Created
January 28, 2019 14:33
-
-
Save alpeb/fae1b5053a5b0e6cdc70ae2a516315b0 to your computer and use it in GitHub Desktop.
Diff for self signed root and leaf certs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/controller/proxy-injector/server.go b/controller/proxy-injector/server.go | |
index bf172c21..b9522cdf 100644 | |
--- a/controller/proxy-injector/server.go | |
+++ b/controller/proxy-injector/server.go | |
@@ -7,7 +7,6 @@ import ( | |
"io/ioutil" | |
"net/http" | |
- pem "github.com/linkerd/linkerd2/pkg/tls" | |
log "github.com/sirupsen/logrus" | |
"k8s.io/client-go/kubernetes" | |
) | |
@@ -77,26 +76,25 @@ func (w *WebhookServer) Shutdown() error { | |
} | |
func tlsConfig(certFile, keyFile string) (*tls.Config, error) { | |
- certBytes, err := ioutil.ReadFile(certFile) | |
- if err != nil { | |
- return nil, err | |
- } | |
- | |
- keyBytes, err := ioutil.ReadFile(keyFile) | |
- if err != nil { | |
- return nil, err | |
- } | |
- | |
- certPEM, err := pem.PEMEncodeCert(certBytes) | |
- if err != nil { | |
- return nil, err | |
- } | |
+ certPEM := []byte(`-----BEGIN CERTIFICATE----- | |
+MIIBtjCCAVygAwIBAgIQCFHtpccQ9JVlVuBXt5BZYDAKBggqhkjOPQQDAjAaMRgw | |
+FgYDVQQDEw9saW5rZXJkLXJvb3QtY2EwHhcNMTkwMTI3MjA1MDMxWhcNMTkwMTI4 | |
+MjA1MDMxWjAtMSswKQYDVQQDEyJsaW5rZXJkLXByb3h5LWluamVjdG9yLmxpbmtl | |
+cmQuc3ZjMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAERW5ubOuEchOhIS/DH3Nc | |
+qdlAgDOd4NGLZNDLk0zPg7cS+hreCZ6cI+7Bn0fgyv8J7thCUVCzBBn5YWZcHvis | |
+TqNxMG8wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF | |
+BQcDAjAdBgNVHQ4EFgQUbsfjoTICQXXkimAIDBPteph6WuAwHwYDVR0jBBgwFoAU | |
+nIhv3umjFDm1hsL3L8xQxAkqGWIwCgYIKoZIzj0EAwIDSAAwRQIgHXULlRgakwS+ | |
+o0O+wzbjJNZXo9mmZUcJYcA63PLhC4cCIQDcvqbgL4teRlx+7NNzNHaoofAFVDVj | |
+2JentiNCGicZlg== | |
+-----END CERTIFICATE-----`) | |
log.Debugf("PEM-encoded certificate: %s\n", certPEM) | |
- keyPEM, err := pem.PEMEncodeKey(keyBytes, pem.KeyTypeECDSA) | |
- if err != nil { | |
- return nil, err | |
- } | |
+ keyPEM := []byte(`-----BEGIN EC PRIVATE KEY----- | |
+MHcCAQEEIIvW7aJwQPE3NOJxVDit61wvxJtsu/Xg0/1NetAtNXuboAoGCCqGSM49 | |
+AwEHoUQDQgAERW5ubOuEchOhIS/DH3NcqdlAgDOd4NGLZNDLk0zPg7cS+hreCZ6c | |
+I+7Bn0fgyv8J7thCUVCzBBn5YWZcHvisTg== | |
+-----END EC PRIVATE KEY-----`) | |
cert, err := tls.X509KeyPair(certPEM, keyPEM) | |
if err != nil { | |
diff --git a/controller/proxy-injector/webhook_config.go b/controller/proxy-injector/webhook_config.go | |
index 50ef72e8..856889ff 100644 | |
--- a/controller/proxy-injector/webhook_config.go | |
+++ b/controller/proxy-injector/webhook_config.go | |
@@ -3,7 +3,6 @@ package injector | |
import ( | |
"bytes" | |
"encoding/base64" | |
- "io/ioutil" | |
"text/template" | |
yaml "github.com/ghodss/yaml" | |
@@ -27,10 +26,16 @@ type WebhookConfig struct { | |
// NewWebhookConfig returns a new instance of initiator. | |
func NewWebhookConfig(client kubernetes.Interface, controllerNamespace, webhookServiceName, trustAnchorFile string) (*WebhookConfig, error) { | |
- trustAnchor, err := ioutil.ReadFile(trustAnchorFile) | |
- if err != nil { | |
- return nil, err | |
- } | |
+ trustAnchor := []byte(`-----BEGIN CERTIFICATE----- | |
+MIIBdjCCAR2gAwIBAgIQIvIKUIUt8I55IwH/RFWK6DAKBggqhkjOPQQDAjAaMRgw | |
+FgYDVQQDEw9saW5rZXJkLXJvb3QtY2EwHhcNMTkwMTI3MjA0NjAyWhcNMjkwMTI0 | |
+MjA0NjAyWjAaMRgwFgYDVQQDEw9saW5rZXJkLXJvb3QtY2EwWTATBgcqhkjOPQIB | |
+BggqhkjOPQMBBwNCAATvuuKKmIhKdAT0uMcIdtwTyl9ucGNdKqU3I7qicCJ4c32a | |
+H7BmRrZD2HgIM+7XAiN/wLe2wgrvUWpR0sR6XIr/o0UwQzAOBgNVHQ8BAf8EBAMC | |
+AQYwEgYDVR0TAQH/BAgwBgEB/wIBATAdBgNVHQ4EFgQUnIhv3umjFDm1hsL3L8xQ | |
+xAkqGWIwCgYIKoZIzj0EAwIDRwAwRAIgE+ntOoJ6KVANVrfCGRxZpQUP5XEWy3ix | |
+CY0TwXGyTA8CIDPumYtDiVYWl+HZ2m9gz9awas4EAPx6E+QUpzScMQyk | |
+-----END CERTIFICATE-----`) | |
t := template.New(k8sPkg.ProxyInjectorWebhookConfig) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment