kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove "secret" from "kops create secret keypair ca"

This commit is contained in:
John Gardiner Myers 2021-04-17 16:18:22 -07:00
parent 04df5afb2e
commit 3793c92b94
11 changed files with 73 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cmd/kops/BUILD.bazel generated
View File

@ -7,12 +7,12 @@ go_library(
"create.go",
"create_cluster.go",
"create_ig.go",
"create_keypair.go",
"create_keypair_ca.go",
"create_secret.go",
"create_secret_cilium_encryptionconfig.go",
"create_secret_dockerconfig.go",
"create_secret_encryptionconfig.go",
"create_secret_keypair.go",
"create_secret_keypair_ca.go",
"create_secret_sshpublickey.go",
"create_secret_weave_encryptionconfig.go",
"delete.go",

5
cmd/kops/create.go
View File

@ -45,9 +45,9 @@ var (
createLong = templates.LongDesc(i18n.T(`
Create a resource:` + validResources +
`
Create a cluster, instancegroup or secret using command line parameters,
Create a cluster, instancegroup, keypair, or secret using command line parameters,
YAML configuration specification files, or stdin.
(Note: secrets cannot be created from YAML config files yet).
(Note: keypairs and secrets cannot be created from YAML config files yet).
`))
createExample = templates.Examples(i18n.T(`
@ -107,6 +107,7 @@ func NewCmdCreate(f *util.Factory, out io.Writer) *cobra.Command {
// create subcommands
cmd.AddCommand(NewCmdCreateCluster(f, out))
cmd.AddCommand(NewCmdCreateInstanceGroup(f, out))
cmd.AddCommand(NewCmdCreateKeypair(f, out))
cmd.AddCommand(NewCmdCreateSecret(f, out))
return cmd
}

24
cmd/kops/create_secret_keypair.go → cmd/kops/create_keypair.go
View File

@ -1,5 +1,5 @@
/*
Copyright 2019 The Kubernetes Authors.
Copyright 2021 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@ -26,29 +26,29 @@ import (
)
var (
createSecretKeypairLong = templates.LongDesc(i18n.T(`
Create a secret keypair`))
createKeypairLong = templates.LongDesc(i18n.T(`
Create a keypair`))
createSecretKeypairExample = templates.Examples(i18n.T(`
Add a ca certificate and private key.
kops create secret keypair ca \
createKeypairExample = templates.Examples(i18n.T(`
Add a cluster CA certificate and private key.
kops create keypair ca \
--cert ~/ca.pem --key ~/ca-key.pem \
--name k8s-cluster.example.com --state s3://my-state-store
`))
createSecretKeypairShort = i18n.T(`Create a secret keypair.`)
createKeypairShort = i18n.T(`Create a keypair.`)
)
func NewCmdCreateKeypairSecret(f *util.Factory, out io.Writer) *cobra.Command {
func NewCmdCreateKeypair(f *util.Factory, out io.Writer) *cobra.Command {
cmd := &cobra.Command{
Use: "keypair",
Short: createSecretKeypairShort,
Long: createSecretKeypairLong,
Example: createSecretKeypairExample,
Short: createKeypairShort,
Long: createKeypairLong,
Example: createKeypairExample,
}
// create subcommands
cmd.AddCommand(NewCmdCreateSecretCaCert(f, out))
cmd.AddCommand(NewCmdCreateKeypairCa(f, out))
return cmd
}

67
cmd/kops/create_secret_keypair_ca.go → cmd/kops/create_keypair_ca.go
View File

