-
Notifications
You must be signed in to change notification settings - Fork 500
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
change cert generate method and add pd and kv webhook #406
Changes from 1 commit
333f221
9c3c6d3
21e1fe9
7cdc33a
d6f9478
38d645b
7349ed1
48aab80
71162db
41436ab
055761e
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -16,30 +16,35 @@ type CertContext struct { | |
|
||
// Setup the server cert. For example, user apiservers and admission webhooks | ||
// can use the cert to prove their identify to the kube-apiserver | ||
func SetupServerCert(namespaceName, serviceName string) *CertContext { | ||
func SetupServerCert(namespaceName, serviceName string) (*CertContext, error) { | ||
certDir, err := ioutil.TempDir("", "test-e2e-server-cert") | ||
if err != nil { | ||
glog.Errorf("Failed to create a temp dir for cert generation %v", err) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. You should return an error. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. all done |
||
return nil, err | ||
} | ||
defer os.RemoveAll(certDir) | ||
signingKey, err := cert.NewPrivateKey() | ||
if err != nil { | ||
glog.Errorf("Failed to create CA private key %v", err) | ||
return nil, err | ||
} | ||
signingCert, err := cert.NewSelfSignedCACert(cert.Config{CommonName: "e2e-server-cert-ca"}, signingKey) | ||
if err != nil { | ||
glog.Errorf("Failed to create CA cert for apiserver %v", err) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. ditto |
||
return nil, err | ||
} | ||
caCertFile, err := ioutil.TempFile(certDir, "ca.crt") | ||
if err != nil { | ||
glog.Errorf("Failed to create a temp file for ca cert generation %v", err) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. and all these should return a error. |
||
return nil, err | ||
} | ||
if err := ioutil.WriteFile(caCertFile.Name(), cert.EncodeCertPEM(signingCert), 0644); err != nil { | ||
glog.Errorf("Failed to write CA cert %v", err) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. return error here. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. this should be fixed also There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. done |
||
} | ||
key, err := cert.NewPrivateKey() | ||
if err != nil { | ||
glog.Errorf("Failed to create private key for %v", err) | ||
return nil, err | ||
} | ||
signedCert, err := cert.NewSignedCert( | ||
cert.Config{ | ||
|
@@ -50,24 +55,29 @@ func SetupServerCert(namespaceName, serviceName string) *CertContext { | |
) | ||
if err != nil { | ||
glog.Errorf("Failed to create cert%v", err) | ||
return nil, err | ||
} | ||
certFile, err := ioutil.TempFile(certDir, "server.crt") | ||
if err != nil { | ||
glog.Errorf("Failed to create a temp file for cert generation %v", err) | ||
return nil, err | ||
} | ||
keyFile, err := ioutil.TempFile(certDir, "server.key") | ||
if err != nil { | ||
glog.Errorf("Failed to create a temp file for key generation %v", err) | ||
return nil, err | ||
} | ||
if err = ioutil.WriteFile(certFile.Name(), cert.EncodeCertPEM(signedCert), 0600); err != nil { | ||
glog.Errorf("Failed to write cert file %v", err) | ||
return nil, err | ||
} | ||
if err = ioutil.WriteFile(keyFile.Name(), cert.EncodePrivateKeyPEM(key), 0644); err != nil { | ||
glog.Errorf("Failed to write key file %v", err) | ||
return nil, err | ||
} | ||
return &CertContext{ | ||
Cert: cert.EncodeCertPEM(signedCert), | ||
Key: cert.EncodePrivateKeyPEM(key), | ||
SigningCert: cert.EncodeCertPEM(signingCert), | ||
} | ||
}, nil | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
merge this function into
StartValidatingAdmissionWebhookServerOrDie
.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done