diff --git a/data/data/bootstrap/files/usr/local/bin/bootkube.sh.template b/data/data/bootstrap/files/usr/local/bin/bootkube.sh.template index b904a6153a2..11d36884fc0 100755 --- a/data/data/bootstrap/files/usr/local/bin/bootkube.sh.template +++ b/data/data/bootstrap/files/usr/local/bin/bootkube.sh.template @@ -26,6 +26,8 @@ MACHINE_CONFIG_SETUP_ETCD_ENV_IMAGE=$(podman run --quiet --rm ${release} image s MACHINE_CONFIG_KUBE_CLIENT_AGENT_IMAGE=$(podman run --quiet --rm ${release} image kube-client-agent) MACHINE_CONFIG_INFRA_IMAGE=$(podman run --quiet --rm ${release} image pod) +KUBE_ETCD_SIGNER_SERVER_IMAGE=$(podman run --quiet --rm ${release} image kube-etcd-signer-server) + CONFIG_OPERATOR_IMAGE=$(podman run --quiet --rm ${release} image cluster-config-operator) KUBE_APISERVER_OPERATOR_IMAGE=$(podman run --quiet --rm ${release} image cluster-kube-apiserver-operator) KUBE_CONTROLLER_MANAGER_OPERATOR_IMAGE=$(podman run --quiet --rm ${release} image cluster-kube-controller-manager-operator) @@ -222,7 +224,7 @@ podman run \ --detach \ --volume /opt/openshift/tls:/opt/openshift/tls:ro,z \ --network host \ - "{{.EtcdCertSignerImage}}" \ + "${KUBE_ETCD_SIGNER_SERVER_IMAGE}" \ serve \ --cacrt=/opt/openshift/tls/etcd-client-ca.crt \ --cakey=/opt/openshift/tls/etcd-client-ca.key \ diff --git a/data/data/manifests/bootkube/openshift-config-configmap-etcd-metrics-serving-ca.yaml.template b/data/data/manifests/bootkube/openshift-config-configmap-etcd-metric-serving-ca.yaml.template similarity index 57% rename from data/data/manifests/bootkube/openshift-config-configmap-etcd-metrics-serving-ca.yaml.template rename to data/data/manifests/bootkube/openshift-config-configmap-etcd-metric-serving-ca.yaml.template index 06230707ce6..c7855457abc 100644 --- a/data/data/manifests/bootkube/openshift-config-configmap-etcd-metrics-serving-ca.yaml.template +++ b/data/data/manifests/bootkube/openshift-config-configmap-etcd-metric-serving-ca.yaml.template @@ -1,8 +1,8 @@ apiVersion: v1 kind: ConfigMap metadata: - name: etcd-metrics-serving-ca + name: etcd-metric-serving-ca namespace: openshift-config data: ca-bundle.crt: | - {{.EtcdMetricsCaCert | indent 4}} + {{.EtcdMetricCaCert | indent 4}} diff --git a/data/data/manifests/bootkube/openshift-config-secret-etcd-metric-client.yaml.template b/data/data/manifests/bootkube/openshift-config-secret-etcd-metric-client.yaml.template new file mode 100644 index 00000000000..a5b40edeb07 --- /dev/null +++ b/data/data/manifests/bootkube/openshift-config-secret-etcd-metric-client.yaml.template @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: etcd-metric-client + namespace: openshift-config +type: SecretTypeTLS +data: + tls.crt: {{ .EtcdMetricClientCert }} + tls.key: {{ .EtcdMetricClientKey }} diff --git a/data/data/manifests/bootkube/openshift-config-secret-etcd-metrics-client.yaml.template b/data/data/manifests/bootkube/openshift-config-secret-etcd-metrics-client.yaml.template deleted file mode 100644 index 1baa05238f8..00000000000 --- a/data/data/manifests/bootkube/openshift-config-secret-etcd-metrics-client.yaml.template +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: etcd-metrics-client - namespace: openshift-config -type: SecretTypeTLS -data: - tls.crt: {{ .EtcdMetricsClientCert }} - tls.key: {{ .EtcdMetricsClientKey }} diff --git a/pkg/asset/ignition/bootstrap/bootstrap.go