const errInvalid … const errExist … type clientCertAuth … type tokenAuth … type kubeConfigSpec … // CreateJoinControlPlaneKubeConfigFiles will create and write to disk the kubeconfig files required by kubeadm // join --control-plane workflow, plus the admin kubeconfig file used by the administrator and kubeadm itself; the // kubelet.conf file must not be created because it will be created and signed by the kubelet TLS bootstrap process. // When not using external CA mode, if a kubeconfig file already exists it is used only if evaluated equal, // otherwise an error is returned. For external CA mode, the creation of kubeconfig files is skipped. func CreateJoinControlPlaneKubeConfigFiles(outDir string, cfg *kubeadmapi.InitConfiguration) error { … } // CreateKubeConfigFile creates a kubeconfig file. // If the kubeconfig file already exists, it is used only if evaluated equal; otherwise an error is returned. func CreateKubeConfigFile(kubeConfigFileName string, outDir string, cfg *kubeadmapi.InitConfiguration) error { … } // createKubeConfigFiles creates all the requested kubeconfig files. // If kubeconfig files already exists, they are used only if evaluated equal; otherwise an error is returned. func createKubeConfigFiles(outDir string, cfg *kubeadmapi.InitConfiguration, kubeConfigFileNames ...string) error { … } // getKubeConfigSpecs returns all KubeConfigSpecs actualized to the context of the current InitConfiguration // NB. this method holds the information about how kubeadm creates kubeconfig files. func getKubeConfigSpecs(cfg *kubeadmapi.InitConfiguration) (map[string]*kubeConfigSpec, error) { … } // buildKubeConfigFromSpec creates a kubeconfig object for the given kubeConfigSpec func buildKubeConfigFromSpec(spec *kubeConfigSpec, clustername string) (*clientcmdapi.Config, error) { … } func newClientCertConfigFromKubeConfigSpec(spec *kubeConfigSpec) pkiutil.CertConfig { … } // validateKubeConfig check if the kubeconfig file exist and has the expected CA and server URL func validateKubeConfig(outDir, filename string, config *clientcmdapi.Config) error { … } // createKubeConfigFileIfNotExists saves the KubeConfig object into a file if there isn't any file at the given path. // If there already is a kubeconfig file at the given path; kubeadm tries to load it and check if the values in the // existing and the expected config equals. If they do; kubeadm will just skip writing the file as it's up-to-date, // but if a file exists but has old content or isn't a kubeconfig file, this function returns an error. func createKubeConfigFileIfNotExists(outDir, filename string, config *clientcmdapi.Config) error { … } // WriteKubeConfigWithClientCert writes a kubeconfig file - with a client certificate as authentication info - to the given writer. func WriteKubeConfigWithClientCert(out io.Writer, cfg *kubeadmapi.InitConfiguration, clientName string, organizations []string, notAfter time.Time) error { … } // WriteKubeConfigWithToken writes a kubeconfig file - with a token as client authentication info - to the given writer. func WriteKubeConfigWithToken(out io.Writer, cfg *kubeadmapi.InitConfiguration, clientName, token string, notAfter time.Time) error { … } // writeKubeConfigFromSpec creates a kubeconfig object from a kubeConfigSpec and writes it to the given writer. func writeKubeConfigFromSpec(out io.Writer, spec *kubeConfigSpec, clustername string) error { … } // ValidateKubeconfigsForExternalCA check if the kubeconfig file exist and has the expected CA and server URL using kubeadmapi.InitConfiguration. func ValidateKubeconfigsForExternalCA(outDir string, cfg *kubeadmapi.InitConfiguration) error { … } func getKubeConfigSpecsBase(cfg *kubeadmapi.InitConfiguration) (map[string]*kubeConfigSpec, error) { … } func createKubeConfigAndCSR(kubeConfigDir string, kubeadmConfig *kubeadmapi.InitConfiguration, name string, spec *kubeConfigSpec) error { … } // CreateDefaultKubeConfigsAndCSRFiles is used in ExternalCA mode to create // kubeconfig files and adjacent CSR files. func CreateDefaultKubeConfigsAndCSRFiles(out io.Writer, kubeConfigDir string, kubeadmConfig *kubeadmapi.InitConfiguration) error { … } type EnsureRBACFunc … // EnsureAdminClusterRoleBinding constructs a client from admin.conf and optionally // constructs a client from super-admin.conf if the file exists. It then proceeds // to pass the clients to EnsureAdminClusterRoleBindingImpl. The function returns a // usable client from admin.conf with RBAC properly constructed or an error. func EnsureAdminClusterRoleBinding(outDir string, ensureRBACFunc EnsureRBACFunc) (clientset.Interface, error) { … } // EnsureAdminClusterRoleBindingImpl first attempts to see if the ClusterRoleBinding // kubeadm:cluster-admins exists by using adminClient. If it already exists, // it would mean the adminClient is usable. If it does not, attempt to create // the ClusterRoleBinding by using superAdminClient. func EnsureAdminClusterRoleBindingImpl(ctx context.Context, adminClient, superAdminClient clientset.Interface, retryInterval, retryTimeout time.Duration) (clientset.Interface, error) { … }