-
Notifications
You must be signed in to change notification settings - Fork 24
/
build.go
77 lines (63 loc) · 1.74 KB
/
build.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
package certrotation
import (
"fmt"
"time"
"k8s.io/apiserver/pkg/authentication/user"
"sigs.k8s.io/controller-runtime/pkg/client"
configv1alpha1 "github.com/grafana/tempo-operator/apis/config/v1alpha1"
)
var defaultUserInfo = &user.DefaultInfo{Name: "system:tempostacks", Groups: []string{"system:logging"}}
// BuildAll builds all secrets and configmaps containing
// CA certificates, CA bundles and client certificates for
// a TempoStack.
func BuildAll(opts Options) ([]client.Object, error) {
res := make([]client.Object, 0)
obj, err := buildSigningCASecret(&opts)
if err != nil {
return nil, err
}
res = append(res, obj)
obj, err = buildCABundle(&opts)
if err != nil {
return nil, err
}
res = append(res, obj)
objs, err := buildTargetCertKeyPairSecrets(opts)
if err != nil {
return nil, err
}
res = append(res, objs...)
return res, nil
}
// ApplyDefaultSettings merges the default options with the ones we give.
func ApplyDefaultSettings(opts *Options, cfg configv1alpha1.BuiltInCertManagement) error {
rotation, err := ParseRotation(cfg)
if err != nil {
return err
}
opts.Rotation = rotation
clock := time.Now
opts.Signer.Rotation = signerRotation{
Clock: clock,
}
if opts.Certificates == nil {
opts.Certificates = make(map[string]SelfSignedCertKey)
}
for service, name := range ComponentCertSecretNames(opts.StackName) {
r := certificateRotation{
Clock: clock,
UserInfo: defaultUserInfo,
Hostnames: []string{
fmt.Sprintf("%s.%s.svc.cluster.local", service, opts.StackNamespace),
fmt.Sprintf("%s.%s.svc", service, opts.StackNamespace),
},
}
cert, ok := opts.Certificates[name]
if !ok {
cert = SelfSignedCertKey{}
}
cert.Rotation = r
opts.Certificates[name] = cert
}
return nil
}