Skip to content
This repository was archived by the owner on Aug 29, 2022. It is now read-only.

Commit cd7af31

Browse files
johngmyersjohngmyers
committed
Remove support for writing to secret
1 parent 721c9bf commit cd7af31

File tree

1 file changed

+0
-42
lines changed

1 file changed

+0
-42
lines changed

main.go

Lines changed: 0 additions & 42 deletions
Original file line numberDiff line numberDiff line change
@@ -12,20 +12,16 @@
1212
package main
1313

1414
import (
15-
"crypto/x509"
16-
"encoding/pem"
1715
"flag"
1816
"fmt"
1917
"github.com/proofpoint/kapprover/podnames"
20-
"io/ioutil"
2118
metaV1 "k8s.io/apimachinery/pkg/apis/meta/v1"
2219
"k8s.io/client-go/kubernetes"
2320
"k8s.io/client-go/rest"
2421
"log"
2522
"net"
2623
"os"
2724
"strings"
28-
"time"
2925
)
3026

3127
var (
@@ -38,8 +34,6 @@ var (
3834
serviceIPs string
3935
serviceNames string
4036
labels string
41-
secretName string
42-
createSecret bool
4337
keysize int
4438
)
4539

@@ -53,8 +47,6 @@ func main() {
5347
flag.StringVar(&serviceNames, "service-names", "", "service names that resolve to this Pod; comma separated")
5448
flag.StringVar(&serviceIPs, "service-ips", "", "service IP addresses that resolve to this Pod; comma separated")
5549
flag.StringVar(&labels, "labels", "", "labels to include in CertificateSigningRequest object; comma seprated list of key=value")
56-
flag.StringVar(&secretName, "secret-name", "", "secret name to store generated files")
57-
flag.BoolVar(&createSecret, "create-secret", false, "create a new secret instead of waiting for one to update")
5850
flag.IntVar(&keysize, "keysize", 3072, "bit size of private key")
5951
flag.Parse()
6052

@@ -133,40 +125,6 @@ func main() {
133125

134126
writeKeystore(certDir, key, certificate)
135127

136-
if secretName != "" {
137-
pemKeyBytes := pem.EncodeToMemory(&pem.Block{
138-
Type: "RSA PRIVATE KEY",
139-
Bytes: x509.MarshalPKCS1PrivateKey(key),
140-
})
141-
142-
for {
143-
ks, err := client.CoreV1().Secrets(namespace).Get(secretName, metaV1.GetOptions{})
144-
if err != nil {
145-
if createSecret {
146-
log.Fatalf("TODO: cannot create secrets")
147-
} else {
148-
log.Printf("Secret to store credentials (%s) not found; trying again in 5 seconds", secretName)
149-
time.Sleep(5 * time.Second)
150-
continue
151-
}
152-
}
153-
154-
k8sCrt, err := ioutil.ReadFile("/var/run/secrets/kubernetes.io/serviceaccount/ca.crt")
155-
156-
stringData := make(map[string]string)
157-
stringData["tls.key"] = string(pemKeyBytes)
158-
stringData["tls.crt"] = string(certificate)
159-
stringData["k8s.crt"] = string(k8sCrt) // ok
160-
stringData["tlsAndK8s.crt"] = string(certificate) + "\n" + string(k8sCrt) // ok
161-
162-
ks.StringData = stringData
163-
_, err = client.CoreV1().Secrets(namespace).Update(ks)
164-
log.Printf("Stored credentials in secret: (%s)", secretName)
165-
166-
break
167-
}
168-
}
169-
170128
os.Exit(0)
171129
}
172130

0 commit comments

Comments
 (0)