2021-12-02 21:19:16 +00:00
|
|
|
package cmds
|
|
|
|
|
|
|
|
import (
|
2022-03-02 23:47:27 +00:00
|
|
|
"github.com/k3s-io/k3s/pkg/version"
|
2021-12-02 21:19:16 +00:00
|
|
|
"github.com/urfave/cli"
|
|
|
|
)
|
|
|
|
|
|
|
|
const CertCommand = "certificate"
|
|
|
|
|
2022-12-10 00:20:51 +00:00
|
|
|
type CertRotateCA struct {
|
|
|
|
CACertPath string
|
|
|
|
Force bool
|
|
|
|
}
|
|
|
|
|
2021-12-02 21:19:16 +00:00
|
|
|
var (
|
2022-12-10 00:20:51 +00:00
|
|
|
ServicesList cli.StringSlice
|
|
|
|
CertRotateCAConfig CertRotateCA
|
|
|
|
CertRotateCommandFlags = []cli.Flag{
|
2021-12-02 21:19:16 +00:00
|
|
|
DebugFlag,
|
|
|
|
ConfigFlag,
|
|
|
|
LogFile,
|
|
|
|
AlsoLogToStderr,
|
2022-08-02 20:51:16 +00:00
|
|
|
DataDirFlag,
|
2023-01-31 20:57:48 +00:00
|
|
|
&cli.StringSliceFlag{
|
2021-12-02 21:19:16 +00:00
|
|
|
Name: "service,s",
|
|
|
|
Usage: "List of services to rotate certificates for. Options include (admin, api-server, controller-manager, scheduler, " + version.Program + "-controller, " + version.Program + "-server, cloud-controller, etcd, auth-proxy, kubelet, kube-proxy)",
|
|
|
|
Value: &ServicesList,
|
|
|
|
},
|
|
|
|
}
|
2022-12-10 00:20:51 +00:00
|
|
|
CertRotateCACommandFlags = []cli.Flag{
|
|
|
|
cli.StringFlag{
|
|
|
|
Name: "server,s",
|
|
|
|
Usage: "(cluster) Server to connect to",
|
|
|
|
EnvVar: version.ProgramUpper + "_URL",
|
|
|
|
Value: "https://127.0.0.1:6443",
|
|
|
|
Destination: &ServerConfig.ServerURL,
|
|
|
|
},
|
2023-07-03 16:30:04 +00:00
|
|
|
cli.StringFlag{
|
|
|
|
Name: "data-dir,d",
|
|
|
|
Usage: "(data) Folder to hold state default /var/lib/rancher/" + version.Program + " or ${HOME}/.rancher/" + version.Program + " if not root",
|
|
|
|
Destination: &ServerConfig.DataDir,
|
|
|
|
},
|
2022-12-10 00:20:51 +00:00
|
|
|
cli.StringFlag{
|
|
|
|
Name: "path",
|
|
|
|
Usage: "Path to directory containing new CA certificates",
|
|
|
|
Destination: &CertRotateCAConfig.CACertPath,
|
|
|
|
Required: true,
|
|
|
|
},
|
|
|
|
cli.BoolFlag{
|
|
|
|
Name: "force",
|
|
|
|
Usage: "Force certificate replacement, even if consistency checks fail",
|
|
|
|
Destination: &CertRotateCAConfig.Force,
|
|
|
|
},
|
|
|
|
}
|
2021-12-02 21:19:16 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
func NewCertCommand(subcommands []cli.Command) cli.Command {
|
|
|
|
return cli.Command{
|
|
|
|
Name: CertCommand,
|
2022-12-10 00:20:51 +00:00
|
|
|
Usage: "Manage K3s certificates",
|
2021-12-02 21:19:16 +00:00
|
|
|
SkipFlagParsing: false,
|
|
|
|
SkipArgReorder: true,
|
|
|
|
Subcommands: subcommands,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-12-10 00:20:51 +00:00
|
|
|
func NewCertSubcommands(rotate, rotateCA func(ctx *cli.Context) error) []cli.Command {
|
2021-12-02 21:19:16 +00:00
|
|
|
return []cli.Command{
|
|
|
|
{
|
|
|
|
Name: "rotate",
|
2022-12-10 00:20:51 +00:00
|
|
|
Usage: "Rotate " + version.Program + " component certificates on disk",
|
2021-12-02 21:19:16 +00:00
|
|
|
SkipFlagParsing: false,
|
|
|
|
SkipArgReorder: true,
|
|
|
|
Action: rotate,
|
2022-12-10 00:20:51 +00:00
|
|
|
Flags: CertRotateCommandFlags,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Name: "rotate-ca",
|
|
|
|
Usage: "Write updated " + version.Program + " CA certificates to the datastore",
|
|
|
|
SkipFlagParsing: false,
|
|
|
|
SkipArgReorder: true,
|
|
|
|
Action: rotateCA,
|
|
|
|
Flags: CertRotateCACommandFlags,
|
2021-12-02 21:19:16 +00:00
|
|
|
},
|
|
|
|
}
|
|
|
|
}
|