Skip to content
This repository was archived by the owner on Jul 16, 2024. It is now read-only.

Commit 6de9b34

Browse files
k8s-ci-robotk8s-ci-robot
authored
Merge pull request #141 from neolit123/decouple-from-k-k
decouple etcdadm from kubernetes/kubernetes
2 parents 9a08cc2 + b4939f4 commit 6de9b34

File tree

6 files changed

+285
-57
lines changed

6 files changed

+285
-57
lines changed

apis/config.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -298,7 +298,7 @@ func DefaultAdvertiseClientURLs(cfg *EtcdAdmConfig) error {
298298

299299
// Returns the address associated with the host's default interface.
300300
func defaultExternalAddress() (net.IP, error) {
301-
ip, err := netutil.ChooseBindAddress(net.ParseIP("0.0.0.0"))
301+
ip, err := netutil.ResolveBindAddress(net.ParseIP("0.0.0.0"))
302302
if err != nil {
303303
return nil, fmt.Errorf("failed to find a default external address: %s", err)
304304
}

certs/pkiutil/pki_helpers.go

Lines changed: 100 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -22,23 +22,44 @@ modified to work independently of kubeadm internals like the configuration.
2222
package pkiutil
2323

2424
import (
25+
"crypto"
26+
cryptorand "crypto/rand"
2527
"crypto/rsa"
2628
"crypto/x509"
29+
"crypto/x509/pkix"
30+
"encoding/pem"
2731
"fmt"
2832
"net"
2933
"os"
3034
"path/filepath"
3135
"time"
3236

37+
"github.com/pkg/errors"
3338
"k8s.io/apimachinery/pkg/util/validation"
3439
certutil "k8s.io/client-go/util/cert"
40+
"k8s.io/client-go/util/keyutil"
41+
"math"
42+
"math/big"
3543
"sigs.k8s.io/etcdadm/apis"
3644
"sigs.k8s.io/etcdadm/constants"
3745
)
3846

47+
const (
48+
// PrivateKeyBlockType is a possible value for pem.Block.Type.
49+
PrivateKeyBlockType = "PRIVATE KEY"
50+
// PublicKeyBlockType is a possible value for pem.Block.Type.
51+
PublicKeyBlockType = "PUBLIC KEY"
52+
// CertificateBlockType is a possible value for pem.Block.Type.
53+
CertificateBlockType = "CERTIFICATE"
54+
// RSAPrivateKeyBlockType is a possible value for pem.Block.Type.
55+
RSAPrivateKeyBlockType = "RSA PRIVATE KEY"
56+
rsaKeySize = 2048
57+
certificateValidity = time.Hour * 24 * 365
58+
)
59+
3960
// NewCertificateAuthority creates new certificate and private key for the certificate authority
4061
func NewCertificateAuthority() (*x509.Certificate, *rsa.PrivateKey, error) {
41-
key, err := certutil.NewPrivateKey()
62+
key, err := NewPrivateKey()
4263
if err != nil {
4364
return nil, nil, fmt.Errorf("unable to create private key [%v]", err)
4465
}
@@ -56,12 +77,12 @@ func NewCertificateAuthority() (*x509.Certificate, *rsa.PrivateKey, error) {
5677

5778
// NewCertAndKey creates new certificate and key by passing the certificate authority certificate and key
5879
func NewCertAndKey(caCert *x509.Certificate, caKey *rsa.PrivateKey, config certutil.Config) (*x509.Certificate, *rsa.PrivateKey, error) {
59-
key, err := certutil.NewPrivateKey()
80+
key, err := NewPrivateKey()
6081
if err != nil {
6182
return nil, nil, fmt.Errorf("unable to create private key [%v]", err)
6283
}
6384

64-
cert, err := certutil.NewSignedCert(config, key, caCert, caKey)
85+
cert, err := NewSignedCert(&config, key, caCert, caKey)
6586
if err != nil {
6687
return nil, nil, fmt.Errorf("unable to sign certificate [%v]", err)
6788
}
@@ -95,7 +116,7 @@ func WriteCert(pkiPath, name string, cert *x509.Certificate) error {
95116
}
96117

97118
certificatePath := pathForCert(pkiPath, name)
98-
if err := certutil.WriteCert(certificatePath, certutil.EncodeCertPEM(cert)); err != nil {
119+
if err := certutil.WriteCert(certificatePath, EncodeCertPEM(cert)); err != nil {
99120
return fmt.Errorf("unable to write certificate to file %q: [%v]", certificatePath, err)
100121
}
101122

@@ -109,7 +130,7 @@ func WriteKey(pkiPath, name string, key *rsa.PrivateKey) error {
109130
}
110131

