diff --git a/pkg/cluster/pki.go b/pkg/cluster/pki.go
index 325dede9f102e13479c483a174ce43209a8b8137..9590ff3668799d6b913fbe9aa4dd31b5dcac89ea 100644
--- a/pkg/cluster/pki.go
+++ b/pkg/cluster/pki.go
@@ -6,42 +6,42 @@ import (
"os"
"path/filepath"
- "forge.tedomum.net/acides/hepto/hepto/pkg/pki"
+ "forge.tedomum.net/acides/hepto/hepto/pkg/pekahi"
"github.com/sirupsen/logrus"
)
// Cluster PKI is made of three different PKIs
type ClusterPKI struct {
// Signs services exposed over the cluster
- Services *pki.PKI `json:"services"`
+ Services *pekahi.PKI `json:"services"`
// Signs kubelet client certificates (master)
- Kubelet *pki.PKI `json:"kubelet"`
+ Kubelet *pekahi.PKI `json:"kubelet"`
// Signs apiserver client certificates (nodes and controller)
- API *pki.PKI `json:"api"`
+ API *pekahi.PKI `json:"api"`
}
// Node certs
type NodeCerts struct {
// Certificate for exposing the kubelet service
- Service *pki.Certificate `json:"service"`
+ Service *pekahi.Certificate `json:"service"`
// Node certificate for accessing the apiserver
- API *pki.Certificate `json:"api"`
+ API *pekahi.Certificate `json:"api"`
}
// Master certs
type MasterCerts struct {
// Certificate for exposing the apiserver
- Service *pki.Certificate
+ Service *pekahi.Certificate
// Certificate for signing tokens
- Tokens *pki.Certificate
+ Tokens *pekahi.Certificate
// Certificate for authenticating against kubelets
- Kubelet *pki.Certificate
+ Kubelet *pekahi.Certificate
// Service certificate for the controller manager
- Controllers *pki.Certificate
+ Controllers *pekahi.Certificate
// API client certificate for the controller manager
- ControllersClient *pki.Certificate
+ ControllersClient *pekahi.Certificate
// API client certificate for the scheduler
- SchedulerClient *pki.Certificate
+ SchedulerClient *pekahi.Certificate
}
// Merge PKI
@@ -63,7 +63,7 @@ func (n *ClusterPKI) Merge(other *ClusterPKI) bool {
}
// Merge a single node or master certificate
-func mergeCert(local *pki.Certificate, remote *pki.Certificate) bool {
+func mergeCert(local *pekahi.Certificate, remote *pekahi.Certificate) bool {
change := false
// Import CSR to master for signing
if local.CSR == nil && remote.CSR != nil {
@@ -91,15 +91,15 @@ func NewClusterPKI(path string) (*ClusterPKI, error) {
if err != nil {
return nil, err
}
- servicesCA, err := pki.GetPKI(filepath.Join(path, "services"))
+ servicesCA, err := pekahi.GetPKI(filepath.Join(path, "services"))
if err != nil {
return nil, err
}
- kubeletCA, err := pki.GetPKI(filepath.Join(path, "kubelet"))
+ kubeletCA, err := pekahi.GetPKI(filepath.Join(path, "kubelet"))
if err != nil {
return nil, err
}
- apiserverCA, err := pki.GetPKI(filepath.Join(path, "api"))
+ apiserverCA, err := pekahi.GetPKI(filepath.Join(path, "api"))
if err != nil {
return nil, err
}
@@ -112,20 +112,20 @@ func NewNodeCerts(path string, nodeName string) (*NodeCerts, error) {
return nil, err
}
// Service certificate
- serviceCert, err := pki.GetCertificate(filepath.Join(path, "service"))
+ serviceCert, err := pekahi.GetCertificate(filepath.Join(path, "service"))
if err != nil {
return nil, err
}
- err = serviceCert.MakeCSR(pki.NewServerTemplate([]string{nodeName}, []net.IP{}))
+ err = serviceCert.MakeCSR(pekahi.NewServerTemplate([]string{nodeName}, []net.IP{}))
if err != nil {
return nil, err
}
// API certificate
