Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

k2d: introduce cert alt name support via K2D_ALT_NAMES #94

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

k2d: introduce cert alt name support via K2D_ALT_NAMES #94

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion cmd/k2d.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@ func main() {
logger.Fatalf("unable to get advertise IP address: %s", err)
}

err = ssl.EnsureTLSCertificatesExist(ctx, cfg.DataPath, ip)
err = ssl.EnsureTLSCertificatesExist(ctx, cfg.DataPath, ip, cfg.AltNames)
if err != nil {
logger.Fatalf("unable to setup TLS certificates: %s", err)
}
Expand Down
3 changes: 3 additions & 0 deletions internal/config/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,9 @@ type Config struct {
// It is expected to be provided through an environment variable named K2D_ADVERTISE_ADDR.
AdvertiseAddr string `env:"K2D_ADVERTISE_ADDR"`

// AltNames represents optional alternative names for the TLS certificate.
AltNames []string `env:"K2D_ALT_NAMES"`

// DataPath represents the path for application data storage.
// If not provided through an environment variable named K2D_DATA_PATH,
// the default value is set to /var/lib/k2d.
Expand Down
3 changes: 2 additions & 1 deletion internal/ssl/ssl.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ func SSLKeyPath(dataPath string) string {
// The generated certificates have a validity period of 25 years.
//
// This function depends on the ssl.GenerateTLSCertificatesForIPAddr and filesystem.CreateDir functions.
func EnsureTLSCertificatesExist(ctx context.Context, dataPath string, ipAddr net.IP) error {
func EnsureTLSCertificatesExist(ctx context.Context, dataPath string, ipAddr net.IP, altNames []string) error {
certPath := path.Join(dataPath, SSL_FOLDER)

err := filesystem.CreateDir(certPath)
Expand All @@ -77,6 +77,7 @@ func EnsureTLSCertificatesExist(ctx context.Context, dataPath string, ipAddr net
CAFilename: CA_FILENAME,
CertFilename: CERT_FILENAME,
KeyFilename: KEY_FILENAME,
AltNames: altNames,
}

tlsFilesExist, err := areTLSCertificatesPresent(cfg)
Expand Down
3 changes: 2 additions & 1 deletion pkg/ssl/ssl.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ type CertConfig struct {
CAFilename string
CertFilename string
KeyFilename string
AltNames []string
}

// GenerateTLSCertificatesForIPAddr generates a CA certificate, a TLS certificate, and a private key
Expand Down Expand Up @@ -106,7 +107,7 @@ func GenerateTLSCertificatesForIPAddr(cfg CertConfig) error {
Locality: []string{cfg.Locality},
},
IPAddresses: []net.IP{cfg.IpAddr, net.IPv6loopback},
DNSNames: []string{"kubernetes.default.svc"},
DNSNames: append([]string{"kubernetes.default.svc"}, cfg.AltNames...),
NotBefore: time.Now(),
NotAfter: time.Now().Add(cfg.Validity),
SubjectKeyId: []byte{1, 2, 3, 4, 6},
Expand Down
Loading