b/pkg/asset/ignition/bootstrap/bootstrap.go index 753ef3e0671..5e8e2fcf3fe 100644 --- a/pkg/asset/ignition/bootstrap/bootstrap.go +++ b/pkg/asset/ignition/bootstrap/bootstrap.go @@ -31,17 +31,15 @@ import ( const ( rootDir = "/opt/openshift" bootstrapIgnFilename = "bootstrap.ign" - etcdCertSignerImage = "quay.io/coreos/kube-etcd-signer-server:678cc8e6841e2121ebfdb6e2db568fce290b67d6" ignitionUser = "core" ) // bootstrapTemplateData is the data to use to replace values in bootstrap // template files. type bootstrapTemplateData struct { - EtcdCertSignerImage string - EtcdCluster string - PullSecret string - ReleaseImage string + EtcdCluster string + PullSecret string + ReleaseImage string } // Bootstrap is an asset that generates the ignition config for bootstrap nodes. @@ -71,9 +69,9 @@ func (a *Bootstrap) Dependencies() []asset.Asset { &tls.EtcdCA{}, &tls.EtcdCABundle{}, &tls.EtcdClientCertKey{}, - &tls.EtcdMetricsCABundle{}, - &tls.EtcdMetricsSignerClientCertKey{}, - &tls.EtcdMetricsSignerServerCertKey{}, + &tls.EtcdMetricCABundle{}, + &tls.EtcdMetricSignerCertKey{}, + &tls.EtcdMetricSignerClientCertKey{}, &tls.EtcdSignerCertKey{}, &tls.EtcdSignerClientCertKey{}, &tls.JournalCertKey{}, @@ -184,10 +182,9 @@ func (a *Bootstrap) getTemplateData(installConfig *types.InstallConfig) (*bootst } return &bootstrapTemplateData{ - EtcdCertSignerImage: etcdCertSignerImage, - PullSecret: installConfig.PullSecret, - ReleaseImage: releaseImage, - EtcdCluster: strings.Join(etcdEndpoints, ","), + PullSecret: installConfig.PullSecret, + ReleaseImage: releaseImage, + EtcdCluster: strings.Join(etcdEndpoints, ","), }, nil } @@ -390,9 +387,9 @@ func (a *Bootstrap) addParentFiles(dependencies asset.Parents) { &tls.EtcdCA{}, &tls.EtcdCABundle{}, &tls.EtcdClientCertKey{}, - &tls.EtcdMetricsCABundle{}, - &tls.EtcdMetricsSignerClientCertKey{}, - &tls.EtcdMetricsSignerServerCertKey{}, + &tls.EtcdMetricCABundle{}, + &tls.EtcdMetricSignerCertKey{}, + &tls.EtcdMetricSignerClientCertKey{}, &tls.EtcdSignerCertKey{}, &tls.EtcdSignerClientCertKey{}, &tls.KubeAPIServerLBCABundle{}, diff --git a/pkg/asset/manifests/operators.go b/pkg/asset/manifests/operators.go index 46315acb385..2ca28b73321 100644 --- a/pkg/asset/manifests/operators.go +++ b/pkg/asset/manifests/operators.go @@ -65,8 +65,8 @@ func (m *Manifests) Dependencies() []asset.Asset { &tls.EtcdCABundle{}, &tls.EtcdSignerClientCertKey{}, &tls.EtcdClientCertKey{}, - &tls.EtcdMetricsCABundle{}, - &tls.EtcdMetricsSignerClientCertKey{}, + &tls.EtcdMetricCABundle{}, + &tls.EtcdMetricSignerClientCertKey{}, &tls.MCSCertKey{}, &bootkube.CVOOverrides{}, @@ -82,8 +82,8 @@ func (m *Manifests) Dependencies() []asset.Asset { &bootkube.KubeSystemSecretEtcdSigner{}, &bootkube.KubeSystemSecretEtcdSignerClient{}, &bootkube.MachineConfigServerTLSSecret{}, - &bootkube.OpenshiftConfigConfigmapEtcdMetricsServingCA{}, - &bootkube.OpenshiftConfigSecretEtcdMetricsClient{}, + &bootkube.OpenshiftConfigConfigmapEtcdMetricServingCA{}, + &bootkube.OpenshiftConfigSecretEtcdMetricClient{}, &bootkube.OpenshiftMachineConfigOperator{}, &bootkube.Pull{}, } @@ -140,8 +140,8 @@ func (m *Manifests) generateBootKubeManifests(dependencies asset.Parents) []*ass etcdCA := &tls.EtcdCA{} mcsCertKey := &tls.MCSCertKey{} etcdClientCertKey := &tls.EtcdClientCertKey{} - etcdMetricsCABundle := &tls.EtcdMetricsCABundle{} - etcdMetricsSignerClientCertKey := &tls.EtcdMetricsSignerClientCertKey{} + etcdMetricCABundle := &tls.EtcdMetricCABundle{} + etcdMetricSignerClientCertKey := &tls.EtcdMetricSignerClientCertKey{} rootCA := &tls.RootCA{} etcdSignerCertKey := &tls.EtcdSignerCertKey{} etcdCABundle := &tls.EtcdCABundle{} @@ -154,8 +154,8 @@ func (m *Manifests) generateBootKubeManifests(dependencies asset.Parents) []*ass etcdCABundle, etcdSignerClientCertKey, etcdClientCertKey, - etcdMetricsCABundle, - etcdMetricsSignerClientCertKey, + etcdMetricCABundle, + etcdMetricSignerClientCertKey, mcsCertKey, rootCA, ) @@ -176,9 +176,9 @@ func (m *Manifests) generateBootKubeManifests(dependencies asset.Parents) []*ass EtcdClientKey: base64.StdEncoding.EncodeToString(etcdClientCertKey.Key()), EtcdEndpointDNSSuffix: installConfig.Config.ClusterDomain(), EtcdEndpointHostnames: etcdEndpointHostnames, - EtcdMetricsCaCert: string(etcdMetricsCABundle.Cert()), - EtcdMetricsClientCert: base64.StdEncoding.EncodeToString(etcdMetricsSignerClientCertKey.Cert()), - EtcdMetricsClientKey: base64.StdEncoding.EncodeToString(etcdMetricsSignerClientCertKey.Key()), + EtcdMetricCaCert: string(etcdMetricCABundle.Cert()), + EtcdMetricClientCert: base64.StdEncoding.EncodeToString(etcdMetricSignerClientCertKey.Cert()), + EtcdMetricClientKey: base64.StdEncoding.EncodeToString(etcdMetricSignerClientCertKey.Key()), EtcdSignerCert: base64.StdEncoding.EncodeToString(etcdSignerCertKey.Cert()), EtcdSignerClientCert: base64.StdEncoding.EncodeToString(etcdSignerClientCertKey.Cert()), EtcdSignerClientKey: base64.StdEncoding.EncodeToString(etcdSignerClientCertKey.Key()), @@ -204,8 +204,8 @@ func (m *Manifests) generateBootKubeManifests(dependencies asset.Parents) []*ass &bootkube.KubeSystemSecretEtcdSigner{}, &bootkube.KubeSystemSecretEtcdSignerClient{}, &bootkube.MachineConfigServerTLSSecret{}, - &bootkube.OpenshiftConfigConfigmapEtcdMetricsServingCA{}, - &bootkube.OpenshiftConfigSecretEtcdMetricsClient{}, + &bootkube.OpenshiftConfigConfigmapEtcdMetricServingCA{}, + &bootkube.OpenshiftConfigSecretEtcdMetricClient{}, &bootkube.OpenshiftMachineConfigOperator{}, &bootkube.Pull{}, } { diff --git a/pkg/asset/manifests/template.go b/pkg/asset/manifests/template.go index c63e4d6bbfe..a2a437b57ab 100644 --- a/pkg/asset/manifests/template.go +++ b/pkg/asset/manifests/template.go @@ -27,9 +27,9 @@ type bootkubeTemplateData struct { EtcdClientKey string EtcdEndpointDNSSuffix string EtcdEndpointHostnames []string - EtcdMetricsCaCert string - EtcdMetricsClientCert string - EtcdMetricsClientKey string + EtcdMetricCaCert string + EtcdMetricClientCert string + EtcdMetricClientKey string EtcdSignerCert string EtcdSignerClientCert string EtcdSignerClientKey string diff --git a/pkg/asset/targets/targets.go b/pkg/asset/targets/targets.go index f3cf542274d..e63819d2ca2 100644 --- a/pkg/asset/targets/targets.go +++ b/pkg/asset/targets/targets.go @@ -40,8 +40,8 @@ var ( &bootkube.OpenshiftMachineConfigOperator{}, &bootkube.EtcdServiceKubeSystem{}, &bootkube.HostEtcdServiceKubeSystem{}, - &bootkube.OpenshiftConfigSecretEtcdMetricsClient{}, - &bootkube.OpenshiftConfigConfigmapEtcdMetricsServingCA{}, + &bootkube.OpenshiftConfigSecretEtcdMetricClient{}, + &bootkube.OpenshiftConfigConfigmapEtcdMetricServingCA{}, &openshift.BindingDiscovery{}, &openshift.CloudCredsSecret{}, &openshift.KubeadminPasswordSecret{}, diff --git a/pkg/asset/templates/content/bootkube/openshift-config-configmap-etcd-metrics-serving-ca.go b/pkg/asset/templates/content/bootkube/openshift-config-configmap-etcd-metric-serving-ca.go similarity index 51% rename from pkg/asset/templates/content/bootkube/openshift-config-configmap-etcd-metrics-serving-ca.go rename to pkg/asset/templates/content/bootkube/openshift-config-configmap-etcd-metric-serving-ca.go index 45281fcf1ed..bb27438d1f2 100644 --- a/pkg/asset/templates/content/bootkube/openshift-config-configmap-etcd-metrics-serving-ca.go +++ b/pkg/asset/templates/content/bootkube/openshift-config-configmap-etcd-metric-serving-ca.go @@ -9,29 +9,29 @@ import ( ) const ( - openshiftConfigConfigmapEtcdMetricsServingCAFileName = "openshift-config-configmap-etcd-metrics-serving-ca.yaml.template" + openshiftConfigConfigmapEtcdMetricServingCAFileName = "openshift-config-configmap-etcd-metric-serving-ca.yaml.template" ) -var _ asset.WritableAsset = (*OpenshiftConfigConfigmapEtcdMetricsServingCA)(nil) +var _ asset.WritableAsset = (*OpenshiftConfigConfigmapEtcdMetricServingCA)(nil) -// OpenshiftConfigConfigmapEtcdMetricsServingCA is the constant to represent contents of openshift-config-configmap-etcd-metrics-serving-ca.yaml.template file. -type OpenshiftConfigConfigmapEtcdMetricsServingCA struct { +// OpenshiftConfigConfigmapEtcdMetricServingCA is the constant to represent contents of openshift-config-configmap-etcd-metric-serving-ca.yaml.template file. +type OpenshiftConfigConfigmapEtcdMetricServingCA struct { FileList []*asset.File } // Dependencies returns all of the dependencies directly needed by the asset -func (t *OpenshiftConfigConfigmapEtcdMetricsServingCA) Dependencies() []asset.Asset { +func (t *OpenshiftConfigConfigmapEtcdMetricServingCA) Dependencies() []asset.Asset { return []asset.Asset{} } // Name returns the human-friendly name of the asset. -func (t *OpenshiftConfigConfigmapEtcdMetricsServingCA) Name() string { - return "OpenshiftConfigConfigmapEtcdMetricsServingCA" +func (t *OpenshiftConfigConfigmapEtcdMetricServingCA) Name() string { + return "OpenshiftConfigConfigmapEtcdMetricServingCA" } // Generate generates the actual files by this asset -func (t *OpenshiftConfigConfigmapEtcdMetricsServingCA) Generate(parents asset.Parents) error { - fileName := openshiftConfigConfigmapEtcdMetricsServingCAFileName +func (t *OpenshiftConfigConfigmapEtcdMetricServingCA) Generate(parents asset.Parents) error { + fileName := openshiftConfigConfigmapEtcdMetricServingCAFileName data, err := content.GetBootkubeTemplate(fileName) if err != nil { return err @@ -46,13 +46,13 @@ func (t *OpenshiftConfigConfigmapEtcdMetricsServingCA) Generate(parents asset.Pa } // Files returns the files generated by the asset. -func (t *OpenshiftConfigConfigmapEtcdMetricsServingCA) Files() []*asset.File { +func (t *OpenshiftConfigConfigmapEtcdMetricServingCA) Files() []*asset.File { return t.FileList } // Load returns the asset from disk. -func (t *OpenshiftConfigConfigmapEtcdMetricsServingCA) Load(f asset.FileFetcher) (bool, error) { - file, err := f.FetchByName(filepath.Join(content.TemplateDir, openshiftConfigConfigmapEtcdMetricsServingCAFileName)) +func (t *OpenshiftConfigConfigmapEtcdMetricServingCA) Load(f asset.FileFetcher) (bool, error) { + file, err := f.FetchByName(filepath.Join(content.TemplateDir, openshiftConfigConfigmapEtcdMetricServingCAFileName)) if err != nil { if os.IsNotExist(err) { return false, nil diff --git a/pkg/asset/templates/content/bootkube/openshift-config-secret-etcd-metrics-client.go b/pkg/asset/templates/content/bootkube/openshift-config-secret-etcd-metric-client.go similarity index 50% rename from pkg/asset/templates/content/bootkube/openshift-config-secret-etcd-metrics-client.go rename to pkg/asset/templates/content/bootkube/openshift-config-secret-etcd-metric-client.go index 802787e9ad9..6f9ca9fb074 100644 --- a/pkg/asset/templates/content/bootkube/openshift-config-secret-etcd-metrics-client.go +++ b/pkg/asset/templates/content/bootkube/openshift-config-secret-etcd-metric-client.go @@ -9,29 +9,29 @@ import ( ) const ( - openshiftConfigSecretEtcdMetricsClientFileName = "openshift-config-secret-etcd-metrics-client.yaml.template" + openshiftConfigSecretEtcdMetricClientFileName = "openshift-config-secret-etcd-metric-client.yaml.template" ) -var _ asset.WritableAsset = (*OpenshiftConfigSecretEtcdMetricsClient)(nil) +var _ asset.WritableAsset = (*OpenshiftConfigSecretEtcdMetricClient)(nil) -// OpenshiftConfigSecretEtcdMetricsClient is the constant to represent contents of openshift-config-secret-etcd-metrics-client.yaml.template file. -type OpenshiftConfigSecretEtcdMetricsClient struct { +// OpenshiftConfigSecretEtcdMetricClient is the constant to represent contents of openshift-config-secret-etcd-metric-client.yaml.template file. +type OpenshiftConfigSecretEtcdMetricClient struct { FileList []*asset.File } // Dependencies returns all of the dependencies directly needed by the asset -func (t *OpenshiftConfigSecretEtcdMetricsClient) Dependencies() []asset.Asset { +func (t *OpenshiftConfigSecretEtcdMetricClient) Dependencies() []asset.Asset { return []asset.Asset{} } // Name returns the human-friendly name of the asset. -func (t *OpenshiftConfigSecretEtcdMetricsClient) Name() string { - return "OpenshiftConfigSecretEtcdMetricsClient" +func (t *OpenshiftConfigSecretEtcdMetricClient) Name() string { + return "OpenshiftConfigSecretEtcdMetricClient" } // Generate generates the actual files by this asset -func (t *OpenshiftConfigSecretEtcdMetricsClient) Generate(parents asset.Parents) error { - fileName := openshiftConfigSecretEtcdMetricsClientFileName +func (t *OpenshiftConfigSecretEtcdMetricClient) Generate(parents asset.Parents) error { + fileName := openshiftConfigSecretEtcdMetricClientFileName data, err := content.GetBootkubeTemplate(fileName) if err != nil { return err @@ -46,13 +46,13 @@ func (t *OpenshiftConfigSecretEtcdMetricsClient) Generate(parents asset.Parents) } // Files returns the files generated by the asset. -func (t *OpenshiftConfigSecretEtcdMetricsClient) Files() []*asset.File { +func (t *OpenshiftConfigSecretEtcdMetricClient) Files() []*asset.File { return t.FileList } // Load returns the asset from disk. -func (t *OpenshiftConfigSecretEtcdMetricsClient) Load(f asset.FileFetcher) (bool, error) { - file, err := f.FetchByName(filepath.Join(content.TemplateDir, openshiftConfigSecretEtcdMetricsClientFileName)) +func (t *OpenshiftConfigSecretEtcdMetricClient) Load(f asset.FileFetcher) (bool, error) { + file, err := f.FetchByName(filepath.Join(content.TemplateDir, openshiftConfigSecretEtcdMetricClientFileName)) if