You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
|
package cmds
|
|
|
|
|
|
|
|
import (
|
|
|
|
"github.com/k3s-io/k3s/pkg/version"
|
|
|
|
"github.com/urfave/cli"
|
|
|
|
)
|
|
|
|
|
|
|
|
const CertCommand = "certificate"
|
|
|
|
|
|
|
|
type CertRotateCA struct {
|
|
|
|
CACertPath string
|
|
|
|
Force bool
|
|
|
|
}
|
|
|
|
|
|
|
|
var (
|
|
|
|
ServicesList cli.StringSlice
|
|
|
|
CertRotateCAConfig CertRotateCA
|
|
|
|
CertRotateCommandFlags = []cli.Flag{
|
|
|
|
DebugFlag,
|
|
|
|
ConfigFlag,
|
|
|
|
LogFile,
|
|
|
|
AlsoLogToStderr,
|
|
|
|
DataDirFlag,
|
|
|
|
&cli.StringSliceFlag{
|
|
|
|
Name: "service,s",
|
|
|
|
Usage: "List of services to rotate certificates for. Options include (admin, api-server, controller-manager, scheduler, " + version.Program + "-controller, " + version.Program + "-server, cloud-controller, etcd, auth-proxy, kubelet, kube-proxy)",
|
|
|
|
Value: &ServicesList,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
CertRotateCACommandFlags = []cli.Flag{
|
|
|
|
cli.StringFlag{
|
|
|
|
Name: "server,s",
|
|
|
|
Usage: "(cluster) Server to connect to",
|
|
|
|
EnvVar: version.ProgramUpper + "_URL",
|
|
|
|
Value: "https://127.0.0.1:6443",
|
|
|
|
Destination: &ServerConfig.ServerURL,
|
|
|
|
},
|
|
|
|
cli.StringFlag{
|
|
|
|
Name: "data-dir,d",
|
|
|
|
Usage: "(data) Folder to hold state default /var/lib/rancher/" + version.Program + " or ${HOME}/.rancher/" + version.Program + " if not root",
|
|
|
|
Destination: &ServerConfig.DataDir,
|
|
|
|
},
|
|
|
|
cli.StringFlag{
|
|
|
|
Name: "path",
|
|
|
|
Usage: "Path to directory containing new CA certificates",
|
|
|
|
Destination: &CertRotateCAConfig.CACertPath,
|
|
|
|
Required: true,
|
|
|
|
},
|
|
|
|
cli.BoolFlag{
|
|
|
|
Name: "force",
|
|
|
|
Usage: "Force certificate replacement, even if consistency checks fail",
|
|
|
|
Destination: &CertRotateCAConfig.Force,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
)
|
|
|
|
|
|
|
|
func NewCertCommands(rotate, rotateCA func(ctx *cli.Context) error) cli.Command {
|
|
|
|
return cli.Command{
|
|
|
|
Name: CertCommand,
|
|
|
|
Usage: "Manage K3s certificates",
|
|
|
|
SkipFlagParsing: false,
|
|
|
|
SkipArgReorder: true,
|
|
|
|
Subcommands: []cli.Command{
|
|
|
|
{
|
|
|
|
Name: "rotate",
|
|
|
|
Usage: "Rotate " + version.Program + " component certificates on disk",
|
|
|
|
SkipFlagParsing: false,
|
|
|
|
SkipArgReorder: true,
|
|
|
|
Action: rotate,
|
|
|
|
Flags: CertRotateCommandFlags,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Name: "rotate-ca",
|
|
|
|
Usage: "Write updated " + version.Program + " CA certificates to the datastore",
|
|
|
|
SkipFlagParsing: false,
|
|
|
|
SkipArgReorder: true,
|
|
|
|
Action: rotateCA,
|
|
|
|
Flags: CertRotateCACommandFlags,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
}
|