@ -21,7 +21,6 @@ import (
"fmt"
"io"
"io/ioutil"
"os"
"github.com/spf13/cobra"
"k8s.io/klog/v2"
@ -35,35 +34,35 @@ import (
)
var (
createSecretCacertLong = templates.LongDesc(i18n.T(`
Add a ca certificate and private key.
createKeypairCaLong = templates.LongDesc(i18n.T(`
Add a cluster CA certificate and private key.
`))
createSecretCacertExample = templates.Examples(i18n.T(`
Add a ca certificate and private key.
kops create secret keypair ca \
createKeypairCaExample = templates.Examples(i18n.T(`
Add a cluster CA certificate and private key.
kops create keypair ca \
--cert ~/ca.pem --key ~/ca-key.pem \
--name k8s-cluster.example.com --state s3://my-state-store
`))
createSecretCacertShort = i18n.T(`Add a ca cert and key`)
createKeypairCaShort = i18n.T(`Add a cluster CA cert and key`)
)
type CreateSecretCaCertOptions struct {
ClusterName string
CaPrivateKeyPath string
CaCertPath string
type CreateKeypairCaOptions struct {
ClusterName string
PrivateKeyPath string
CertPath string
}
// NewCmdCreateSecretCaCert returns create ca certificate command
func NewCmdCreateSecretCaCert(f *util.Factory, out io.Writer) *cobra.Command {
options := &CreateSecretCaCertOptions{}
// NewCmdCreateKeypairCa returns create ca certificate command
func NewCmdCreateKeypairCa(f *util.Factory, out io.Writer) *cobra.Command {
options := &CreateKeypairCaOptions{}
cmd := &cobra.Command{
Use: "ca",
Short: createSecretCacertShort,
Long: createSecretCacertLong,
Example: createSecretCacertExample,
Short: createKeypairCaShort,
Long: createKeypairCaLong,
Example: createKeypairCaExample,
Run: func(cmd *cobra.Command, args []string) {
ctx := context.TODO()
@ -74,26 +73,26 @@ func NewCmdCreateSecretCaCert(f *util.Factory, out io.Writer) *cobra.Command {
options.ClusterName = rootCommand.ClusterName()
err = RunCreateSecretCaCert(ctx, f, os.Stdout, options)
err = RunCreateKeypairCa(ctx, f, out, options)
if err != nil {
exitWithError(err)
}
},
}
cmd.Flags().StringVar(&options.CaCertPath, "cert", options.CaCertPath, "Path to ca cert")
cmd.Flags().StringVar(&options.CaPrivateKeyPath, "key", options.CaPrivateKeyPath, "Path to ca cert private key")
cmd.Flags().StringVar(&options.CertPath, "cert", options.CertPath, "Path to CA certificate")
cmd.Flags().StringVar(&options.PrivateKeyPath, "key", options.PrivateKeyPath, "Path to CA private key")
return cmd
}
// RunCreateSecretCaCert adds a custom ca certificate and private key
func RunCreateSecretCaCert(ctx context.Context, f *util.Factory, out io.Writer, options *CreateSecretCaCertOptions) error {
if options.CaCertPath == "" {
// RunCreateKeypairCa adds a custom ca certificate and private key
func RunCreateKeypairCa(ctx context.Context, f *util.Factory, out io.Writer, options *CreateKeypairCaOptions) error {
if options.CertPath == "" {
return fmt.Errorf("error cert provided")
}
if options.CaPrivateKeyPath == "" {
if options.PrivateKeyPath == "" {
return fmt.Errorf("error no private key provided")
}
@ -112,16 +111,16 @@ func RunCreateSecretCaCert(ctx context.Context, f *util.Factory, out io.Writer,
return fmt.Errorf("error getting keystore: %v", err)
}
options.CaCertPath = utils.ExpandPath(options.CaCertPath)
options.CaPrivateKeyPath = utils.ExpandPath(options.CaPrivateKeyPath)
options.CertPath = utils.ExpandPath(options.CertPath)
options.PrivateKeyPath = utils.ExpandPath(options.PrivateKeyPath)
certBytes, err := ioutil.ReadFile(options.CaCertPath)
certBytes, err := ioutil.ReadFile(options.CertPath)
if err != nil {
return fmt.Errorf("error reading user provided cert %q: %v", options.CaCertPath, err)
return fmt.Errorf("error reading user provided cert %q: %v", options.CertPath, err)
}
privateKeyBytes, err := ioutil.ReadFile(options.CaPrivateKeyPath)
privateKeyBytes, err := ioutil.ReadFile(options.PrivateKeyPath)
if err != nil {
return fmt.Errorf("error reading user provided private key %q: %v", options.CaPrivateKeyPath, err)
return fmt.Errorf("error reading user provided private key %q: %v", options.PrivateKeyPath, err)
}
privateKey, err := pki.ParsePEMPrivateKey(privateKeyBytes)
@ -130,7 +129,7 @@ func RunCreateSecretCaCert(ctx context.Context, f *util.Factory, out io.Writer,
}
cert, err := pki.ParsePEMCertificate(certBytes)
if err != nil {
return fmt.Errorf("error loading certificate %q: %v", options.CaCertPath, err)
return fmt.Errorf("error loading certificate %q: %v", options.CertPath, err)
}
serialString := cert.Certificate.SerialNumber.String()
@ -148,11 +147,11 @@ func RunCreateSecretCaCert(ctx context.Context, f *util.Factory, out io.Writer,
Primary: ki,
})
if err != nil {
return fmt.Errorf("error storing user provided keys %q %q: %v", options.CaCertPath, options.CaPrivateKeyPath, err)
return fmt.Errorf("error storing user provided keys %q %q: %v", options.CertPath, options.PrivateKeyPath, err)
}
klog.Infof("using user provided cert: %v\n", options.CaCertPath)
klog.Infof("using user provided private key: %v\n", options.CaPrivateKeyPath)
klog.Infof("using user provided cert: %v\n", options.CertPath)
klog.Infof("using user provided private key: %v\n", options.PrivateKeyPath)
return nil
}

