Rename the "ca" keyset to "kubernetes-ca"

cmd/kops/create_keypair.go

@@ -80,8 +80,8 @@ type CreateKeypairOptions struct {
 
 var rotatableKeysets = sets.NewString(
 	"apiserver-aggregator-ca",
-	"ca",
 	"etcd-clients-ca-cilium",
+	"kubernetes-ca",
 	"service-account",
 )
 
@@ -177,7 +177,7 @@ func RunCreateKeypair(ctx context.Context, f *util.Factory, out io.Writer, optio
 		}
 
 		commonName := options.Keyset
-		if commonName == "ca" {
+		if commonName == "kubernetes-ca" {
 			commonName = "kubernetes"
 		}
 		req := pki.IssueCertRequest{

nodeup/pkg/model/kubelet_test.go

@@ -288,8 +288,8 @@ func BuildNodeupModelContext(model *testutils.Model) (*NodeupModelContext, error
 	}
 
 	// Are we mocking out too much of the apply_cluster logic?
-	nodeupModelContext.NodeupConfig.CAs["ca"] = dummyCertificate + nextCertificate
-	nodeupModelContext.NodeupConfig.KeypairIDs["ca"] = "3"
+	nodeupModelContext.NodeupConfig.CAs["kubernetes-ca"] = dummyCertificate + nextCertificate
+	nodeupModelContext.NodeupConfig.KeypairIDs["kubernetes-ca"] = "3"
 
 	if nodeupModelContext.NodeupConfig.APIServerConfig != nil {
 		saPublicKeys, _ := rotatingPrivateKeyset().ToPublicKeys()
@@ -379,15 +379,15 @@ func RunGoldenTest(t *testing.T, basedir string, key string, builder func(*Nodeu
 	keystore.T = t
 	saKeyset, _ := rotatingPrivateKeyset().ToAPIObject("service-account", true)
 	keystore.privateKeysets = map[string]*kops.Keyset{
-		"ca":                      simplePrivateKeyset(dummyCertificate, dummyKey),
+		"kubernetes-ca":           simplePrivateKeyset(dummyCertificate, dummyKey),
 		"apiserver-aggregator-ca": simplePrivateKeyset(dummyCertificate, dummyKey),
 		"kube-controller-manager": simplePrivateKeyset(dummyCertificate, dummyKey),
 		"kube-proxy":              simplePrivateKeyset(dummyCertificate, dummyKey),
 		"kube-scheduler":          simplePrivateKeyset(dummyCertificate, dummyKey),
 		"service-account":         saKeyset,
 	}
 	keystore.certs = map[string]*pki.Certificate{
-		"ca":                      mustParseCertificate(dummyCertificate),
+		"kubernetes-ca":           mustParseCertificate(dummyCertificate),
 		"apiserver-aggregator-ca": mustParseCertificate(dummyCertificate),
 		"kube-controller-manager": mustParseCertificate(dummyCertificate),
 		"kube-proxy":              mustParseCertificate(dummyCertificate),

nodeup/pkg/model/tests/golden/awsiam/tasks-kube-apiserver.yaml

@@ -200,7 +200,7 @@ contents:
     alternateNames:
     - localhost
     - 127.0.0.1
-    signer: ca
+    signer: kubernetes-ca
     subject:
       CommonName: aws-iam-authenticator
     type: server
@@ -216,7 +216,7 @@ contents:
     alternateNames:
     - localhost
     - 127.0.0.1
-    signer: ca
+    signer: kubernetes-ca
     subject:
       CommonName: aws-iam-authenticator
     type: server
@@ -300,7 +300,7 @@ type: file
 contents:
   task:
     Name: kubelet-api
-    signer: ca
+    signer: kubernetes-ca
     subject:
       CommonName: kubelet-api
     type: client
@@ -311,7 +311,7 @@ type: file
 contents:
   task:
     Name: kubelet-api
-    signer: ca
+    signer: kubernetes-ca
     subject:
       CommonName: kubelet-api
     type: client
@@ -335,7 +335,7 @@ Name: aws-iam-authenticator
 alternateNames:
 - localhost
 - 127.0.0.1
-signer: ca
+signer: kubernetes-ca
 subject:
   CommonName: aws-iam-authenticator
 type: server
@@ -347,7 +347,7 @@ subject:
 type: client
 ---
 Name: kubelet-api
-signer: ca
+signer: kubernetes-ca
 subject:
   CommonName: kubelet-api
 type: client

nodeup/pkg/model/tests/golden/dedicated-apiserver/tasks-kube-apiserver.yaml

@@ -240,7 +240,7 @@ type: file
 contents:
   task:
     Name: kubelet-api
-    signer: ca
+    signer: kubernetes-ca
     subject:
       CommonName: kubelet-api
     type: client
@@ -251,7 +251,7 @@ type: file
 contents:
   task:
     Name: kubelet-api
-    signer: ca
+    signer: kubernetes-ca
     subject:
       CommonName: kubelet-api
     type: client
@@ -278,7 +278,7 @@ subject:
 type: client
 ---
 Name: kubelet-api
-signer: ca
+signer: kubernetes-ca
 subject:
   CommonName: kubelet-api
 type: client