111132
privateKeyPath := pathForKey(pkiPath, name)
112-
if err := certutil.WriteKey(privateKeyPath, certutil.EncodePrivateKeyPEM(key)); err != nil {
133+
if err := keyutil.WriteKey(privateKeyPath, EncodePrivateKeyPEM(key)); err != nil {
113134
return fmt.Errorf("unable to write private key to file %q: [%v]", privateKeyPath, err)
114135
}
115136

@@ -122,12 +143,12 @@ func WritePublicKey(pkiPath, name string, key *rsa.PublicKey) error {
122143
return fmt.Errorf("public key cannot be nil when writing to file")
123144
}
124145

125-
publicKeyBytes, err := certutil.EncodePublicKeyPEM(key)
146+
publicKeyBytes, err := EncodePublicKeyPEM(key)
126147
if err != nil {
127148
return err
128149
}
129150
publicKeyPath := pathForPublicKey(pkiPath, name)
130-
if err := certutil.WriteKey(publicKeyPath, publicKeyBytes); err != nil {
151+
if err := keyutil.WriteKey(publicKeyPath, publicKeyBytes); err != nil {
131152
return fmt.Errorf("unable to write public key to file %q: [%v]", publicKeyPath, err)
132153
}
133154

@@ -194,7 +215,7 @@ func TryLoadKeyFromDisk(pkiPath, name string) (*rsa.PrivateKey, error) {
194215
privateKeyPath := pathForKey(pkiPath, name)
195216

196217
// Parse the private key from a file
197-
privKey, err := certutil.PrivateKeyFromFile(privateKeyPath)
218+
privKey, err := keyutil.PrivateKeyFromFile(privateKeyPath)
198219
if err != nil {
199220
return nil, fmt.Errorf("couldn't load the private key file %s: %v", privateKeyPath, err)
200221
}
@@ -216,15 +237,15 @@ func TryLoadPrivatePublicKeyFromDisk(pkiPath, name string) (*rsa.PrivateKey, *rs
216237
privateKeyPath := pathForKey(pkiPath, name)
217238

218239
// Parse the private key from a file
219-
privKey, err := certutil.PrivateKeyFromFile(privateKeyPath)
240+
privKey, err := keyutil.PrivateKeyFromFile(privateKeyPath)
220241
if err != nil {
221242
return nil, nil, fmt.Errorf("couldn't load the private key file %s: %v", privateKeyPath, err)
222243
}
223244

224245
publicKeyPath := pathForPublicKey(pkiPath, name)
225246

226247
// Parse the public key from a file
227-
pubKeys, err := certutil.PublicKeysFromFile(publicKeyPath)
248+
pubKeys, err := keyutil.PublicKeysFromFile(publicKeyPath)
228249
if err != nil {
229250
return nil, nil, fmt.Errorf("couldn't load the public key file %s: %v", publicKeyPath, err)
230251
}
@@ -296,3 +317,72 @@ func appendSANsToAltNames(altNames *certutil.AltNames, SANs []string, certName s
296317
}
297318
}
298319
}
320+
321+
// NewPrivateKey creates an RSA private key
322+
func NewPrivateKey() (*rsa.PrivateKey, error) {
323+
return rsa.GenerateKey(cryptorand.Reader, rsaKeySize)
324+
}
325+
326+
// NewSignedCert creates a signed certificate using the given CA certificate and key
327+
func NewSignedCert(cfg *certutil.Config, key crypto.Signer, caCert *x509.Certificate, caKey crypto.Signer) (*x509.Certificate, error) {
328+
serial, err := cryptorand.Int(cryptorand.Reader, new(big.Int).SetInt64(math.MaxInt64))
329+
if err != nil {
330+
return nil, err
331+
}
332+
if len(cfg.CommonName) == 0 {
333+
return nil, errors.New("must specify a CommonName")
334+
}
335+
if len(cfg.Usages) == 0 {
336+
return nil, errors.New("must specify at least one ExtKeyUsage")
337+
}
338+
339+
certTmpl := x509.Certificate{
340+
Subject: pkix.Name{
341+
CommonName: cfg.CommonName,
342+
Organization: cfg.Organization,
343+
},
344+
DNSNames: cfg.AltNames.DNSNames,
345+
IPAddresses: cfg.AltNames.IPs,
346+
SerialNumber: serial,
347+
NotBefore: caCert.NotBefore,
348+
NotAfter: time.Now().Add(certificateValidity).UTC(),
349+
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
350+
ExtKeyUsage: cfg.Usages,
351+
}
352+
certDERBytes, err := x509.CreateCertificate(cryptorand.Reader, &certTmpl, caCert, key.Public(), caKey)
353+
if err != nil {
354+
return nil, err
355+
}
356+
return x509.ParseCertificate(certDERBytes)
357+
}
358+
359+
// EncodeCertPEM returns PEM-endcoded certificate data
360+
func EncodeCertPEM(cert *x509.Certificate) []byte {
361+
block := pem.Block{
362+
Type: CertificateBlockType,
363+
Bytes: cert.Raw,
364+
}
365+
return pem.EncodeToMemory(&block)
366+
}
367+
368+
// EncodePublicKeyPEM returns PEM-encoded public data
369+
func EncodePublicKeyPEM(key crypto.PublicKey) ([]byte, error) {
370+
der, err := x509.MarshalPKIXPublicKey(key)
371+
if err != nil {
372+
return []byte{}, err
373+
}
374+
block := pem.Block{
375+
Type: PublicKeyBlockType,
376+
Bytes: der,
377+
}
378+
return pem.EncodeToMemory(&block), nil
379+
}
380+
381+
// EncodePrivateKeyPEM returns PEM-encoded private key data
382+
func EncodePrivateKeyPEM(key *rsa.PrivateKey) []byte {
383+
block := pem.Block{
384+
Type: RSAPrivateKeyBlockType, // "RSA PRIVATE KEY"
385+
Bytes: x509.MarshalPKCS1PrivateKey(key),
386+
}
387+
return pem.EncodeToMemory(&block)
388+
}

