-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathmain.go
105 lines (85 loc) · 2.67 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
package main
import (
"crypto/x509"
"fmt"
"io/ioutil"
"log"
"path/filepath"
"github.com/spf13/cobra"
"k8s.io/client-go/util/cert"
"k8s.io/client-go/util/keyutil"
"k8s.io/kubernetes/test/utils"
)
var RootCmd = &cobra.Command{
Use: "self-signed-cert",
Short: "Create a self-signed TLS certificate.",
Args: cobra.MaximumNArgs(0),
Run: run,
}
var (
namespace string
service string
)
func init() {
RootCmd.Flags().StringVar(&namespace, "namespace", "",
"Namespace in which the service resides into.")
RootCmd.Flags().StringVar(&service, "service-name", "",
"Service for which to generate the certificate.")
RootCmd.MarkFlagRequired("namespace")
RootCmd.MarkFlagRequired("service-name")
}
// Source inspired by: https://github.com/kubernetes/kubernetes/blob/v1.21.1/test/e2e/apimachinery/certs.go.
func setupServerCert(namespaceName, serviceName string) {
certDir, err := ioutil.TempDir("", "self-signed-certificate")
if err != nil {
log.Fatalf("Failed to create a temp dir for cert generation %v", err)
}
signingKey, err := utils.NewPrivateKey()
if err != nil {
log.Fatalf("Failed to create CA private key %v", err)
}
signingCert, err := cert.NewSelfSignedCACert(cert.Config{CommonName: "self-signed-k8s-cert"}, signingKey)
if err != nil {
log.Fatalf("Failed to create CA cert for apiserver %v", err)
}
caCertFile := filepath.Join(certDir, "ca.crt")
if err := ioutil.WriteFile(caCertFile, utils.EncodeCertPEM(signingCert), 0644); err != nil {
log.Fatalf("Failed to write CA cert %v", err)
}
key, err := utils.NewPrivateKey()
if err != nil {
log.Fatalf("Failed to create private key for %v", err)
}
signedCert, err := utils.NewSignedCert(
&cert.Config{
CommonName: serviceName + "." + namespaceName + ".svc",
AltNames: cert.AltNames{DNSNames: []string{serviceName + "." + namespaceName + ".svc"}},
Usages: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
},
key, signingCert, signingKey,
)
if err != nil {
log.Fatalf("Failed to create cert%v", err)
}
certFile := filepath.Join(certDir, "server.crt")
keyFile := filepath.Join(certDir, "server.key")
if err = ioutil.WriteFile(certFile, utils.EncodeCertPEM(signedCert), 0600); err != nil {
log.Fatalf("Failed to write cert file %v", err)
}
privateKeyPEM, err := keyutil.MarshalPrivateKeyToPEM(key)
if err != nil {
log.Fatalf("Failed to marshal key %v", err)
}
if err = ioutil.WriteFile(keyFile, privateKeyPEM, 0644); err != nil {
log.Fatalf("Failed to write key file %v", err)
}
fmt.Printf("%s\n", certDir)
}
func run(cmd *cobra.Command, args []string) {
setupServerCert(namespace, service)
}
func main() {
if err := RootCmd.Execute(); err != nil {
log.Fatal(err)
}
}