mirror of
https://github.com/kyverno/kyverno.git
synced 2024-12-14 11:57:48 +00:00
fix: remove unnecessary dependencies from tls package (#4903)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
parent
8e15982448
commit
d25dccbd9c
4 changed files with 3 additions and 36 deletions
|
@ -568,12 +568,10 @@ func main() {
|
|||
metrics.NamespacedClientQueryRecorder(metricsConfig, config.KyvernoNamespace(), "Secret", metrics.KubeClient),
|
||||
kubeClient.CoreV1().Secrets(config.KyvernoNamespace()),
|
||||
),
|
||||
clientConfig,
|
||||
tls.CertRenewalInterval,
|
||||
tls.CAValidityDuration,
|
||||
tls.TLSValidityDuration,
|
||||
serverIP,
|
||||
logging.WithName("CertRenewer"),
|
||||
)
|
||||
if err != nil {
|
||||
logger.Error(err, "failed to initialize CertRenewer")
|
||||
|
|
|
@ -50,7 +50,7 @@ func generateCA(key *rsa.PrivateKey, certValidityDuration time.Duration) (*rsa.P
|
|||
|
||||
// generateTLS takes the results of GenerateCACert and uses it to create the
|
||||
// PEM-encoded public certificate and private key, respectively
|
||||
func generateTLS(props *certificateProps, serverIP string, caCert *x509.Certificate, caKey *rsa.PrivateKey, certValidityDuration time.Duration) (*rsa.PrivateKey, *x509.Certificate, error) {
|
||||
func generateTLS(serverIP string, caCert *x509.Certificate, caKey *rsa.PrivateKey, certValidityDuration time.Duration) (*rsa.PrivateKey, *x509.Certificate, error) {
|
||||
now := time.Now()
|
||||
begin, end := now.Add(-1*time.Hour), now.Add(certValidityDuration)
|
||||
dnsNames := []string{
|
||||
|
|
|
@ -1,23 +0,0 @@
|
|||
package tls
|
||||
|
||||
import (
|
||||
"net/url"
|
||||
|
||||
"k8s.io/client-go/rest"
|
||||
)
|
||||
|
||||
// certificateProps Properties of TLS certificate which should be issued for webhook server
|
||||
type certificateProps struct {
|
||||
apiServerHost string
|
||||
}
|
||||
|
||||
// newCertificateProps creates CertificateProps from a *rest.Config
|
||||
func newCertificateProps(configuration *rest.Config) (*certificateProps, error) {
|
||||
apiServerURL, err := url.Parse(configuration.Host)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &certificateProps{
|
||||
apiServerHost: apiServerURL.Hostname(),
|
||||
}, nil
|
||||
}
|
|
@ -7,14 +7,12 @@ import (
|
|||
"fmt"
|
||||
"time"
|
||||
|
||||
"github.com/go-logr/logr"
|
||||
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
||||
"github.com/kyverno/kyverno/pkg/config"
|
||||
controllerutils "github.com/kyverno/kyverno/pkg/utils/controller"
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
apierrors "k8s.io/apimachinery/pkg/api/errors"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/client-go/rest"
|
||||
)
|
||||
|
||||
const (
|
||||
|
@ -37,24 +35,18 @@ type CertRenewer struct {
|
|||
certRenewalInterval time.Duration
|
||||
caValidityDuration time.Duration
|
||||
tlsValidityDuration time.Duration
|
||||
certProps *certificateProps
|
||||
|
||||
// IP address where Kyverno controller runs. Only required if out-of-cluster.
|
||||
serverIP string
|
||||
}
|
||||
|
||||
// NewCertRenewer returns an instance of CertRenewer
|
||||
func NewCertRenewer(client controllerutils.ObjectClient[*corev1.Secret], clientConfig *rest.Config, certRenewalInterval, caValidityDuration, tlsValidityDuration time.Duration, serverIP string, log logr.Logger) (*CertRenewer, error) {
|
||||
certProps, err := newCertificateProps(clientConfig)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
func NewCertRenewer(client controllerutils.ObjectClient[*corev1.Secret], certRenewalInterval, caValidityDuration, tlsValidityDuration time.Duration, serverIP string) (*CertRenewer, error) {
|
||||
return &CertRenewer{
|
||||
client: client,
|
||||
certRenewalInterval: certRenewalInterval,
|
||||
caValidityDuration: caValidityDuration,
|
||||
tlsValidityDuration: tlsValidityDuration,
|
||||
certProps: certProps,
|
||||
serverIP: serverIP,
|
||||
}, nil
|
||||
}
|
||||
|
@ -125,7 +117,7 @@ func (c *CertRenewer) RenewTLS() error {
|
|||
logger.Error(err, "tls is not valid but certificates are not managed by kyverno, we can't renew them")
|
||||
return err
|
||||
}
|
||||
tlsKey, tlsCert, err := generateTLS(c.certProps, c.serverIP, caCerts[len(caCerts)-1], caKey, c.tlsValidityDuration)
|
||||
tlsKey, tlsCert, err := generateTLS(c.serverIP, caCerts[len(caCerts)-1], caKey, c.tlsValidityDuration)
|
||||
if err != nil {
|
||||
logger.Error(err, "failed to generate TLS")
|
||||
return err
|
||||
|
|
Loading…
Reference in a new issue