-
Notifications
You must be signed in to change notification settings - Fork 0
/
helper.go
89 lines (74 loc) · 2.38 KB
/
helper.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
package tls
import (
"crypto/x509/pkix"
"fmt"
"net"
"path/filepath"
"github.com/apparentlymart/go-cidr/cidr"
"github.com/openshift/installer/pkg/types"
)
const (
tlsDir = "tls"
)
func assetFilePath(filename string) string {
return filepath.Join(tlsDir, filename)
}
func getBaseAddress(cfg *types.InstallConfig) string {
return fmt.Sprintf("%s.%s", cfg.Name, cfg.BaseDomain)
}
func cidrhost(network net.IPNet, hostNum int) (string, error) {
ip, err := cidr.Host(&network, hostNum)
if err != nil {
return "", err
}
return ip.String(), nil
}
func genSubjectForIngressCertKey(cfg *types.InstallConfig) (pkix.Name, error) {
return pkix.Name{CommonName: getBaseAddress(cfg), Organization: []string{"ingress"}}, nil
}
func genDNSNamesForIngressCertKey(cfg *types.InstallConfig) ([]string, error) {
baseAddress := getBaseAddress(cfg)
return []string{
baseAddress,
fmt.Sprintf("*.%s", baseAddress),
}, nil
}
func genDNSNamesForAPIServerCertKey(cfg *types.InstallConfig) ([]string, error) {
return []string{
fmt.Sprintf("%s-api.%s", cfg.Name, cfg.BaseDomain),
"kubernetes", "kubernetes.default",
"kubernetes.default.svc",
"kubernetes.default.svc.cluster.local",
"localhost",
}, nil
}
func genIPAddressesForAPIServerCertKey(cfg *types.InstallConfig) ([]net.IP, error) {
apiServerAddress, err := cidrhost(cfg.Networking.ServiceCIDR.IPNet, 1)
if err != nil {
return nil, err
}
return []net.IP{net.ParseIP(apiServerAddress), net.ParseIP("127.0.0.1")}, nil
}
func genDNSNamesForOpenshiftAPIServerCertKey(cfg *types.InstallConfig) ([]string, error) {
return []string{
fmt.Sprintf("%s-api.%s", cfg.Name, cfg.BaseDomain),
"openshift-apiserver",
"openshift-apiserver.kube-system",
"openshift-apiserver.kube-system.svc",
"openshift-apiserver.kube-system.svc.cluster.local",
"localhost", "127.0.0.1",
}, nil
}
func genIPAddressesForOpenshiftAPIServerCertKey(cfg *types.InstallConfig) ([]net.IP, error) {
apiServerAddress, err := cidrhost(cfg.Networking.ServiceCIDR.IPNet, 1)
if err != nil {
return nil, err
}
return []net.IP{net.ParseIP(apiServerAddress)}, nil
}
func genDNSNamesForMCSCertKey(cfg *types.InstallConfig) ([]string, error) {
return []string{fmt.Sprintf("%s-api.%s", cfg.Name, cfg.BaseDomain)}, nil
}
func genSubjectForMCSCertKey(cfg *types.InstallConfig) (pkix.Name, error) {
return pkix.Name{CommonName: fmt.Sprintf("%s-api.%s", cfg.Name, cfg.BaseDomain)}, nil
}