From 52c1d665cf20e8fd91649060c0aa0dd25d267579 Mon Sep 17 00:00:00 2001
From: Saverio Proto <zioproto@gmail.com>
Date: Thu, 18 Jan 2018 22:46:46 +0100
Subject: [PATCH] There is now a easier solution to create TLS certs. (#176)

* There is now a easier solution to create TLS certs.

https://github.com/kubernetes/kubernetes/issues/14017

* Change secret target from Makefile. Use keys target

* Remove BUILD file
---
 staging/https-nginx/BUILD          | 40 -----------------
 staging/https-nginx/Makefile       |  3 --
 staging/https-nginx/README.md      |  6 +--
 staging/https-nginx/make_secret.go | 70 ------------------------------
 4 files changed, 3 insertions(+), 116 deletions(-)
 delete mode 100644 staging/https-nginx/BUILD
 delete mode 100644 staging/https-nginx/make_secret.go

diff --git a/staging/https-nginx/BUILD b/staging/https-nginx/BUILD
deleted file mode 100644
index b8cd0357..00000000
--- a/staging/https-nginx/BUILD
+++ /dev/null
@@ -1,40 +0,0 @@
-package(default_visibility = ["//visibility:public"])
-
-licenses(["notice"])
-
-load(
-    "@io_bazel_rules_go//go:def.bzl",
-    "go_binary",
-    "go_library",
-)
-
-go_binary(
-    name = "https-nginx",
-    library = ":go_default_library",
-    tags = ["automanaged"],
-)
-
-go_library(
-    name = "go_default_library",
-    srcs = ["make_secret.go"],
-    tags = ["automanaged"],
-    deps = [
-        "//pkg/api:go_default_library",
-        "//pkg/api/install:go_default_library",
-        "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
-        "//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
-    ],
-)
-
-filegroup(
-    name = "package-srcs",
-    srcs = glob(["**"]),
-    tags = ["automanaged"],
-    visibility = ["//visibility:private"],
-)
-
-filegroup(
-    name = "all-srcs",
-    srcs = [":package-srcs"],
-    tags = ["automanaged"],
-)
diff --git a/staging/https-nginx/Makefile b/staging/https-nginx/Makefile
index f8203dca..ecd42189 100644
--- a/staging/https-nginx/Makefile
+++ b/staging/https-nginx/Makefile
@@ -24,9 +24,6 @@ keys:
 	# The CName used here is specific to the service specified in nginx-app.yaml.
 	openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout $(KEY) -out $(CERT) -subj "/CN=nginxsvc/O=nginxsvc"
 
-secret:
-	go run make_secret.go -crt $(CERT) -key $(KEY) > $(SECRET)
-
 container:
 	docker build --pull -t $(PREFIX):$(TAG) .
 
diff --git a/staging/https-nginx/README.md b/staging/https-nginx/README.md
index a64b04ab..064b0f2e 100644
--- a/staging/https-nginx/README.md
+++ b/staging/https-nginx/README.md
@@ -6,10 +6,10 @@ It uses an [nginx server block](http://wiki.nginx.org/ServerBlockExample) to ser
 
 ### Generate certificates
 
-First generate a self signed rsa key and certificate that the server can use for TLS. This step invokes the make_secret.go script in the same directory, which uses the kubernetes api to generate a secret json config in /tmp/secret.json.
+First generate a self signed rsa key and certificate that the server can use for TLS.
 
 ```sh
-$ make keys secret KEY=/tmp/nginx.key CERT=/tmp/nginx.crt SECRET=/tmp/secret.json
+$ make keys KEY=/tmp/nginx.key CERT=/tmp/nginx.crt
 ```
 
 ### Create a https nginx application running in a kubernetes cluster
@@ -19,7 +19,7 @@ You need a [running kubernetes cluster](../../docs/getting-started-guides/) for
 Create a secret and a configmap.
 
 ```sh
-$ kubectl create -f /tmp/secret.json
+$ kubectl create secret tls nginxsecret --key /tmp/nginx.key --cert /tmp/nginx.crt
 secret "nginxsecret" created
 
 $ kubectl create configmap nginxconfigmap --from-file=examples/https-nginx/default.conf
diff --git a/staging/https-nginx/make_secret.go b/staging/https-nginx/make_secret.go
deleted file mode 100644
index 8299b504..00000000
--- a/staging/https-nginx/make_secret.go
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
-Copyright 2015 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// A small script that converts the given open ssl public/private keys to
-// a secret that it writes to stdout as json. Most common use case is to
-// create a secret from self signed certificates used to authenticate with
-// a devserver. Usage: go run make_secret.go -crt ca.crt -key priv.key > secret.json
-package main
-
-import (
-	"flag"
-	"fmt"
-	"io/ioutil"
-	"log"
-
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/kubernetes/pkg/api"
-
-	// This installs the legacy v1 API
-	_ "k8s.io/kubernetes/pkg/api/install"
-)
-
-// TODO:
-// Add a -o flag that writes to the specified destination file.
-// Teach the script to create crt and key if -crt and -key aren't specified.
-var (
-	crt = flag.String("crt", "", "path to nginx certificates.")
-	key = flag.String("key", "", "path to nginx private key.")
-)
-
-func read(file string) []byte {
-	b, err := ioutil.ReadFile(file)
-	if err != nil {
-		log.Fatalf("Cannot read file %v, %v", file, err)
-	}
-	return b
-}
-
-func main() {
-	flag.Parse()
-	if *crt == "" || *key == "" {
-		log.Fatalf("Need to specify -crt -key and -template")
-	}
-	nginxCrt := read(*crt)
-	nginxKey := read(*key)
-	secret := &api.Secret{
-		ObjectMeta: metav1.ObjectMeta{
-			Name: "nginxsecret",
-		},
-		Data: map[string][]byte{
-			"nginx.crt": nginxCrt,
-			"nginx.key": nginxKey,
-		},
-	}
-	fmt.Printf(runtime.EncodeOrDie(api.Codecs.LegacyCodec(api.Registry.EnabledVersions()...), secret))
-}