Skip to content

Commit

Permalink
Merge pull request #13 from deads2k/self-signed
Browse files Browse the repository at this point in the history 
generate self-signed certificates for serving the cluster-policy-cont…
  • Loading branch information
@deads2k
deads2k committed Oct 17, 2019
2 parents 6057e16 + d995772 commit 69301f3
Showing 1 changed file with 22 additions and 3 deletions.
25 changes: 22 additions & 3 deletions pkg/cmd/controller/net.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,14 @@ package controller

import (
"crypto/tls"
"fmt"
"net"
"net/http"
"os"
"strings"
"time"

certutil "k8s.io/client-go/util/cert"
)

// tcpKeepAliveListener sets TCP keep-alive timeouts on accepted
Expand Down Expand Up @@ -43,9 +47,24 @@ func ListenAndServeTLS(srv *http.Server, network string, certFile, keyFile strin

var err error
config.Certificates = make([]tls.Certificate, 1)
config.Certificates[0], err = tls.LoadX509KeyPair(certFile, keyFile)
if err != nil {
return err

if _, err := os.Open(certFile); err == nil {
config.Certificates[0], err = tls.LoadX509KeyPair(certFile, keyFile)
if err != nil {
return err
}

} else if os.IsNotExist(err) {
// if the file doesn't exist, we will generate a serving cert/key pair
cert, key, err := certutil.GenerateSelfSignedCertKeyWithFixtures("localhost", nil, nil, "")
if err != nil {
return fmt.Errorf("unable to generate self signed cert: %v", err)
}

config.Certificates[0], err = tls.X509KeyPair(cert, key)
if err != nil {
return fmt.Errorf("unable to generate self signed cert: %v", err)
}
}

ln, err := net.Listen(network, addr)
Expand Down

0 comments on commit 69301f3

Please sign in to comment.