client-go: extract new keyutil package from util/cert

[awly]

This package contains public/private key utilities copied directly from
client-go/util/cert. All imports were updated.

Future PRs will actually refactor the libraries.

Updates #71004

What type of PR is this?

Uncomment only one, leave it on its own line:

/kind api-change
/kind bug
/kind cleanup
/kind design
/kind documentation
/kind failing-test
/kind feature
/kind flake

What this PR does / why we need it:

Which issue(s) this PR fixes:

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

NONE

[awly]

/sig auth
/cc @mikedanese @liggitt

[neolit123]

thanks @awly
/approve
/priority important-longterm

[krmayankk]

@awly @neolit123 is the package name client-go/util/keyutil easily discoverable to mean private/public key utilities ?. Should this something like certkeyutil or just certkey or something more specific ? There are some guidelines here as well https://blog.golang.org/package-names

[neolit123]

@krmayankk
the name SGTM, but let's see if others have comments too.

[awly]

I plan to end up with client-go/util/keyutil and client-go/util/certutil (or x509util, not sure yet).

Clearly separating the two domains is valuable, otherwise it will turn back into what client-go/util/cert is now - a kitchen sink of anything related to x509/tls and asymmetric keys.

[fedebongio]

/assign @caesarxuchao @mikedanese

[caesarxuchao]

A quibble on the package name, otherwise lgtm.

/approve
I'll leave the lgtm to @mikedanese

[caesarxuchao]

I would have named the package as "key" instead of "keyutil", just like the "cert" package is not named as "certutil".

[awly]

My concern is that key has a much higher likelihood of name collision with types/vars.
You can see that https://github.com/kubernetes/kubernetes/search?q=k8s.io%2Fclient-go%2Futil%2Fcert+certutil&unscoped_q=k8s.io%2Fclient-go%2Futil%2Fcert+certutil cert package is frequently aliased to certutil for this reason.

[mourya007]

I guess retesting will work
/test pull-kubernetes-local-e2e-containerized

[awly]

Ping @mikedanese @smarterclayton

[mikedanese]

Thanks!

/lgtm
/approve
/retest

[mikedanese]

For approval.

/assign @liggitt

[awly]

Rebased.
Ping @liggitt for approval

[neolit123]

/skip
/retest

[k8s-ci-robot]

@awly: The following tests failed for commit 1845839, say /retest to rerun them:

Test name	Details	Rerun command
pull-kubernetes-e2e-kops-aws	402d8da7b0ea76b8e94ec30d985af4d3840bdc3a	link
pull-kubernetes-local-e2e-containerized	1845839	link

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[liggitt]

/retest
/approve

[liggitt]

/lgtm

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: awly, caesarxuchao, liggitt, mikedanese, neolit123

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• cmd/kube-apiserver/OWNERS [caesarxuchao,liggitt,mikedanese]
• cmd/kube-controller-manager/OWNERS [liggitt,mikedanese]
• cmd/kubeadm/OWNERS [liggitt,mikedanese,neolit123]
• cmd/kubelet/OWNERS [liggitt,mikedanese]
• pkg/kubeapiserver/authenticator/OWNERS [liggitt,mikedanese]
• pkg/kubelet/certificate/OWNERS [liggitt,mikedanese]
• pkg/serviceaccount/OWNERS [liggitt,mikedanese]
• staging/OWNERS [liggitt]
• test/OWNERS [liggitt,mikedanese]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment