type Manager … type certConfigMutatorFunc … type CertificateRenewHandler … type CAExpirationHandler … // NewManager return a new certificate renewal manager ready for handling certificates in the cluster func NewManager(cfg *kubeadmapi.ClusterConfiguration, kubernetesDir string) (*Manager, error) { … } // Certificates returns the list of certificates controlled by this Manager func (rm *Manager) Certificates() []*CertificateRenewHandler { … } // CAs returns the list of CAs related to the certificates that are controlled by this manager func (rm *Manager) CAs() []*CAExpirationHandler { … } // RenewUsingLocalCA executes certificate renewal using local certificate authorities for generating new certs. // For PKI certificates, use the name defined in the certsphase package, while for certificates // embedded in the kubeConfig files, use the kubeConfig file name defined in the kubeadm constants package. // If you use the CertificateRenewHandler returned by Certificates func, handler.Name already contains the right value. func (rm *Manager) RenewUsingLocalCA(name string) (bool, error) { … } // CreateRenewCSR generates CSR request for certificate renewal. // For PKI certificates, use the name defined in the certsphase package, while for certificates // embedded in the kubeConfig files, use the kubeConfig file name defined in the kubeadm constants package. // If you use the CertificateRenewHandler returned by Certificates func, handler.Name already contains the right value. func (rm *Manager) CreateRenewCSR(name, outdir string) error { … } // CertificateExists returns true if a certificate exists. func (rm *Manager) CertificateExists(name string) (bool, error) { … } // GetCertificateExpirationInfo returns certificate expiration info. // For PKI certificates, use the name defined in the certsphase package, while for certificates // embedded in the kubeConfig files, use the kubeConfig file name defined in the kubeadm constants package. // If you use the CertificateRenewHandler returned by Certificates func, handler.Name already contains the right value. func (rm *Manager) GetCertificateExpirationInfo(name string) (*ExpirationInfo, error) { … } // CAExists returns true if a certificate authority exists. func (rm *Manager) CAExists(name string) (bool, error) { … } // GetCAExpirationInfo returns CA expiration info. func (rm *Manager) GetCAExpirationInfo(name string) (*ExpirationInfo, error) { … } // IsExternallyManaged checks if we are in the external CA case (CA certificate provided without the certificate key) func (rm *Manager) IsExternallyManaged(caBaseName string) (bool, error) { … } func certToConfig(cert *x509.Certificate) certutil.Config { … } func loadCertConfigMutators(certBaseName string) []certConfigMutatorFunc { … }