commit 71f7a567f372b41b3ea5cf72dfebd0546e3ff7df
author Serge Bazanski <serge@nexantic.com> Mon Jun 22 16:37:28 2020 +0200
committer Serge Bazanski <serge@nexantic.com> Mon Jun 22 16:37:28 2020 +0200
tree ef5ea6804ca0419e8851d1a21f956508764ba446
parent 5a09142af47b710bb76df16eca94edefcd3052d7

Revert "scripts/create_container: fix cockroachdb startup"

This reverts commit 25aee769a555d34ae3c9f12560a8a29986601034.

This was uh messed up in phabricator and contains changes that shouldn't
have landed.

Test Plan: it's a revert.

X-Origin-Diff: phab/D567
GitOrigin-RevId: 0dee3a91f708a9c2aba6cc7dbc929c3c887647c3

core/internal/kubernetes/kubelet.go

diff --git a/core/internal/kubernetes/kubelet.go b/core/internal/kubernetes/kubelet.go
index e9d0332..3b0d966 100644
--- a/core/internal/kubernetes/kubelet.go
+++ b/core/internal/kubernetes/kubelet.go
@@ -18,16 +18,21 @@
 
 import (
 	"context"
+	"crypto/ed25519"
 	"encoding/json"
+	"encoding/pem"
 	"fmt"
 	"io"
+	"io/ioutil"
 	"net"
+	"os"
 	"os/exec"
 
 	"git.monogon.dev/source/nexantic.git/core/internal/common/supervisor"
 	"git.monogon.dev/source/nexantic.git/core/internal/kubernetes/reconciler"
 	"git.monogon.dev/source/nexantic.git/core/pkg/fileargs"
 
+	"go.etcd.io/etcd/clientv3"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	kubeletconfig "k8s.io/kubelet/config/v1beta1"
 )
@@ -36,6 +41,44 @@
 	clusterDNS []net.IP
 }
 
+func bootstrapLocalKubelet(consensusKV clientv3.KV, nodeName string) error {
+	idCA, idKeyRaw, err := getCert(consensusKV, "id-ca")
+	if err != nil {
+		return err
+	}
+	idKey := ed25519.PrivateKey(idKeyRaw)
+	cert, key, err := issueCertificate(clientCertTemplate("system:node:"+nodeName, []string{"system:nodes"}), idCA, idKey)
+	if err != nil {
+		return err
+	}
+	kubeconfig, err := makeLocalKubeconfig(idCA, cert, key)
+	if err != nil {
+		return err
+	}
+
+	serverCert, serverKey, err := issueCertificate(serverCertTemplate([]string{nodeName}, []net.IP{}), idCA, idKey)
+	if err != nil {
+		return err
+	}
+	if err := os.MkdirAll("/data/kubernetes", 0755); err != nil {
+		return err
+	}
+	if err := ioutil.WriteFile("/data/kubernetes/kubelet.kubeconfig", kubeconfig, 0400); err != nil {
+		return err
+	}
+	if err := ioutil.WriteFile("/data/kubernetes/ca.crt", pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: idCA}), 0400); err != nil {
+		return err
+	}
+	if err := ioutil.WriteFile("/data/kubernetes/kubelet.crt", pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: serverCert}), 0400); err != nil {
+		return err
+	}
+	if err := ioutil.WriteFile("/data/kubernetes/kubelet.key", pem.EncodeToMemory(&pem.Block{Type: "PRIVATE KEY", Bytes: serverKey}), 0400); err != nil {
+		return err
+	}
+
+	return nil
+}
+
 func runKubelet(spec *KubeletSpec, output io.Writer) supervisor.Runnable {
 	return func(ctx context.Context) error {
 		fargs, err := fileargs.New()