func altNamesFromURLs(urls []*url.URL) *tlsutil.AltNames {
var an tlsutil.AltNames
for _, u := range urls {
host, _, err := net.SplitHostPort(u.Host)
if err != nil {
host = u.Host
}
ip := net.ParseIP(host)
if ip == nil {
an.DNSNames = append(an.DNSNames, host)
} else {
an.IPs = append(an.IPs, ip)
}
}
return &an
}
func parseAltNames(s string) (*tlsutil.AltNames, error) {
if s == "" {
return nil, nil
}
var alt tlsutil.AltNames
for _, an := range strings.Split(s, ",") {
switch {
case strings.HasPrefix(an, "DNS="):
alt.DNSNames = append(alt.DNSNames, strings.TrimPrefix(an, "DNS="))
case strings.HasPrefix(an, "IP="):
ip := net.ParseIP(strings.TrimPrefix(an, "IP="))
if ip == nil {
return nil, fmt.Errorf("Invalid IP alt name: %s", an)
}
alt.IPs = append(alt.IPs, ip)
default:
return nil, fmt.Errorf("Invalid alt name: %s", an)
}
}
return &alt, nil
}
func newAPIKeyAndCert(caCert *x509.Certificate, caPrivKey *rsa.PrivateKey, altNames tlsutil.AltNames) (*rsa.PrivateKey, *x509.Certificate, error) {
key, err := tlsutil.NewPrivateKey()
if err != nil {
return nil, nil, err
}
altNames.IPs = append(altNames.IPs, net.ParseIP("10.3.0.1"))
altNames.DNSNames = append(altNames.DNSNames, []string{
"kubernetes",
"kubernetes.default",
"kubernetes.default.svc",
"kubernetes.default.svc.cluster.local",
}...)
config := tlsutil.CertConfig{
CommonName: "kube-apiserver",
Organization: []string{"kube-master"},
AltNames: altNames,
}
cert, err := tlsutil.NewSignedCertificate(config, key, caCert, caPrivKey)
if err != nil {
return nil, nil, err
}
return key, cert, err
}