CheckCertificatePeriodValidity takes a certificate and prints a warning if its period is not valid related to the current time.

CreateCACertAndKeyFiles generates and writes out a given certificate authority.

CreateCertAndKeyFilesWithCA loads the given certificate authority from disk, then generates and writes out the given certificate and key.

CreateDefaultKeysAndCSRFiles is used in ExternalCA mode to create key files and adjacent CSR files.

CreatePKIAssets will create and write to disk all PKI assets necessary to establish the control plane.

CreateServiceAccountKeyAndPublicKeyFiles creates new public/private key files for signing service account users.

GetCertsWithoutEtcd returns all of the certificates kubeadm needs when etcd is hosted externally.

GetDefaultCertList returns all of the certificates kubeadm requires to function.

KubeadmCertAPIServer is the definition of the cert used to serve the Kubernetes API.

KubeadmCertEtcdAPIClient is the definition of the cert used by the API server to access etcd.

KubeadmCertEtcdCA is the definition of the root CA used by the hosted etcd server.

KubeadmCertEtcdHealthcheck is the definition of the cert used by Kubernetes to check the health of the etcd server.

KubeadmCertEtcdPeer is the definition of the cert used by etcd peers to access each other.

KubeadmCertEtcdServer is the definition of the cert used to serve etcd to clients.

KubeadmCertFrontProxyCA is the definition of the CA used for the front end proxy.

KubeadmCertFrontProxyClient is the definition of the cert used by the API server to access the front proxy.

KubeadmCertKubeletClient is the definition of the cert used by the API server to access the kubelet.

KubeadmCertRootCA is the definition of the Kubernetes Root CA for the API Server and kubelet.

LoadCertificateAuthority tries to load a CA in the given directory with the given name.

SharedCertificateExists verifies if the shared certificates exist and are still valid - the certificates must be equal across control-plane nodes: ca.key, ca.crt, sa.key, sa.pub, front-proxy-ca.key, front-proxy-ca.crt and etcd/ca.key, etcd/ca.crt if local/stacked etcd Missing private keys of CA are non-fatal and produce warnings.

UsingExternalCA determines whether the user is relying on an external CA.

UsingExternalEtcdCA determines whether the user is relying on an external etcd CA.

UsingExternalFrontProxyCA determines whether the user is relying on an external front-proxy CA.

KubeadmCert represents a certificate that Kubeadm will create to function properly.

CertificateMap is a flat map of certificates, keyed by Name.

Certificates is a list of Certificates that Kubeadm should create.

CertificateTree is represents a one-level-deep tree, mapping a CA to the certs that depend on it.