-
Notifications
You must be signed in to change notification settings - Fork 444
/
main.go
61 lines (51 loc) · 2.35 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
package main
import (
"context"
"os"
v1 "k8s.io/api/core/v1"
"github.com/solo-io/gloo/jobs/pkg/run"
"github.com/solo-io/gloo/projects/gloo/cli/pkg/constants"
"github.com/solo-io/go-utils/contextutils"
"github.com/solo-io/solo-kit/pkg/utils/statusutils"
"github.com/spf13/cobra"
)
func main() {
ctx := contextutils.WithLogger(context.Background(), "gencert")
if err := cmd(ctx).Execute(); err != nil {
contextutils.LoggerFrom(ctx).Fatal("execution failed")
}
}
func cmd(ctx context.Context) *cobra.Command {
var opts run.Options
cmd := &cobra.Command{
Use: "certgen",
Aliases: constants.PROXY_COMMAND.Aliases,
Short: "generate kube secrets with self-signed certs.",
Long: "generate kube secrets with self-signed certs. " +
"certgen can also patch admission webhook configurations with the matching ca bundle for the generated certs..",
RunE: func(cmd *cobra.Command, args []string) error {
return run.Run(ctx, opts)
},
}
pFlags := cmd.PersistentFlags()
podNamespace := os.Getenv(statusutils.PodNamespaceEnvName)
pFlags.StringVar(&opts.SvcName, "svc-name", "",
"name of the service for which to generate the certs")
pFlags.StringVar(&opts.SvcNamespace, "svc-namespace", podNamespace,
"namespace of the service for which to generate the certs")
pFlags.StringVar(&opts.SecretName, "secret-name", "",
"name of the secret to create which holds the certs")
pFlags.StringVar(&opts.SecretNamespace, "secret-namespace", podNamespace,
"namespace of the secret to create which holds the certs")
pFlags.StringVar(&opts.ServerCertSecretFileName, "secret-cert-name", v1.TLSCertKey,
"name of the server cert as it will be stored in the secret data")
pFlags.StringVar(&opts.ServerKeySecretFileName, "server-key-name", v1.TLSPrivateKeyKey,
"name of the server key as it will be stored in the secret data")
pFlags.StringVar(&opts.ServerCertAuthorityFileName, "server-ca-name", v1.ServiceAccountRootCAKey,
"name of the server cert authority as it will be stored in the secret data")
pFlags.StringVar(&opts.ValidatingWebhookConfigurationName, "validating-webhook-configuration-name", "",
"name of the ValidatingWebhookConfiguration to patch with the generated CA bundle. leave empty to skip this step.")
pFlags.BoolVar(&opts.ForceRotation, "force-rotation", false,
"if set, will create new certs even if the old one are still valid")
return cmd
}