- apiClientCert, err := pki.GetCertificate(filepath.Join(path, "api"))
+ apiClientCert, err := pekahi.GetCertificate(filepath.Join(path, "api"))
if err != nil {
return nil, err
}
- err = apiClientCert.MakeCSR(pki.NewClientTemplate("system:nodes:"+nodeName, "system:nodes"))
+ err = apiClientCert.MakeCSR(pekahi.NewClientTemplate("system:nodes:"+nodeName, "system:nodes"))
if err != nil {
return nil, err
}
@@ -141,52 +141,52 @@ func NewMasterCerts(path string, ip net.IP) (*MasterCerts, error) {
return nil, err
}
// Service certificate
- serviceCert, err := pki.GetCertificate(filepath.Join(path, "service"))
+ serviceCert, err := pekahi.GetCertificate(filepath.Join(path, "service"))
if err != nil {
return nil, err
}
- err = serviceCert.MakeCSR(pki.NewServerTemplate([]string{"apiserver"}, []net.IP{ip}))
+ err = serviceCert.MakeCSR(pekahi.NewServerTemplate([]string{"apiserver"}, []net.IP{ip}))
if err != nil {
return nil, err
}
// Tokens key
- tokenKey, err := pki.GetCertificate(filepath.Join(path, "tokens"))
+ tokenKey, err := pekahi.GetCertificate(filepath.Join(path, "tokens"))
if err != nil {
return nil, err
}
// Kubelet certificate
- kubeletClientCert, err := pki.GetCertificate(filepath.Join(path, "kubelet"))
+ kubeletClientCert, err := pekahi.GetCertificate(filepath.Join(path, "kubelet"))
if err != nil {
return nil, err
}
- err = kubeletClientCert.MakeCSR(pki.NewClientTemplate("apiserver", ""))
+ err = kubeletClientCert.MakeCSR(pekahi.NewClientTemplate("apiserver", ""))
if err != nil {
return nil, err
}
// Controller manager certificate
- controllersCert, err := pki.GetCertificate(filepath.Join(path, "kubelet"))
+ controllersCert, err := pekahi.GetCertificate(filepath.Join(path, "kubelet"))
if err != nil {
return nil, err
}
- err = controllersCert.MakeCSR(pki.NewServerTemplate([]string{"controllers"}, []net.IP{ip}))
+ err = controllersCert.MakeCSR(pekahi.NewServerTemplate([]string{"controllers"}, []net.IP{ip}))
if err != nil {
return nil, err
}
// Controller manager API client certificate
- controllersClientCert, err := pki.GetCertificate(filepath.Join(path, "controllers-client"))
+ controllersClientCert, err := pekahi.GetCertificate(filepath.Join(path, "controllers-client"))
if err != nil {
return nil, err
}
- err = controllersClientCert.MakeCSR(pki.NewClientTemplate("system:kube-controller-manager", ""))
+ err = controllersClientCert.MakeCSR(pekahi.NewClientTemplate("system:kube-controller-manager", ""))
if err != nil {
return nil, err
}
// Scheduler API client certificate
- schedulerClientCert, err := pki.GetCertificate(filepath.Join(path, "scheduler-client"))
+ schedulerClientCert, err := pekahi.GetCertificate(filepath.Join(path, "scheduler-client"))
if err != nil {
return nil, err
}
- err = schedulerClientCert.MakeCSR(pki.NewClientTemplate("system:kube-scheduler", ""))
+ err = schedulerClientCert.MakeCSR(pekahi.NewClientTemplate("system:kube-scheduler", ""))
if err != nil {
return nil, err
}
@@ -200,7 +200,7 @@ func NewMasterCerts(path string, ip net.IP) (*MasterCerts, error) {
}, nil
}
-func signCert(p *pki.PKI, c *pki.Certificate, template *x509.Certificate) {
+func signCert(p *pekahi.PKI, c *pekahi.Certificate, template *x509.Certificate) {
if c.CSR != nil && c.Cert == nil {
logrus.Info("signing certificate ", c.CSR.Subject.String())
err := p.Sign(c, template)
