func newKubeletKeyAndCert(caCert *x509.Certificate, caPrivKey *rsa.PrivateKey) (*rsa.PrivateKey, *x509.Certificate, error) {
key, err := tlsutil.NewPrivateKey()
if err != nil {
return nil, nil, err
}
config := tlsutil.CertConfig{
CommonName: "kubelet",
Organization: []string{"kube-node"},
}
cert, err := tlsutil.NewSignedCertificate(config, key, caCert, caPrivKey)
if err != nil {
return nil, nil, err
}
return key, cert, err
}
func newAPIKeyAndCert(caCert *x509.Certificate, caPrivKey *rsa.PrivateKey, altNames tlsutil.AltNames) (*rsa.PrivateKey, *x509.Certificate, error) {
key, err := tlsutil.NewPrivateKey()
if err != nil {
return nil, nil, err
}
altNames.IPs = append(altNames.IPs, net.ParseIP("10.3.0.1"))
altNames.DNSNames = append(altNames.DNSNames, []string{
"kubernetes",
"kubernetes.default",
"kubernetes.default.svc",
"kubernetes.default.svc.cluster.local",
}...)
config := tlsutil.CertConfig{
CommonName: "kube-apiserver",
Organization: []string{"kube-master"},
AltNames: altNames,
}
cert, err := tlsutil.NewSignedCertificate(config, key, caCert, caPrivKey)
if err != nil {
return nil, nil, err
}
return key, cert, err
}