig.ServerURL,
},
cli.StringFlag{
Name: "data-dir,d",
Usage: "(data) Folder to hold state default /var/lib/rancher/" + version.Program + " or ${HOME}/.rancher/" + version.Program + " if not root",
Destination: &ServerConfig.DataDir,
},
cli.StringFlag{
Name: "path",
Usage: "Path to directory containing new CA certificates",
Destination: &CertRotateCAConfig.CACertPath,
Required: true,
},
cli.BoolFlag{
Name: "force",
Usage: "Force certificate replacement, even if consistency checks fail",
Destination: &CertRotateCAConfig.Force,
},
}
)
func NewCertCommand(subcommands []cli.Command) cli.Command {
return cli.Command{
Name: CertCommand,
Usage: "Manage K3s certificates",
SkipFlagParsing: false,
SkipArgReorder: true,
Subcommands: subcommands,
}
}
func NewCertSubcommands(rotate, rotateCA func(ctx *cli.Context) error) []cli.Command {
return []cli.Command{
{
Name: "rotate",
Usage: "Rotate " + version.Program + " component certificates on disk",
SkipFlagParsing: false,
SkipArgReorder: true,
Action: rotate,
Flags: CertRotateCommandFlags,
},
{
Name: "rotate-ca",
Usage: "Write updated " + version.Program + " CA certificates to the datastore",
SkipFlagParsing: false,
SkipArgReorder: true,
Action: rotateCA,
Flags: CertRotateCACommandFlags,
},
}
}