k8supdates: label nodes with k8s component hash

2025-08-06 05:54:28 -04:00 · 2022-12-06 18:48:01 +01:00 · 2022-12-06 18:48:01 +01:00 · a1161ae05d
commit a1161ae05d
parent 1466c12972
30 changed files with 869 additions and 18 deletions
--- a/joinservice/internal/kubernetesca/kubernetesca.go
+++ b/joinservice/internal/kubernetesca/kubernetesca.go
@ -40,6 +40,19 @@ func New(log *logger.Logger, fileHandler file.Handler) *KubernetesCA {
 	}
 }

+// GetNodeNameFromCSR extracts the node name from a CSR.
+func (c KubernetesCA) GetNodeNameFromCSR(csr []byte) (string, error) {
+	certRequest, err := x509.ParseCertificateRequest(csr)
+	if err != nil {
+		return "", err
+	}
+	if !strings.HasPrefix(certRequest.Subject.CommonName, kubeconstants.NodesUserPrefix) {
+		return "", fmt.Errorf("certificate request must have common name prefix %q but is %q", kubeconstants.NodesUserPrefix, certRequest.Subject.CommonName)
+	}
+
+	return strings.TrimPrefix(certRequest.Subject.CommonName, kubeconstants.NodesUserPrefix), nil
+}
+
 // GetCertificate creates a certificate for a node and signs it using the Kubernetes root CA.
 func (c KubernetesCA) GetCertificate(csr []byte) (cert []byte, err error) {
 	c.log.Debugf("Loading Kubernetes CA certificate")