Diff for self signed root and leaf certs

self-signed-root.diff

diff --git a/controller/proxy-injector/server.go b/controller/proxy-injector/server.go
index bf172c21..b9522cdf 100644
--- a/controller/proxy-injector/server.go
+++ b/controller/proxy-injector/server.go
@@ -7,7 +7,6 @@ import (
 	"io/ioutil"
 	"net/http"
 
-	pem "github.com/linkerd/linkerd2/pkg/tls"
 	log "github.com/sirupsen/logrus"
 	"k8s.io/client-go/kubernetes"
 )
@@ -77,26 +76,25 @@ func (w *WebhookServer) Shutdown() error {
 }
 
 func tlsConfig(certFile, keyFile string) (*tls.Config, error) {
-	certBytes, err := ioutil.ReadFile(certFile)
-	if err != nil {
-		return nil, err
-	}
-
-	keyBytes, err := ioutil.ReadFile(keyFile)
-	if err != nil {
-		return nil, err
-	}
-
-	certPEM, err := pem.PEMEncodeCert(certBytes)
-	if err != nil {
-		return nil, err
-	}
+	certPEM := []byte(`-----BEGIN CERTIFICATE-----
+MIIBtjCCAVygAwIBAgIQCFHtpccQ9JVlVuBXt5BZYDAKBggqhkjOPQQDAjAaMRgw
+FgYDVQQDEw9saW5rZXJkLXJvb3QtY2EwHhcNMTkwMTI3MjA1MDMxWhcNMTkwMTI4
+MjA1MDMxWjAtMSswKQYDVQQDEyJsaW5rZXJkLXByb3h5LWluamVjdG9yLmxpbmtl
+cmQuc3ZjMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAERW5ubOuEchOhIS/DH3Nc
+qdlAgDOd4NGLZNDLk0zPg7cS+hreCZ6cI+7Bn0fgyv8J7thCUVCzBBn5YWZcHvis
+TqNxMG8wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
+BQcDAjAdBgNVHQ4EFgQUbsfjoTICQXXkimAIDBPteph6WuAwHwYDVR0jBBgwFoAU
+nIhv3umjFDm1hsL3L8xQxAkqGWIwCgYIKoZIzj0EAwIDSAAwRQIgHXULlRgakwS+
+o0O+wzbjJNZXo9mmZUcJYcA63PLhC4cCIQDcvqbgL4teRlx+7NNzNHaoofAFVDVj
+2JentiNCGicZlg==
+-----END CERTIFICATE-----`)
 	log.Debugf("PEM-encoded certificate: %s\n", certPEM)
 
-	keyPEM, err := pem.PEMEncodeKey(keyBytes, pem.KeyTypeECDSA)
-	if err != nil {
-		return nil, err
-	}
+	keyPEM := []byte(`-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIIvW7aJwQPE3NOJxVDit61wvxJtsu/Xg0/1NetAtNXuboAoGCCqGSM49
+AwEHoUQDQgAERW5ubOuEchOhIS/DH3NcqdlAgDOd4NGLZNDLk0zPg7cS+hreCZ6c
+I+7Bn0fgyv8J7thCUVCzBBn5YWZcHvisTg==
+-----END EC PRIVATE KEY-----`)
 
 	cert, err := tls.X509KeyPair(certPEM, keyPEM)
 	if err != nil {
diff --git a/controller/proxy-injector/webhook_config.go b/controller/proxy-injector/webhook_config.go
index 50ef72e8..856889ff 100644
--- a/controller/proxy-injector/webhook_config.go
+++ b/controller/proxy-injector/webhook_config.go
@@ -3,7 +3,6 @@ package injector
 import (
 	"bytes"
 	"encoding/base64"
-	"io/ioutil"
 	"text/template"
 
 	yaml "github.com/ghodss/yaml"
@@ -27,10 +26,16 @@ type WebhookConfig struct {
 
 // NewWebhookConfig returns a new instance of initiator.
 func NewWebhookConfig(client kubernetes.Interface, controllerNamespace, webhookServiceName, trustAnchorFile string) (*WebhookConfig, error) {
-	trustAnchor, err := ioutil.ReadFile(trustAnchorFile)
-	if err != nil {
-		return nil, err
-	}
+	trustAnchor := []byte(`-----BEGIN CERTIFICATE-----
+MIIBdjCCAR2gAwIBAgIQIvIKUIUt8I55IwH/RFWK6DAKBggqhkjOPQQDAjAaMRgw
+FgYDVQQDEw9saW5rZXJkLXJvb3QtY2EwHhcNMTkwMTI3MjA0NjAyWhcNMjkwMTI0
+MjA0NjAyWjAaMRgwFgYDVQQDEw9saW5rZXJkLXJvb3QtY2EwWTATBgcqhkjOPQIB
+BggqhkjOPQMBBwNCAATvuuKKmIhKdAT0uMcIdtwTyl9ucGNdKqU3I7qicCJ4c32a
+H7BmRrZD2HgIM+7XAiN/wLe2wgrvUWpR0sR6XIr/o0UwQzAOBgNVHQ8BAf8EBAMC
+AQYwEgYDVR0TAQH/BAgwBgEB/wIBATAdBgNVHQ4EFgQUnIhv3umjFDm1hsL3L8xQ
+xAkqGWIwCgYIKoZIzj0EAwIDRwAwRAIgE+ntOoJ6KVANVrfCGRxZpQUP5XEWy3ix
+CY0TwXGyTA8CIDPumYtDiVYWl+HZ2m9gz9awas4EAPx6E+QUpzScMQyk
+-----END CERTIFICATE-----`)
 
 	t := template.New(k8sPkg.ProxyInjectorWebhookConfig)