k3s/pkg/util/services/services.go

157 lines
4.5 KiB
Go

package services
import (
"fmt"
"path/filepath"
"github.com/k3s-io/k3s/pkg/daemons/config"
"github.com/k3s-io/k3s/pkg/version"
)
const (
APIServer = "api-server"
Admin = "admin"
AuthProxy = "auth-proxy"
CertificateAuthority = "certificate-authority"
CloudController = "cloud-controller"
ControllerManager = "controller-manager"
ETCD = "etcd"
KubeProxy = "kube-proxy"
Kubelet = "kubelet"
ProgramController = "-controller"
ProgramServer = "-server"
Scheduler = "scheduler"
Supervisor = "supervisor"
)
var Agent = []string{
KubeProxy,
Kubelet,
version.Program + ProgramController,
}
var Server = []string{
APIServer,
Admin,
AuthProxy,
CloudController,
ControllerManager,
ETCD,
Scheduler,
Supervisor,
version.Program + ProgramServer,
}
var All = append(Server, Agent...)
// CA is intentionally not included in agent, server, or all as it
// requires manual action by the user to rotate these certs.
var CA = []string{
CertificateAuthority,
}
func FilesForServices(controlConfig config.Control, services []string) (map[string][]string, error) {
agentDataDir := filepath.Join(controlConfig.DataDir, "..", "agent")
fileMap := map[string][]string{}
for _, service := range services {
switch service {
case Admin:
fileMap[service] = []string{
controlConfig.Runtime.ClientAdminCert,
controlConfig.Runtime.ClientAdminKey,
}
case APIServer:
fileMap[service] = []string{
controlConfig.Runtime.ClientKubeAPICert,
controlConfig.Runtime.ClientKubeAPIKey,
controlConfig.Runtime.ServingKubeAPICert,
controlConfig.Runtime.ServingKubeAPIKey,
}
case ControllerManager:
fileMap[service] = []string{
controlConfig.Runtime.ClientControllerCert,
controlConfig.Runtime.ClientControllerKey,
}
case Scheduler:
fileMap[service] = []string{
controlConfig.Runtime.ClientSchedulerCert,
controlConfig.Runtime.ClientSchedulerKey,
}
case ETCD:
fileMap[service] = []string{
controlConfig.Runtime.ClientETCDCert,
controlConfig.Runtime.ClientETCDKey,
controlConfig.Runtime.ServerETCDCert,
controlConfig.Runtime.ServerETCDKey,
controlConfig.Runtime.PeerServerClientETCDCert,
controlConfig.Runtime.PeerServerClientETCDKey,
}
case CloudController:
fileMap[service] = []string{
controlConfig.Runtime.ClientCloudControllerCert,
controlConfig.Runtime.ClientCloudControllerKey,
}
case version.Program + ProgramController:
fileMap[service] = []string{
controlConfig.Runtime.ClientK3sControllerCert,
controlConfig.Runtime.ClientK3sControllerKey,
filepath.Join(agentDataDir, "client-"+version.Program+"-controller.crt"),
filepath.Join(agentDataDir, "client-"+version.Program+"-controller.key"),
}
case Supervisor:
fileMap[service] = []string{
controlConfig.Runtime.ClientSupervisorCert,
controlConfig.Runtime.ClientSupervisorKey,
}
case AuthProxy:
fileMap[service] = []string{
controlConfig.Runtime.ClientAuthProxyCert,
controlConfig.Runtime.ClientAuthProxyKey,
}
case Kubelet:
fileMap[service] = []string{
controlConfig.Runtime.ClientKubeletKey,
controlConfig.Runtime.ServingKubeletKey,
filepath.Join(agentDataDir, "client-kubelet.crt"),
filepath.Join(agentDataDir, "client-kubelet.key"),
filepath.Join(agentDataDir, "serving-kubelet.crt"),
filepath.Join(agentDataDir, "serving-kubelet.key"),
}
case KubeProxy:
fileMap[service] = []string{
controlConfig.Runtime.ClientKubeProxyCert,
controlConfig.Runtime.ClientKubeProxyKey,
filepath.Join(agentDataDir, "client-kube-proxy.crt"),
filepath.Join(agentDataDir, "client-kube-proxy.key"),
}
case CertificateAuthority:
fileMap[service] = []string{
controlConfig.Runtime.ServerCA,
controlConfig.Runtime.ServerCAKey,
controlConfig.Runtime.ClientCA,
controlConfig.Runtime.ClientCAKey,
controlConfig.Runtime.RequestHeaderCA,
controlConfig.Runtime.RequestHeaderCAKey,
controlConfig.Runtime.ETCDPeerCA,
controlConfig.Runtime.ETCDPeerCAKey,
controlConfig.Runtime.ETCDServerCA,
controlConfig.Runtime.ETCDServerCAKey,
}
case version.Program + ProgramServer:
// not handled here, as the dynamiclistener cert cache is not a standard cert
default:
return nil, fmt.Errorf("%s is not a recognized service", service)
}
}
return fileMap, nil
}
func IsValid(svc string) bool {
for _, service := range All {
if svc == service {
return true
}
}
return false
}