(cluster *kops.Cluster, ig *kops.InstanceGroup)
| 163 | } |
| 164 | |
| 165 | func KeypairNamesForInstanceGroup(cluster *kops.Cluster, ig *kops.InstanceGroup) []string { |
| 166 | keypairs := []string{"kubernetes-ca"} |
| 167 | |
| 168 | // Add keypairs for default etcd clusters (main and events, not cilium) |
| 169 | if ig.IsControlPlane() { |
| 170 | for _, etcdCluster := range cluster.Spec.EtcdClusters { |
| 171 | k := etcdCluster.Name |
| 172 | if k != "events" && k != "main" { |
| 173 | // Likely cilium |
| 174 | continue |
| 175 | } |
| 176 | keypairs = append(keypairs, "etcd-manager-ca-"+k, "etcd-peers-ca-"+k) |
| 177 | // The client ca certificate is shared between events and main etcd clusters |
| 178 | keypairs = append(keypairs, "etcd-clients-ca") |
| 179 | } |
| 180 | } |
| 181 | |
| 182 | // Add keypair for discovery service CA if enabled |
| 183 | if ig.IsControlPlane() { |
| 184 | if cluster.Spec.ServiceAccountIssuerDiscovery != nil && |
| 185 | cluster.Spec.ServiceAccountIssuerDiscovery.DiscoveryService != nil && |
| 186 | cluster.Spec.ServiceAccountIssuerDiscovery.DiscoveryService.URL != "" { |
| 187 | keypairs = append(keypairs, fi.DiscoveryCAID) |
| 188 | } |
| 189 | } |
| 190 | |
| 191 | if ig.HasAPIServer() { |
| 192 | keypairs = append(keypairs, "apiserver-aggregator-ca", "service-account", "etcd-clients-ca") |
| 193 | } |
| 194 | |
| 195 | // Add keypairs for cilium etcd clusters (not the default etcd clusters) |
| 196 | for _, etcdCluster := range cluster.Spec.EtcdClusters { |
| 197 | k := etcdCluster.Name |
| 198 | if k == "events" || k == "main" { |
| 199 | // Not cilium |
| 200 | continue |
| 201 | } |
| 202 | |
| 203 | keypairs = append(keypairs, "etcd-manager-ca-"+k, "etcd-peers-ca-"+k, "etcd-clients-ca-"+k) |
| 204 | } |
| 205 | |
| 206 | if ig.IsBastion() { |
| 207 | keypairs = nil |
| 208 | } |
| 209 | |
| 210 | return keypairs |
| 211 | } |
| 212 | |
| 213 | // ResourceNodeUp generates and returns a nodeup (bootstrap) script from a |
| 214 | // template file, substituting in specific env vars & cluster spec configuration |
no test coverage detected