@@ -211,14 +211,14 @@ func signCert(p *pki.PKI, c *pki.Certificate, template *x509.Certificate) {
}
func (p *ClusterPKI) SignNodeCerts(name string, n *NodeCerts) {
- signCert(p.Services, n.Service, pki.NewServerTemplate([]string{name}, []net.IP{}))
- signCert(p.API, n.API, pki.NewClientTemplate("system:node:"+name, "system:nodes"))
+ signCert(p.Services, n.Service, pekahi.NewServerTemplate([]string{name}, []net.IP{}))
+ signCert(p.API, n.API, pekahi.NewClientTemplate("system:node:"+name, "system:nodes"))
}
func (p *ClusterPKI) SignMasterCerts(m *MasterCerts) {
- signCert(p.Services, m.Service, pki.NewServerTemplate(m.Service.CSR.DNSNames, m.Service.CSR.IPAddresses))
- signCert(p.Kubelet, m.Kubelet, pki.NewClientTemplate(m.Kubelet.CSR.Subject.CommonName, ""))
- signCert(p.Services, m.Controllers, pki.NewServerTemplate(m.Controllers.CSR.DNSNames, m.Controllers.CSR.IPAddresses))
- signCert(p.API, m.ControllersClient, pki.NewClientTemplate(m.ControllersClient.CSR.Subject.CommonName, ""))
- signCert(p.API, m.SchedulerClient, pki.NewClientTemplate(m.SchedulerClient.CSR.Subject.CommonName, ""))
+ signCert(p.Services, m.Service, pekahi.NewServerTemplate(m.Service.CSR.DNSNames, m.Service.CSR.IPAddresses))
+ signCert(p.Kubelet, m.Kubelet, pekahi.NewClientTemplate(m.Kubelet.CSR.Subject.CommonName, ""))
+ signCert(p.Services, m.Controllers, pekahi.NewServerTemplate(m.Controllers.CSR.DNSNames, m.Controllers.CSR.IPAddresses))
+ signCert(p.API, m.ControllersClient, pekahi.NewClientTemplate(m.ControllersClient.CSR.Subject.CommonName, ""))
+ signCert(p.API, m.SchedulerClient, pekahi.NewClientTemplate(m.SchedulerClient.CSR.Subject.CommonName, ""))
}
diff --git a/pkg/pki/cert.go b/pkg/pekahi/cert.go
similarity index 99%
rename from pkg/pki/cert.go
rename to pkg/pekahi/cert.go
index da7a6cd30324d4119de6f1331ef6daa7bf4a04cf..ba7b60baf32cd64ca853fd62a1fc424286b51e44 100644
--- a/pkg/pki/cert.go
+++ b/pkg/pekahi/cert.go
@@ -1,4 +1,4 @@
-package pki
+package pekahi
import (
"crypto"
diff --git a/pkg/pki/io.go b/pkg/pekahi/io.go
similarity index 98%
rename from pkg/pki/io.go
rename to pkg/pekahi/io.go
index 8bb62922cc9dc5dcea0f500fd8e87dd424c03d36..f09171fa8c07b0265a15444d0aa9799213705041 100644
--- a/pkg/pki/io.go
+++ b/pkg/pekahi/io.go
@@ -1,4 +1,4 @@
-package pki
+package pekahi
import (
"encoding/pem"
diff --git a/pkg/pki/json.go b/pkg/pekahi/json.go
similarity index 98%
rename from pkg/pki/json.go
rename to pkg/pekahi/json.go
index a9654469bb915bcaa85a74387ef2a3f5eb868885..e4232663b201b28ba18c2a4671d1bbfb772dd9fc 100644
--- a/pkg/pki/json.go
+++ b/pkg/pekahi/json.go
@@ -1,4 +1,4 @@
-package pki
+package pekahi
import (
"crypto/x509"
diff --git a/pkg/pki/pki.go b/pkg/pekahi/pki.go
similarity index 97%
rename from pkg/pki/pki.go
rename to pkg/pekahi/pki.go
index 938e8e1c1ccecb09ff16d99a8beafec8648af43e..c9e5dfad41fe6b9db0ea01ac190f3724e573d6e8 100644
--- a/pkg/pki/pki.go
+++ b/pkg/pekahi/pki.go
@@ -1,4 +1,4 @@
-package pki
+package pekahi
import (
"path/filepath"
diff --git a/pkg/pki/templates.go b/pkg/pekahi/templates.go
similarity index 99%
rename from pkg/pki/templates.go
rename to pkg/pekahi/templates.go
index 48e7a7ac8d6c522d7a1a09cd912830bcdcc1712d..8e6895cd93ce3aef8a11dc071e5cd53dee870f91 100644
--- a/pkg/pki/templates.go
+++ b/pkg/pekahi/templates.go
@@ -1,4 +1,4 @@
-package pki
+package pekahi
import (
"crypto/rand"