mirror of
https://github.com/openshift/installer.git
synced 2026-02-06 00:48:45 +01:00
Merge pull request #1305 from deads2k/admin-kubeconfig-2
tls: switch to self-signed admin.kubeconfig
This commit is contained in:
OpenShift Merge Robot
File diff suppressed because it is too large
Load Diff
|
Before Width: | Height: | Size: 152 KiB After Width: | Height: | Size: 146 KiB |
@@ -62,7 +62,6 @@ var _ asset.WritableAsset = (*Bootstrap)(nil)
|
||||
func (a *Bootstrap) Dependencies() []asset.Asset {
|
||||
return []asset.Asset{
|
||||
&installconfig.InstallConfig{},
|
||||
&kubeconfig.Admin{},
|
||||
&kubeconfig.AdminClient{},
|
||||
&kubeconfig.Kubelet{},
|
||||
&kubeconfig.KubeletClient{},
|
||||
@@ -373,7 +372,6 @@ func (a *Bootstrap) addParentFiles(dependencies asset.Parents) {
|
||||
}
|
||||
|
||||
for _, asset := range []asset.WritableAsset{
|
||||
&kubeconfig.Admin{},
|
||||
&kubeconfig.AdminClient{},
|
||||
&kubeconfig.Kubelet{},
|
||||
&kubeconfig.KubeletClient{},
|
||||
|
||||
@@ -9,53 +9,9 @@ import (
|
||||
)
|
||||
|
||||
var (
|
||||
kubeconfigAdminPath = filepath.Join("auth", "kubeconfig")
|
||||
kubeconfigAdminClientPath = filepath.Join("auth", "kubeconfig-admin")
|
||||
kubeconfigAdminPath = filepath.Join("auth", "kubeconfig")
|
||||
)
|
||||
|
||||
// Admin is the asset for the admin kubeconfig.
|
||||
// [DEPRECATED]
|
||||
type Admin struct {
|
||||
kubeconfig
|
||||
}
|
||||
|
||||
var _ asset.WritableAsset = (*Admin)(nil)
|
||||
|
||||
// Dependencies returns the dependency of the kubeconfig.
|
||||
func (k *Admin) Dependencies() []asset.Asset {
|
||||
return []asset.Asset{
|
||||
&tls.KubeCA{},
|
||||
&tls.AdminCertKey{},
|
||||
&installconfig.InstallConfig{},
|
||||
}
|
||||
}
|
||||
|
||||
// Generate generates the kubeconfig.
|
||||
func (k *Admin) Generate(parents asset.Parents) error {
|
||||
kubeCA := &tls.KubeCA{}
|
||||
adminCertKey := &tls.AdminCertKey{}
|
||||
installConfig := &installconfig.InstallConfig{}
|
||||
parents.Get(kubeCA, adminCertKey, installConfig)
|
||||
|
||||
return k.kubeconfig.generate(
|
||||
kubeCA,
|
||||
adminCertKey,
|
||||
installConfig.Config,
|
||||
"admin",
|
||||
kubeconfigAdminPath,
|
||||
)
|
||||
}
|
||||
|
||||
// Name returns the human-friendly name of the asset.
|
||||
func (k *Admin) Name() string {
|
||||
return "Kubeconfig Admin"
|
||||
}
|
||||
|
||||
// Load returns the kubeconfig from disk.
|
||||
func (k *Admin) Load(f asset.FileFetcher) (found bool, err error) {
|
||||
return k.load(f, kubeconfigAdminPath)
|
||||
}
|
||||
|
||||
// AdminClient is the asset for the admin kubeconfig.
|
||||
type AdminClient struct {
|
||||
kubeconfig
|
||||
@@ -84,7 +40,7 @@ func (k *AdminClient) Generate(parents asset.Parents) error {
|
||||
clientCertKey,
|
||||
installConfig.Config,
|
||||
"admin",
|
||||
kubeconfigAdminClientPath,
|
||||
kubeconfigAdminPath,
|
||||
)
|
||||
}
|
||||
|
||||
@@ -95,5 +51,5 @@ func (k *AdminClient) Name() string {
|
||||
|
||||
// Load returns the kubeconfig from disk.
|
||||
func (k *AdminClient) Load(f asset.FileFetcher) (found bool, err error) {
|
||||
return k.load(f, kubeconfigAdminClientPath)
|
||||
return k.load(f, kubeconfigAdminPath)
|
||||
}
|
||||
|
||||
@@ -48,7 +48,7 @@ var (
|
||||
|
||||
// IgnitionConfigs are the ignition-configs targeted assets.
|
||||
IgnitionConfigs = []asset.WritableAsset{
|
||||
&kubeconfig.Admin{},
|
||||
&kubeconfig.AdminClient{},
|
||||
&machine.Master{},
|
||||
&machine.Worker{},
|
||||
&bootstrap.Bootstrap{},
|
||||
@@ -58,7 +58,7 @@ var (
|
||||
// Cluster are the cluster targeted assets.
|
||||
Cluster = []asset.WritableAsset{
|
||||
&cluster.TerraformVariables{},
|
||||
&kubeconfig.Admin{},
|
||||
&kubeconfig.AdminClient{},
|
||||
&tls.JournalCertKey{},
|
||||
&cluster.Metadata{},
|
||||
&cluster.Cluster{},
|
||||
|
||||
@@ -7,43 +7,6 @@ import (
|
||||
"github.com/openshift/installer/pkg/asset"
|
||||
)
|
||||
|
||||
//AdminCertKey is the asset that generates the admin key/cert pair.
|
||||
// [DEPRECATED]
|
||||
type AdminCertKey struct {
|
||||
SignedCertKey
|
||||
}
|
||||
|
||||
var _ asset.WritableAsset = (*AdminCertKey)(nil)
|
||||
|
||||
// Dependencies returns the dependency of the the cert/key pair, which includes
|
||||
// the parent CA, and install config if it depends on the install config for
|
||||
// DNS names, etc.
|
||||
func (a *AdminCertKey) Dependencies() []asset.Asset {
|
||||
return []asset.Asset{
|
||||
&KubeCA{},
|
||||
}
|
||||
}
|
||||
|
||||
// Generate generates the cert/key pair based on its dependencies.
|
||||
func (a *AdminCertKey) Generate(dependencies asset.Parents) error {
|
||||
kubeCA := &KubeCA{}
|
||||
dependencies.Get(kubeCA)
|
||||
|
||||
cfg := &CertCfg{
|
||||
Subject: pkix.Name{CommonName: "system:admin", Organization: []string{"system:masters"}},
|
||||
KeyUsages: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
|
||||
ExtKeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth},
|
||||
Validity: ValidityTenYears,
|
||||
}
|
||||
|
||||
return a.SignedCertKey.Generate(cfg, kubeCA, "admin", DoNotAppendParent)
|
||||
}
|
||||
|
||||
// Name returns the human-friendly name of the asset.
|
||||
func (a *AdminCertKey) Name() string {
|
||||
return "Certificate (system:admin)"
|
||||
}
|
||||
|
||||
// AdminKubeConfigSignerCertKey is a key/cert pair that signs the admin kubeconfig client certs.
|
||||
type AdminKubeConfigSignerCertKey struct {
|
||||
SelfSignedCertKey
|
||||
|
||||
Reference in New Issue
Block a user