nodeup/pkg/model/tests/golden/minimal/tasks-kops-controller.yaml

@@ -2,6 +2,34 @@ mode: "0755"
 path: /etc/kubernetes/kops-controller
 type: directory
 ---
+contents:
+  task:
+    Name: kops-controller
+    alternateNames:
+    - kops-controller.internal.minimal.example.com
+    signer: kubernetes-ca
+    subject:
+      CommonName: kops-controller
+    type: server
+mode: "0644"
+owner: kops-controller
+path: /etc/kubernetes/kops-controller/kops-controller.crt
+type: file
+---
+contents:
+  task:
+    Name: kops-controller
+    alternateNames:
+    - kops-controller.internal.minimal.example.com
+    signer: kubernetes-ca
+    subject:
+      CommonName: kops-controller
+    type: server
+mode: "0600"
+owner: kops-controller
+path: /etc/kubernetes/kops-controller/kops-controller.key
+type: file
+---
 contents: |
   -----BEGIN CERTIFICATE-----
   MIIC2DCCAcCgAwIBAgIRALJXAkVj964tq67wMSI8oJQwDQYJKoZIhvcNAQELBQAw
@@ -23,7 +51,7 @@ contents: |
   -----END CERTIFICATE-----
 mode: "0600"
 owner: kops-controller
-path: /etc/kubernetes/kops-controller/ca.crt
+path: /etc/kubernetes/kops-controller/kubernetes-ca.crt
 type: file
 ---
 contents: |
@@ -56,41 +84,13 @@ contents: |
   -----END RSA PRIVATE KEY-----
 mode: "0600"
 owner: kops-controller
-path: /etc/kubernetes/kops-controller/ca.key
-type: file
----
-contents:
-  task:
-    Name: kops-controller
-    alternateNames:
-    - kops-controller.internal.minimal.example.com
-    signer: ca
-    subject:
-      CommonName: kops-controller
-    type: server
-mode: "0644"
-owner: kops-controller
-path: /etc/kubernetes/kops-controller/kops-controller.crt
-type: file
----
-contents:
-  task:
-    Name: kops-controller
-    alternateNames:
-    - kops-controller.internal.minimal.example.com
-    signer: ca
-    subject:
-      CommonName: kops-controller
-    type: server
-mode: "0600"
-owner: kops-controller
-path: /etc/kubernetes/kops-controller/kops-controller.key
+path: /etc/kubernetes/kops-controller/kubernetes-ca.key
 type: file
 ---
 Name: kops-controller
 alternateNames:
 - kops-controller.internal.minimal.example.com
-signer: ca
+signer: kubernetes-ca
 subject:
   CommonName: kops-controller
 type: server

nodeup/pkg/model/tests/golden/minimal/tasks-kube-apiserver.yaml

@@ -240,7 +240,7 @@ type: file
 contents:
   task:
     Name: kubelet-api
-    signer: ca
+    signer: kubernetes-ca
     subject:
       CommonName: kubelet-api
     type: client
@@ -251,7 +251,7 @@ type: file
 contents:
   task:
     Name: kubelet-api
-    signer: ca
+    signer: kubernetes-ca
     subject:
       CommonName: kubelet-api
     type: client
@@ -278,7 +278,7 @@ subject:
 type: client
 ---
 Name: kubelet-api
-signer: ca
+signer: kubernetes-ca
 subject:
   CommonName: kubelet-api
 type: client

nodeup/pkg/model/tests/golden/minimal/tasks-kube-controller-manager.yaml

@@ -219,21 +219,21 @@ contents:
     CA:
       task:
         Name: kube-controller-manager
-        signer: ca
+        signer: kubernetes-ca
         subject:
           CommonName: system:kube-controller-manager
         type: client
     Cert:
       task:
         Name: kube-controller-manager
-        signer: ca
+        signer: kubernetes-ca
         subject:
           CommonName: system:kube-controller-manager
         type: client
     Key:
       task:
         Name: kube-controller-manager
-        signer: ca
+        signer: kubernetes-ca
         subject:
           CommonName: system:kube-controller-manager
         type: client
@@ -250,29 +250,29 @@ path: /var/log/kube-controller-manager.log
 type: file
 ---
 Name: kube-controller-manager
-signer: ca
+signer: kubernetes-ca
 subject:
   CommonName: system:kube-controller-manager
 type: client
 ---
 CA:
   task:
     Name: kube-controller-manager
-    signer: ca
+    signer: kubernetes-ca
     subject:
       CommonName: system:kube-controller-manager
     type: client
 Cert:
   task:
     Name: kube-controller-manager
-    signer: ca
+    signer: kubernetes-ca
     subject:
       CommonName: system:kube-controller-manager
     type: client
 Key:
   task:
     Name: kube-controller-manager
-    signer: ca
+    signer: kubernetes-ca
     subject:
       CommonName: system:kube-controller-manager
     type: client

nodeup/pkg/model/tests/golden/minimal/tasks-kube-proxy.yaml

@@ -79,21 +79,21 @@ contents:
     CA:
       task:
         Name: kube-proxy
-        signer: ca
+        signer: kubernetes-ca
         subject:
           CommonName: system:kube-proxy
         type: client
     Cert:
       task:
         Name: kube-proxy
-        signer: ca
+        signer: kubernetes-ca
         subject:
           CommonName: system:kube-proxy
         type: client
     Key:
       task:
         Name: kube-proxy
-        signer: ca
+        signer: kubernetes-ca
         subject:
           CommonName: system:kube-proxy
         type: client
@@ -110,29 +110,29 @@ path: /var/log/kube-proxy.log
 type: file
 ---
 Name: kube-proxy
-signer: ca
+signer: kubernetes-ca
 subject:
   CommonName: system:kube-proxy
 type: client
 ---
 CA:
   task:
     Name: kube-proxy
-    signer: ca
+    signer: kubernetes-ca
     subject:
       CommonName: system:kube-proxy
     type: client
 Cert:
   task:
     Name: kube-proxy
-    signer: ca
+    signer: kubernetes-ca
     subject:
       CommonName: system:kube-proxy
     type: client
 Key:
   task:
     Name: kube-proxy
-    signer: ca
+    signer: kubernetes-ca
     subject:
       CommonName: system:kube-proxy
     type: client