91 lines
2.3 KiB
Go
91 lines
2.3 KiB
Go
package cert
|
|
|
|
import (
|
|
"fmt"
|
|
"net"
|
|
"os"
|
|
"testing"
|
|
"time"
|
|
|
|
certutil "k8s.io/client-go/util/cert"
|
|
|
|
"github.com/karmada-io/karmada/pkg/karmadactl/cmdinit/utils"
|
|
)
|
|
|
|
const (
|
|
TestCertsTmp = "./test-certs-tmp"
|
|
)
|
|
|
|
func TestGenCerts(t *testing.T) {
|
|
defer os.RemoveAll(TestCertsTmp)
|
|
|
|
notAfter := time.Now().Add(Duration365d * 10).UTC()
|
|
namespace := "kube-karmada"
|
|
flagsExternalIP := ""
|
|
masterIP := "192.168.1.1,192.168.1.2"
|
|
|
|
var etcdServerCertDNS = []string{
|
|
"localhost",
|
|
}
|
|
|
|
for i := 0; i < 3; i++ {
|
|
etcdServerCertDNS = append(etcdServerCertDNS, fmt.Sprintf("%s-%v.%s.%s.svc.cluster.local", "etcd", i, "etcd", namespace))
|
|
}
|
|
|
|
etcdServerAltNames := certutil.AltNames{
|
|
DNSNames: etcdServerCertDNS,
|
|
IPs: []net.IP{utils.StringToNetIP("127.0.0.1")},
|
|
}
|
|
etcdServerCertConfig := NewCertConfig("karmada-etcd-server", []string{"karmada"}, etcdServerAltNames, ¬After)
|
|
|
|
etcdClientCertCfg := NewCertConfig("karmada-etcd-client", []string{"karmada"}, certutil.AltNames{}, ¬After)
|
|
|
|
var karmadaDNS = []string{
|
|
"localhost",
|
|
"kubernetes",
|
|
"kubernetes.default",
|
|
"kubernetes.default.svc",
|
|
"karmada-apiserver",
|
|
"karmada-webhook",
|
|
fmt.Sprintf("%s.%s.svc.cluster.local", "karmada-apiserver", namespace),
|
|
fmt.Sprintf("%s.%s.svc.cluster.local", "karmada-webhook", namespace),
|
|
fmt.Sprintf("*.%s.svc.cluster.local", namespace),
|
|
fmt.Sprintf("*.%s.svc", namespace),
|
|
}
|
|
if hostName, err := os.Hostname(); err != nil {
|
|
fmt.Println("Failed to get the current hostname.", err)
|
|
} else {
|
|
karmadaDNS = append(karmadaDNS, hostName)
|
|
}
|
|
|
|
ips := utils.FlagsIP(flagsExternalIP)
|
|
ips = append(ips, utils.FlagsIP(masterIP)...)
|
|
|
|
internetIP, err := utils.InternetIP()
|
|
if err != nil {
|
|
fmt.Println("Failed to obtain internet IP. ", err)
|
|
} else {
|
|
ips = append(ips, internetIP)
|
|
}
|
|
|
|
ips = append(
|
|
ips,
|
|
utils.StringToNetIP("127.0.0.1"),
|
|
utils.StringToNetIP("10.254.0.1"),
|
|
)
|
|
|
|
fmt.Println("karmada certificate ip ", ips)
|
|
|
|
karmadaAltNames := certutil.AltNames{
|
|
DNSNames: karmadaDNS,
|
|
IPs: ips,
|
|
}
|
|
|
|
karmadaCertCfg := NewCertConfig("system:admin", []string{"system:masters"}, karmadaAltNames, ¬After)
|
|
frontProxyClientCertCfg := NewCertConfig("front-proxy-client", []string{"karmada"}, certutil.AltNames{}, ¬After)
|
|
|
|
if err := GenCerts(TestCertsTmp, etcdServerCertConfig, etcdClientCertCfg, karmadaCertCfg, frontProxyClientCertCfg); err != nil {
|
|
fmt.Println(err)
|
|
}
|
|
}
|