Alejandro Pedraza 19a8c72685 Add RSA support to TLS libraries (#3135) ... * Add RSA support to TLS libraries Fixes #3131 Wrapped private keys into either `PrivateKeyEC` or `PrivateKeyRSA` to provide different certificate matching logic and marshaling depending on the block type. You can test having an RSA cert for the proxy injector by applying this patch: ```diff $ diff -u chart/templates/proxy_injector-rbac.yaml ~/tmp/proxy_injector-rbac.yaml --- chart/templates/proxy_injector-rbac.yaml 2019-07-24 14:34:43.570616936 -0500 +++ /home/alpeb/tmp/proxy_injector-rbac.yaml 2019-07-24 13:41:03.150285099 -0500 @@ -1,4 +1,5 @@ {{with .Values -}} +{{- $ca := genCA "linkerd-proxy-injector.linkerd.svc" 365 -}} --- ### ### Proxy Injector RBAC @@ -60,8 +61,8 @@ {{ .CreatedByAnnotation }}: {{ .CliVersion }} type: Opaque data: - crt.pem: {{ b64enc .ProxyInjector.CrtPEM }} - key.pem: {{ b64enc .ProxyInjector.KeyPEM }} + crt.pem: {{ b64enc $ca.Cert }} + key.pem: {{ b64enc $ca.Key }} --- apiVersion: admissionregistration.k8s.io/v1beta1 kind: MutatingWebhookConfiguration @@ -81,7 +82,7 @@ name: linkerd-proxy-injector namespace: {{ .Namespace }} path: "/" - caBundle: {{ b64enc .ProxyInjector.CrtPEM }} + caBundle: {{ b64enc $ca.Cert }} failurePolicy: {{ .WebhookFailurePolicy }} rules: - operations: [ "CREATE" ] ``` This will replace the logic to generate the cert with a call to Helm's `genCA`, which uses RSA. Signed-off-by: Alejandro Pedraza <alejandro@buoyant.io>		2019-07-26 11:54:56 -05:00
..
ca.go	Introduce the Identity controller implementation (#2521)	2019-03-19 13:58:45 -07:00
codec.go	Add RSA support to TLS libraries (#3135)	2019-07-26 11:54:56 -05:00
cred.go	Add RSA support to TLS libraries (#3135)	2019-07-26 11:54:56 -05:00
cred_test.go	Enable gosimple linter, fix issues (#2356)	2019-02-22 17:19:07 -08:00