err != nil { if os.IsNotExist(err) { return false, nil diff --git a/pkg/asset/tls/etcdmetrics.go b/pkg/asset/tls/etcdmetrics.go index f377989b691..7773da8014f 100644 --- a/pkg/asset/tls/etcdmetrics.go +++ b/pkg/asset/tls/etcdmetrics.go @@ -7,140 +7,97 @@ import ( "github.com/openshift/installer/pkg/asset" ) -// EtcdMetricsSignerCertKey is a key/cert pair that signs the etcd-metrics client and peer certs. -type EtcdMetricsSignerCertKey struct { +// EtcdMetricSignerCertKey is a key/cert pair that signs the etcd-metrics client and server certs. +type EtcdMetricSignerCertKey struct { SelfSignedCertKey } -var _ asset.WritableAsset = (*EtcdMetricsSignerCertKey)(nil) +var _ asset.WritableAsset = (*EtcdMetricSignerCertKey)(nil) // Dependencies returns the dependency of the root-ca, which is empty. -func (c *EtcdMetricsSignerCertKey) Dependencies() []asset.Asset { +func (c *EtcdMetricSignerCertKey) Dependencies() []asset.Asset { return []asset.Asset{} } // Generate generates the root-ca key and cert pair. -func (c *EtcdMetricsSignerCertKey) Generate(parents asset.Parents) error { +func (c *EtcdMetricSignerCertKey) Generate(parents asset.Parents) error { cfg := &CertCfg{ - Subject: pkix.Name{CommonName: "etcd-metrics-signer", OrganizationalUnit: []string{"openshift"}}, + Subject: pkix.Name{CommonName: "etcd-metric-signer", OrganizationalUnit: []string{"openshift"}}, KeyUsages: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign, Validity: ValidityTenYears, IsCA: true, } - return c.SelfSignedCertKey.Generate(cfg, "etcd-metrics-signer") + return c.SelfSignedCertKey.Generate(cfg, "etcd-metric-signer") } // Name returns the human-friendly name of the asset. -func (c *EtcdMetricsSignerCertKey) Name() string { - return "Certificate (etcd-metrics-signer)" +func (c *EtcdMetricSignerCertKey) Name() string { + return "Certificate (etcd-metric-signer)" } -// EtcdMetricsCABundle is the asset the generates the etcd-metrics-ca-bundle, +// EtcdMetricCABundle is the asset the generates the etcd-metrics-ca-bundle, // which contains all the individual client CAs. -type EtcdMetricsCABundle struct { +type EtcdMetricCABundle struct { CertBundle } -var _ asset.Asset = (*EtcdMetricsCABundle)(nil) +var _ asset.Asset = (*EtcdMetricCABundle)(nil) // Dependencies returns the dependency of the cert bundle. -func (a *EtcdMetricsCABundle) Dependencies() []asset.Asset { +func (a *EtcdMetricCABundle) Dependencies() []asset.Asset { return []asset.Asset{ - &EtcdMetricsSignerCertKey{}, + &EtcdMetricSignerCertKey{}, } } // Generate generates the cert bundle based on its dependencies. -func (a *EtcdMetricsCABundle) Generate(deps asset.Parents) error { +func (a *EtcdMetricCABundle) Generate(deps asset.Parents) error { var certs []CertInterface for _, asset := range a.Dependencies() { deps.Get(asset) certs = append(certs, asset.