diff --git a/pkg/asset/kubeconfig/admin.go b/pkg/asset/kubeconfig/admin.go index 4e70f019f4..2af06c9304 100644 --- a/pkg/asset/kubeconfig/admin.go +++ b/pkg/asset/kubeconfig/admin.go @@ -22,7 +22,7 @@ var _ asset.WritableAsset = (*Admin)(nil) // Dependencies returns the dependency of the kubeconfig. func (k *Admin) Dependencies() []asset.Asset { return []asset.Asset{ - &tls.RootCA{}, + &tls.KubeCA{}, &tls.AdminCertKey{}, &installconfig.InstallConfig{}, } @@ -30,13 +30,13 @@ func (k *Admin) Dependencies() []asset.Asset { // Generate generates the kubeconfig. func (k *Admin) Generate(parents asset.Parents) error { - rootCA := &tls.RootCA{} + kubeCA := &tls.KubeCA{} adminCertKey := &tls.AdminCertKey{} installConfig := &installconfig.InstallConfig{} - parents.Get(rootCA, adminCertKey, installConfig) + parents.Get(kubeCA, adminCertKey, installConfig) return k.kubeconfig.generate( - rootCA, + kubeCA, adminCertKey, installConfig.Config, "admin", diff --git a/pkg/asset/kubeconfig/kubelet.go b/pkg/asset/kubeconfig/kubelet.go index 17c26cbca1..62b3a12ce5 100644 --- a/pkg/asset/kubeconfig/kubelet.go +++ b/pkg/asset/kubeconfig/kubelet.go @@ -22,7 +22,7 @@ var _ asset.WritableAsset = (*Kubelet)(nil) // Dependencies returns the dependency of the kubeconfig. func (k *Kubelet) Dependencies() []asset.Asset { return []asset.Asset{ - &tls.RootCA{}, + &tls.KubeCA{}, &tls.KubeletCertKey{}, &installconfig.InstallConfig{}, } @@ -30,13 +30,13 @@ func (k *Kubelet) Dependencies() []asset.Asset { // Generate generates the kubeconfig. func (k *Kubelet) Generate(parents asset.Parents) error { - rootCA := &tls.RootCA{} + kubeCA := &tls.KubeCA{} kubeletCertKey := &tls.KubeletCertKey{} installConfig := &installconfig.InstallConfig{} - parents.Get(rootCA, kubeletCertKey, installConfig) + parents.Get(kubeCA, kubeletCertKey, installConfig) return k.kubeconfig.generate( - rootCA, + kubeCA, kubeletCertKey, installConfig.Config, "kubelet", diff --git a/pkg/asset/tls/apiservercertkey.go b/pkg/asset/tls/apiservercertkey.go index 7a7e1f322b..34870066d4 100644 --- a/pkg/asset/tls/apiservercertkey.go +++ b/pkg/asset/tls/apiservercertkey.go @@ -54,7 +54,7 @@ func (a *APIServerCertKey) Generate(dependencies asset.Parents) error { IPAddresses: []net.IP{net.ParseIP(apiServerAddress), net.ParseIP("127.0.0.1")}, } - return a.CertKey.Generate(cfg, kubeCA, "apiserver", AppendParent) + return a.CertKey.Generate(cfg, kubeCA, "apiserver", DoNotAppendParent) } // Name returns the human-friendly name of the asset. diff --git a/pkg/asset/tls/kubeca.go b/pkg/asset/tls/kubeca.go index d481880317..aeca712686 100644 --- a/pkg/asset/tls/kubeca.go +++ b/pkg/asset/tls/kubeca.go @@ -5,6 +5,7 @@ import ( "crypto/x509/pkix" "github.com/openshift/installer/pkg/asset" + "github.com/pkg/errors" ) // KubeCA is the asset that generates the kube-ca key/cert pair. @@ -18,15 +19,11 @@ var _ asset.Asset = (*KubeCA)(nil) // the parent CA, and install config if it depends on the install config for // DNS names, etc. func (a *KubeCA) Dependencies() []asset.Asset { - return []asset.Asset{ - &RootCA{}, - } + return []asset.Asset{} } // Generate generates the cert/key pair based on its dependencies. func (a *KubeCA) Generate(dependencies asset.Parents) error { - rootCA := &RootCA{} - dependencies.Get(rootCA) cfg := &CertCfg{ Subject: pkix.Name{CommonName: "kube-ca", OrganizationalUnit: []string{"bootkube"}}, @@ -35,7 +32,17 @@ func (a *KubeCA) Generate(dependencies asset.Parents) error { IsCA: true, } - return a.CertKey.Generate(cfg, rootCA, "kube-ca", DoNotAppendParent) + key, crt, err := GenerateRootCertKey(cfg) + if err != nil { + return errors.Wrap(err, "failed to generate Kube CA") + } + + a.KeyRaw = PrivateKeyToPem(key) + a.CertRaw = CertToPem(crt) + + a.generateFiles("kube-ca") + + return nil } // Name returns the human-friendly name of the asset.