Add rke certificate rotation

2025-08-02 05:11:59 +00:00 · 2019-04-16 22:32:49 +02:00 · 2019-04-16 22:32:49 +02:00 · 385e4eb64c
commit 385e4eb64c
parent b9117fe98c
6 changed files with 27 additions and 8 deletions
--- a/.gitignore
+++ b/.gitignore
@ -7,3 +7,6 @@
 /trash.lock
 /types
 *trash.lock
+.vscode/
+.cache/
+
--- a/Dockerfile.dapper
+++ b/Dockerfile.dapper
@ -5,16 +5,19 @@ ARG DAPPER_HOST_ARCH
 ENV HOST_ARCH=${DAPPER_HOST_ARCH} ARCH=${DAPPER_HOST_ARCH}

 RUN apt-get update && \
-    apt-get install -y gcc ca-certificates git wget curl vim less file && \
+    apt-get install -y gcc ca-certificates git wget curl vim less file kmod iptables xz-utils zip && \
    rm -f /bin/sh && ln -s /bin/bash /bin/sh

 ENV GOLANG_ARCH_amd64=amd64 GOLANG_ARCH_arm=armv6l GOLANG_ARCH=GOLANG_ARCH_${ARCH} \
    GOPATH=/go PATH=/go/bin:/usr/local/go/bin:${PATH} SHELL=/bin/bash

-RUN wget -O - https://storage.googleapis.com/golang/go1.9.linux-${!GOLANG_ARCH}.tar.gz | tar -xzf - -C /usr/local && \
-    go get github.com/rancher/trash && \
-    go get github.com/golang/lint/golint && \
-    go get golang.org/x/tools/cmd/goimports
+RUN wget -O - https://storage.googleapis.com/golang/go1.11.linux-${!GOLANG_ARCH}.tar.gz | tar -xzf - -C /usr/local && \
+    go get github.com/rancher/trash && go get golang.org/x/lint/golint
+
+RUN go get -d golang.org/x/tools/cmd/goimports && \
+    git -C /go/src/golang.org/x/tools/cmd/goimports checkout -b current 0b24b358f4c7eaa92895f67a3f6cea2a0cf525d5 && \
+    go install golang.org/x/tools/cmd/goimports && \
+    rm -rf /go/src /go/pkg

 ENV DOCKER_URL_amd64=https://get.docker.com/builds/Linux/x86_64/docker-1.10.3 \
    DOCKER_URL_arm=https://github.com/rancher/docker/releases/download/v1.10.3-ros1/docker-1.10.3_arm \
@ -22,10 +25,11 @@ ENV DOCKER_URL_amd64=https://get.docker.com/builds/Linux/x86_64/docker-1.10.3 \

 RUN wget -O - ${!DOCKER_URL} > /usr/bin/docker && chmod +x /usr/bin/docker

-ENV DAPPER_ENV REPO TAG
 ENV DAPPER_SOURCE /go/src/github.com/rancher/types/
-ENV DAPPER_OUTPUT ./bin ./dist
+ENV DAPPER_RUN_ARGS --privileged -v /var/lib/docker
+ENV DAPPER_OUTPUT ./bin ./dist ./build/bin
 ENV DAPPER_DOCKER_SOCKET true
+ENV DAPPER_ENV TAG REPO GOOS CROSS DRONE_TAG
 ENV TRASH_CACHE ${DAPPER_SOURCE}/.trash-cache
 ENV HOME ${DAPPER_SOURCE}
 WORKDIR ${DAPPER_SOURCE}
--- a/apis/management.cattle.io/v3/alerting_types.go
+++ b/apis/management.cattle.io/v3/alerting_types.go
@ -125,7 +125,7 @@ type NotifierSpec struct {
 }

 type Notification struct {
-	Message         string           `json:"message, omitempty"`
+	Message         string           `json:"message,omitempty"`
 	SMTPConfig      *SMTPConfig      `json:"smtpConfig,omitempty"`
 	SlackConfig     *SlackConfig     `json:"slackConfig,omitempty"`
 	PagerdutyConfig *PagerdutyConfig `json:"pagerdutyConfig,omitempty"`
--- a/apis/management.cattle.io/v3/cluster_types.go
+++ b/apis/management.cattle.io/v3/cluster_types.go
@ -278,3 +278,7 @@ type ImportClusterYamlInput struct {
 type ImportYamlOutput struct {
 	Message string `json:"message,omitempty"`
 }
+
+type RotateCertificateOutput struct {
+	Message string `json:"message,omitempty"`
+}
--- a/apis/management.cattle.io/v3/rke_types.go
+++ b/apis/management.cattle.io/v3/rke_types.go
@ -41,6 +41,8 @@ type RancherKubernetesEngineConfig struct {
 	BastionHost BastionHost `yaml:"bastion_host" json:"bastionHost,omitempty"`
 	// Monitoring Config
 	Monitoring MonitoringConfig `yaml:"monitoring" json:"monitoring,omitempty"`
+	// Rotating Certificates Option
+	RotateCertificates *RotateCertificates `yaml:"rotate_certificates,omitempty" json:"rotateCertificates,omitempty"`
 }

 type BastionHost struct {
@ -563,3 +565,5 @@ type MonitoringConfig struct {
 	// Metrics server options
 	Options map[string]string `yaml:"options" json:"options,omitempty"`
 }
+
+type RotateCertificates struct{}
--- a/apis/management.cattle.io/v3/schema/schema.go
+++ b/apis/management.cattle.io/v3/schema/schema.go
@ -145,6 +145,7 @@ func clusterTypes(schemas *types.Schemas) *types.Schemas {
 		MustImport(&Version, v3.ImportClusterYamlInput{}).
 		MustImport(&Version, v3.ImportYamlOutput{}).
 		MustImport(&Version, v3.ExportOutput{}).
+		MustImport(&Version, v3.RotateCertificateOutput{}).
 		MustImportAndCustomize(&Version, v3.Cluster{}, func(schema *types.Schema) {
 			schema.MustCustomizeField("name", func(field types.Field) types.Field {
 				field.Type = "dnsLabel"
@ -162,6 +163,9 @@ func clusterTypes(schemas *types.Schemas) *types.Schemas {
 			schema.ResourceActions["exportYaml"] = types.Action{
 				Output: "exportOutput",
 			}
+			schema.ResourceActions["rotateCertificates"] = types.Action{
+				Output: "rotateCertificateOutput",
+			}
 		})
 }