1
cmd/kops/create_secret.go
View File

@ -56,7 +56,6 @@ func NewCmdCreateSecret(f *util.Factory, out io.Writer) *cobra.Command {
cmd.AddCommand(NewCmdCreateSecretPublicKey(f, out))
cmd.AddCommand(NewCmdCreateSecretDockerConfig(f, out))
cmd.AddCommand(NewCmdCreateSecretEncryptionConfig(f, out))
cmd.AddCommand(NewCmdCreateKeypairSecret(f, out))
cmd.AddCommand(NewCmdCreateSecretWeaveEncryptionConfig(f, out))
cmd.AddCommand(NewCmdCreateSecretCiliumEncryptionConfig(f, out))

8
cmd/kops/integration_test.go
View File

@ -480,12 +480,12 @@ func (i *integrationTest) runTest(t *testing.T, h *testutils.IntegrationTestHarn
}
if i.caKey {
options := &CreateSecretCaCertOptions{}
options := &CreateKeypairCaOptions{}
options.ClusterName = i.clusterName
options.CaPrivateKeyPath = path.Join(i.srcDir, "ca.key")
options.CaCertPath = path.Join(i.srcDir, "ca.crt")
options.PrivateKeyPath = path.Join(i.srcDir, "ca.key")
options.CertPath = path.Join(i.srcDir, "ca.crt")
err := RunCreateSecretCaCert(ctx, factory, &stdout, options)
err := RunCreateKeypairCa(ctx, factory, &stdout, options)
if err != nil {
t.Fatalf("error running %q create CA keypair: %v", inputYAML, err)
}

