2022-09-05 03:06:08 -04:00
|
|
|
/*
|
|
|
|
|
Copyright (c) Edgeless Systems GmbH
|
|
|
|
|
|
|
|
|
|
SPDX-License-Identifier: AGPL-3.0-only
|
|
|
|
|
*/
|
|
|
|
|
|
2022-07-15 03:33:11 -04:00
|
|
|
package kubelet
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"crypto/x509"
|
|
|
|
|
"crypto/x509/pkix"
|
|
|
|
|
"net"
|
|
|
|
|
|
2022-09-21 07:47:57 -04:00
|
|
|
"github.com/edgelesssys/constellation/v2/bootstrapper/internal/certificate"
|
2022-07-15 03:33:11 -04:00
|
|
|
"k8s.io/kubernetes/cmd/kubeadm/app/constants"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
|
// CertificateFilename is the path to the kubelets certificate.
|
|
|
|
|
CertificateFilename = "/run/state/kubelet/pki/kubelet-client-crt.pem"
|
|
|
|
|
// KeyFilename is the path to the kubelets private key.
|
|
|
|
|
KeyFilename = "/run/state/kubelet/pki/kubelet-client-key.pem"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// GetCertificateRequest returns a certificate request and macthing private key for the kubelet.
|
|
|
|
|
func GetCertificateRequest(nodeName string, ips []net.IP) (certificateRequest []byte, privateKey []byte, err error) {
|
|
|
|
|
csrTemplate := &x509.CertificateRequest{
|
|
|
|
|
Subject: pkix.Name{
|
|
|
|
|
Organization: []string{constants.NodesGroup},
|
|
|
|
|
CommonName: constants.NodesUserPrefix + nodeName,
|
|
|
|
|
},
|
|
|
|
|
IPAddresses: ips,
|
|
|
|
|
}
|
2022-08-31 21:40:29 -04:00
|
|
|
return certificate.GetCertificateRequest(csrTemplate)
|
2022-07-15 03:33:11 -04:00
|
|
|
}
|