cmd/version.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ import (
2626
"github.com/spf13/cobra"
2727

2828
apimachineryversion "k8s.io/apimachinery/pkg/version"
29-
"k8s.io/kubernetes/pkg/version"
29+
"k8s.io/component-base/version"
3030
)
3131

3232
// Version TODO: add description

go.mod

Lines changed: 5 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -3,46 +3,30 @@ module sigs.k8s.io/etcdadm
33
go 1.12
44

55
require (
6-
github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973 // indirect
76
github.com/coreos/bbolt v1.3.1-coreos.6 // indirect
87
github.com/coreos/etcd v3.3.13+incompatible
98
github.com/coreos/go-semver v0.2.0 // indirect
109
github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7 // indirect
1110
github.com/coreos/pkg v0.0.0-20180108230652-97fdf19511ea // indirect
12-
github.com/dgrijalva/jwt-go v3.2.0+incompatible // indirect
1311
github.com/ghodss/yaml v1.0.0
14-
github.com/gogo/protobuf v1.0.0 // indirect
1512
github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef // indirect
16-
github.com/google/btree v0.0.0-20180124185431-e89373fe6b4a // indirect
1713
github.com/gorilla/websocket v1.4.0 // indirect
1814
github.com/grpc-ecosystem/go-grpc-middleware v1.0.0 // indirect
1915
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect
2016
github.com/grpc-ecosystem/grpc-gateway v1.8.6 // indirect
2117
github.com/inconshreveable/mousetrap v1.0.0 // indirect
2218
github.com/jonboulle/clockwork v0.1.0 // indirect
23-
github.com/json-iterator/go v1.1.6 // indirect
24-
github.com/konsorten/go-windows-terminal-sequences v1.0.1 // indirect
25-
github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
26-
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
27-
github.com/modern-go/reflect2 v1.0.1 // indirect
28-
github.com/pkg/errors v0.8.1 // indirect
29-
github.com/prometheus/client_golang v0.8.0 // indirect
30-
github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90 // indirect
31-
github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e // indirect
32-
github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273 // indirect
19+
github.com/pkg/errors v0.8.1
3320
github.com/satori/go.uuid v1.2.0
34-
github.com/sirupsen/logrus v1.1.1
21+
github.com/sirupsen/logrus v1.2.0
3522
github.com/soheilhy/cmux v0.1.4 // indirect
3623
github.com/spf13/cobra v0.0.3
37-
github.com/spf13/pflag v1.0.1 // indirect
3824
github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5 // indirect
3925
github.com/xiang90/probing v0.0.0-20160813154853-07dd2e8dfe18 // indirect
4026
go.uber.org/atomic v1.3.2 // indirect
4127
go.uber.org/multierr v1.1.0 // indirect
4228
go.uber.org/zap v1.9.0 // indirect
43-
golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2 // indirect
44-
gopkg.in/yaml.v2 v2.2.1 // indirect
45-
k8s.io/apimachinery v0.0.0-20180510142256-21efb2924c7c
46-
k8s.io/client-go v0.0.0-20180515144434-1692bdde78a6
47-
k8s.io/kubernetes v1.11.1
29+
k8s.io/apimachinery v0.0.0-20191128180518-03184f823e28
30+
k8s.io/client-go v0.0.0-20191204082519-e9644b2e3edc
31+
k8s.io/component-base v0.0.0-20191204083906-3ac1376c73aa
4832
)

0 commit comments

Comments
 (0)