1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00

fix: remove unnecessary dependencies from tls package (#4903)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché 2022-10-12 11:36:26 +02:00 committed by GitHub
parent 8e15982448
commit d25dccbd9c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 3 additions and 36 deletions

View file

@ -568,12 +568,10 @@ func main() {
metrics.NamespacedClientQueryRecorder(metricsConfig, config.KyvernoNamespace(), "Secret", metrics.KubeClient),
kubeClient.CoreV1().Secrets(config.KyvernoNamespace()),
),
clientConfig,
tls.CertRenewalInterval,
tls.CAValidityDuration,
tls.TLSValidityDuration,
serverIP,
logging.WithName("CertRenewer"),
)
if err != nil {
logger.Error(err, "failed to initialize CertRenewer")

View file

@ -50,7 +50,7 @@ func generateCA(key *rsa.PrivateKey, certValidityDuration time.Duration) (*rsa.P
// generateTLS takes the results of GenerateCACert and uses it to create the
// PEM-encoded public certificate and private key, respectively
func generateTLS(props *certificateProps, serverIP string, caCert *x509.Certificate, caKey *rsa.PrivateKey, certValidityDuration time.Duration) (*rsa.PrivateKey, *x509.Certificate, error) {
func generateTLS(serverIP string, caCert *x509.Certificate, caKey *rsa.PrivateKey, certValidityDuration time.Duration) (*rsa.PrivateKey, *x509.Certificate, error) {
now := time.Now()
begin, end := now.Add(-1*time.Hour), now.Add(certValidityDuration)
dnsNames := []string{

View file

@ -1,23 +0,0 @@
package tls
import (
"net/url"
"k8s.io/client-go/rest"
)
// certificateProps Properties of TLS certificate which should be issued for webhook server
type certificateProps struct {
apiServerHost string
}
// newCertificateProps creates CertificateProps from a *rest.Config
func newCertificateProps(configuration *rest.Config) (*certificateProps, error) {
apiServerURL, err := url.Parse(configuration.Host)
if err != nil {
return nil, err
}
return &certificateProps{
apiServerHost: apiServerURL.Hostname(),
}, nil
}

View file

@ -7,14 +7,12 @@ import (
"fmt"
"time"
"github.com/go-logr/logr"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
"github.com/kyverno/kyverno/pkg/config"
controllerutils "github.com/kyverno/kyverno/pkg/utils/controller"
corev1 "k8s.io/api/core/v1"
apierrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/rest"
)
const (
@ -37,24 +35,18 @@ type CertRenewer struct {
certRenewalInterval time.Duration
caValidityDuration time.Duration
tlsValidityDuration time.Duration
certProps *certificateProps
// IP address where Kyverno controller runs. Only required if out-of-cluster.
serverIP string
}
// NewCertRenewer returns an instance of CertRenewer
func NewCertRenewer(client controllerutils.ObjectClient[*corev1.Secret], clientConfig *rest.Config, certRenewalInterval, caValidityDuration, tlsValidityDuration time.Duration, serverIP string, log logr.Logger) (*CertRenewer, error) {
certProps, err := newCertificateProps(clientConfig)
if err != nil {
return nil, err
}
func NewCertRenewer(client controllerutils.ObjectClient[*corev1.Secret], certRenewalInterval, caValidityDuration, tlsValidityDuration time.Duration, serverIP string) (*CertRenewer, error) {
return &CertRenewer{
client: client,
certRenewalInterval: certRenewalInterval,
caValidityDuration: caValidityDuration,
tlsValidityDuration: tlsValidityDuration,
certProps: certProps,
serverIP: serverIP,
}, nil
}
@ -125,7 +117,7 @@ func (c *CertRenewer) RenewTLS() error {
logger.Error(err, "tls is not valid but certificates are not managed by kyverno, we can't renew them")
return err
}
tlsKey, tlsCert, err := generateTLS(c.certProps, c.serverIP, caCerts[len(caCerts)-1], caKey, c.tlsValidityDuration)
tlsKey, tlsCert, err := generateTLS(c.serverIP, caCerts[len(caCerts)-1], caKey, c.tlsValidityDuration)
if err != nil {
logger.Error(err, "failed to generate TLS")
return err