(CertInterface)) } - return a.CertBundle.Generate("etcd-metrics-ca-bundle", certs...) + return a.CertBundle.Generate("etcd-metric-ca-bundle", certs...) } // Name returns the human-friendly name of the asset. -func (a *EtcdMetricsCABundle) Name() string { - return "Certificate (etcd-metrics-ca-bundle)" +func (a *EtcdMetricCABundle) Name() string { + return "Certificate (etcd-metric-ca-bundle)" } -// EtcdMetricsSignerClientCertKey is the asset that generates the etcd-metrics client key/cert pair. -type EtcdMetricsSignerClientCertKey struct { +// EtcdMetricSignerClientCertKey is the asset that generates the etcd-metrics client key/cert pair. +type EtcdMetricSignerClientCertKey struct { SignedCertKey } -var _ asset.Asset = (*EtcdMetricsSignerClientCertKey)(nil) +var _ asset.Asset = (*EtcdMetricSignerClientCertKey)(nil) // Dependencies returns the dependency of the the cert/key pair, which includes // the parent CA, and install config if it depends on the install config for // DNS names, etc. -func (a *EtcdMetricsSignerClientCertKey) Dependencies() []asset.Asset { +func (a *EtcdMetricSignerClientCertKey) Dependencies() []asset.Asset { return []asset.Asset{ - &EtcdMetricsSignerCertKey{}, + &EtcdMetricSignerCertKey{}, } } // Generate generates the cert/key pair based on its dependencies. -func (a *EtcdMetricsSignerClientCertKey) Generate(dependencies asset.Parents) error { - ca := &EtcdMetricsSignerCertKey{} +func (a *EtcdMetricSignerClientCertKey) Generate(dependencies asset.Parents) error { + ca := &EtcdMetricSignerCertKey{} dependencies.Get(ca) cfg := &CertCfg{ - Subject: pkix.Name{CommonName: "etcd-metrics", OrganizationalUnit: []string{"etcd-metrics"}}, + Subject: pkix.Name{CommonName: "etcd-metric", OrganizationalUnit: []string{"etcd-metric"}}, KeyUsages: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, ExtKeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}, Validity: ValidityTenYears, } - return a.SignedCertKey.Generate(cfg, ca, "etcd-metrics-signer-client", DoNotAppendParent) + return a.SignedCertKey.Generate(cfg, ca, "etcd-metric-signer-client", DoNotAppendParent) } // Name returns the human-friendly name of the asset. -func (a *EtcdMetricsSignerClientCertKey) Name() string { - return "Certificate (etcd-metrics-signer-client)" -} - -// EtcdMetricsSignerServerCertKey is the asset that generates the etcd-metrics server key/cert pair. -type EtcdMetricsSignerServerCertKey struct { - SignedCertKey -} - -var _ asset.Asset = (*EtcdMetricsSignerServerCertKey)(nil) - -// Dependencies returns the dependency of the the cert/key pair, which includes -// the parent CA, and install config if it depends on the install config for -// DNS names, etc. -func (a *EtcdMetricsSignerServerCertKey) Dependencies() []asset.Asset { - return []asset.Asset{ - &EtcdMetricsSignerCertKey{}, - } -} - -// Generate generates the cert/key pair based on its dependencies. -func (a *EtcdMetricsSignerServerCertKey) Generate(dependencies asset.Parents) error { - ca := &EtcdMetricsSignerCertKey{} - dependencies.Get(ca) - - cfg := &CertCfg{ - Subject: pkix.Name{CommonName: "etcd-metrics", OrganizationalUnit: []string{"etcd-metrics"}}, - KeyUsages: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, - ExtKeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, - DNSNames: []string{ - "etcd", - "etcd.kube-system", - "etcd.kube-system.svc.cluster.local", - "etcd.kube-system.svc", - "localhost", - }, - Validity: ValidityTenYears, - } - - return a.SignedCertKey.Generate(cfg, ca, "etcd-metrics-signer-server", DoNotAppendParent) -} - -// Name returns the human-friendly name of the asset. -func (a *EtcdMetricsSignerServerCertKey) Name() string { - return "Certificate (etcd-metrics-signer-server)" +func (a *EtcdMetricSignerClientCertKey) Name() string { + return "Certificate (etcd-metric-signer-client)" }