diff --git a/cmd/kyverno/main.go b/cmd/kyverno/main.go index 8858429c4a..475dcaa790 100644 --- a/cmd/kyverno/main.go +++ b/cmd/kyverno/main.go @@ -32,7 +32,7 @@ var ( // will be removed in future and the configuration will be set only via configmaps filterK8Resources string // User FQDN as CSR CN - FQDNCN bool + fqdncn bool ) func main() { @@ -168,7 +168,7 @@ func main() { policyMetaStore) // CONFIGURE CERTIFICATES - tlsPair, err := client.InitTLSPemPair(clientConfig, FQDNCN) + tlsPair, err := client.InitTLSPemPair(clientConfig, fqdncn) if err != nil { glog.Fatalf("Failed to initialize TLS key/certificate pair: %v\n", err) } @@ -247,7 +247,7 @@ func init() { flag.StringVar(&kubeconfig, "kubeconfig", "", "Path to a kubeconfig. Only required if out-of-cluster.") flag.StringVar(&serverIP, "serverIP", "", "IP address where Kyverno controller runs. Only required if out-of-cluster.") // Generate CSR with CN as FQDN due to https://github.com/nirmata/kyverno/issues/542 - flag.BoolVar(&FQDNCN, "FQDNAsCN", false, "use FQDN as Common Name in CSR") + flag.BoolVar(&fqdncn, "fqdn-as-cn", false, "use FQDN as Common Name in CSR") config.LogDefaultFlags() flag.Parse() } diff --git a/pkg/dclient/certificates.go b/pkg/dclient/certificates.go index a12dec71cb..1f499f829c 100644 --- a/pkg/dclient/certificates.go +++ b/pkg/dclient/certificates.go @@ -18,7 +18,7 @@ import ( // InitTLSPemPair Loads or creates PEM private key and TLS certificate for webhook server. // Created pair is stored in cluster's secret. // Returns struct with key/certificate pair. -func (c *Client) InitTLSPemPair(configuration *rest.Config, FQDNCN bool) (*tls.TlsPemPair, error) { +func (c *Client) InitTLSPemPair(configuration *rest.Config, fqdncn bool) (*tls.TlsPemPair, error) { certProps, err := c.GetTLSCertProps(configuration) if err != nil { return nil, err @@ -26,7 +26,7 @@ func (c *Client) InitTLSPemPair(configuration *rest.Config, FQDNCN bool) (*tls.T tlsPair := c.ReadTlsPair(certProps) if tls.IsTLSPairShouldBeUpdated(tlsPair) { glog.Info("Generating new key/certificate pair for TLS") - tlsPair, err = c.generateTLSPemPair(certProps, FQDNCN) + tlsPair, err = c.generateTLSPemPair(certProps, fqdncn) if err != nil { return nil, err } @@ -42,13 +42,13 @@ func (c *Client) InitTLSPemPair(configuration *rest.Config, FQDNCN bool) (*tls.T //generateTlsPemPair Issues TLS certificate for webhook server using given PEM private key // Returns signed and approved TLS certificate in PEM format -func (c *Client) generateTLSPemPair(props tls.TlsCertificateProps, FQDNCN bool) (*tls.TlsPemPair, error) { +func (c *Client) generateTLSPemPair(props tls.TlsCertificateProps, fqdncn bool) (*tls.TlsPemPair, error) { privateKey, err := tls.TLSGeneratePrivateKey() if err != nil { return nil, err } - certRequest, err := tls.CertificateGenerateRequest(privateKey, props, FQDNCN) + certRequest, err := tls.CertificateGenerateRequest(privateKey, props, fqdncn) if err != nil { return nil, fmt.Errorf("Unable to create certificate request: %v", err) } diff --git a/pkg/tls/tls.go b/pkg/tls/tls.go index bb640ad560..c91c9b922c 100644 --- a/pkg/tls/tls.go +++ b/pkg/tls/tls.go @@ -53,7 +53,7 @@ func certificateRequestToPem(csrRaw []byte) []byte { } //CertificateGenerateRequest Generates raw certificate signing request -func CertificateGenerateRequest(privateKey *rsa.PrivateKey, props TlsCertificateProps, FQDNCN bool) (*certificates.CertificateSigningRequest, error) { +func CertificateGenerateRequest(privateKey *rsa.PrivateKey, props TlsCertificateProps, fqdncn bool) (*certificates.CertificateSigningRequest, error) { dnsNames := make([]string, 3) dnsNames[0] = props.Service dnsNames[1] = props.Service + "." + props.Namespace @@ -61,7 +61,7 @@ func CertificateGenerateRequest(privateKey *rsa.PrivateKey, props TlsCertificate commonName := GenerateInClusterServiceName(props) dnsNames[2] = commonName csCommonName := props.Service - if FQDNCN { + if fqdncn { // use FQDN as CommonName as a workaournd for https://github.com/nirmata/kyverno/issues/542 csCommonName = commonName }