3
docs/cli/kops_create.md generated
View File

@ -13,7 +13,7 @@ Create a resource:
* instancegroup
* secret
Create a cluster, instancegroup or secret using command line parameters, YAML configuration specification files, or stdin. (Note: secrets cannot be created from YAML config files yet).
Create a cluster, instancegroup, keypair, or secret using command line parameters, YAML configuration specification files, or stdin. (Note: keypairs and secrets cannot be created from YAML config files yet).
```
kops create -f FILENAME [flags]
@ -79,5 +79,6 @@ kops create -f FILENAME [flags]
* [kops](kops.md) - kOps is Kubernetes Operations.
* [kops create cluster](kops_create_cluster.md) - Create a Kubernetes cluster.
* [kops create instancegroup](kops_create_instancegroup.md) - Create an instancegroup.
* [kops create keypair](kops_create_keypair.md) - Create a keypair.
* [kops create secret](kops_create_secret.md) - Create a secret.

14
docs/cli/kops_create_secret_keypair.md → docs/cli/kops_create_keypair.md generated
View File

@ -1,19 +1,19 @@
<!--- This file is automatically generated by make gen-cli-docs; changes should be made in the go CLI command code (under cmd/kops) -->
## kops create secret keypair
## kops create keypair
Create a secret keypair.
Create a keypair.
### Synopsis
Create a secret keypair
Create a keypair
### Examples
```
Add a ca certificate and private key.
kops create secret keypair ca \
Add a cluster CA certificate and private key.
kops create keypair ca \
--cert ~/ca.pem --key ~/ca-key.pem \
--name k8s-cluster.example.com --state s3://my-state-store
```
@ -47,6 +47,6 @@ Create a secret keypair
### SEE ALSO
* [kops create secret](kops_create_secret.md) - Create a secret.
* [kops create secret keypair ca](kops_create_secret_keypair_ca.md) - Add a ca cert and key
* [kops create](kops_create.md) - Create a resource by command line, filename or stdin.
* [kops create keypair ca](kops_create_keypair_ca.md) - Add a cluster CA cert and key

18
docs/cli/kops_create_secret_keypair_ca.md → docs/cli/kops_create_keypair_ca.md generated
View File

@ -1,23 +1,23 @@
<!--- This file is automatically generated by make gen-cli-docs; changes should be made in the go CLI command code (under cmd/kops) -->
## kops create secret keypair ca
## kops create keypair ca
Add a ca cert and key
Add a cluster CA cert and key
### Synopsis
Add a ca certificate and private key.
Add a cluster CA certificate and private key.
```
kops create secret keypair ca [flags]
kops create keypair ca [flags]
```
### Examples
```
Add a ca certificate and private key.
kops create secret keypair ca \
Add a cluster CA certificate and private key.
kops create keypair ca \
--cert ~/ca.pem --key ~/ca-key.pem \
--name k8s-cluster.example.com --state s3://my-state-store
```
@ -25,9 +25,9 @@ kops create secret keypair ca [flags]
### Options
```
--cert string Path to ca cert
--cert string Path to CA certificate
-h, --help help for ca
--key string Path to ca cert private key
--key string Path to CA private key
```
### Options inherited from parent commands
@ -53,5 +53,5 @@ kops create secret keypair ca [flags]
### SEE ALSO
* [kops create secret keypair](kops_create_secret_keypair.md) - Create a secret keypair.
* [kops create keypair](kops_create_keypair.md) - Create a keypair.

1
docs/cli/kops_create_secret.md generated
View File

@ -56,7 +56,6 @@ Create a secret
* [kops create secret ciliumpassword](kops_create_secret_ciliumpassword.md) - Create a cilium encryption key.
* [kops create secret dockerconfig](kops_create_secret_dockerconfig.md) - Create a docker config.
* [kops create secret encryptionconfig](kops_create_secret_encryptionconfig.md) - Create an encryption config.
* [kops create secret keypair](kops_create_secret_keypair.md) - Create a secret keypair.
* [kops create secret sshpublickey](kops_create_secret_sshpublickey.md) - Create an ssh public key.
* [kops create secret weavepassword](kops_create_secret_weavepassword.md) - Create a weave encryption config.

2
docs/custom_ca.md
View File

@ -17,7 +17,7 @@ The following procedure will allow you to override the CA when creating a cluste
```bash
kops create -f cluster.yaml
kops create secret keypair ca --cert ca.crt --key ca.key --name cluster-name.com
kops create secret ca --cert ca.crt --key ca.key --name cluster-name.com
kops update cluster --yes
```