m/node/kubernetes/pki: refactor out CA functionality This factors out all non-k8s-specific CA functionality from metropolis/node/kubernetes/pki into metropolis/pkg/pki. This will allow us to re-use the same PKI-in-CA system to issue certificates for the Metropolis cluster and nodes. We also drive-by change some Kubernetes/PKI interactions to make things cleaner. Notably, this implements Certificate.Mount to return a fileargs.FileArgs containing all the files neede to use this Certificate. Test Plan: covered by current e2e tests. An etcd harness to test this independently would be nice, though. X-Origin-Diff: phab/D709 GitOrigin-RevId: bdc9ff215b94c9192f65c6da8935fe2818fd14ad

commit: 9411f7c2ed0afbbf617075ab37901addc76fadfb [log] [tgz]
author: Serge Bazanski <serge@nexantic.com> Wed Mar 10 13:12:53 2021 +0100
committer: Serge Bazanski <serge@nexantic.com> Wed Mar 10 13:12:53 2021 +0100
tree: f1f62aa538ba3c2265815d2dbe942377264850a5
parent: 0de189355c6afad6f677029d90fa40dee824141b [diff] [blame]
diff --git a/metropolis/node/kubernetes/controller-manager.go b/metropolis/node/kubernetes/controller-manager.go
index c54112c..546321c 100644
--- a/metropolis/node/kubernetes/controller-manager.go
+++ b/metropolis/node/kubernetes/controller-manager.go

@@ -38,7 +38,7 @@
 	serverKey             []byte
 }
 
-func getPKIControllerManagerConfig(ctx context.Context, kpki *pki.KubernetesPKI) (*controllerManagerConfig, error) {
+func getPKIControllerManagerConfig(ctx context.Context, kpki *pki.PKI) (*controllerManagerConfig, error) {
 	var config controllerManagerConfig
 	var err error
 	config.rootCA, _, err = kpki.Certificate(ctx, pki.IdCA)
commit	9411f7c2ed0afbbf617075ab37901addc76fadfb	[log] [tgz]
author	Serge Bazanski <serge@nexantic.com>	Wed Mar 10 13:12:53 2021 +0100
committer	Serge Bazanski <serge@nexantic.com>	Wed Mar 10 13:12:53 2021 +0100
tree	f1f62aa538ba3c2265815d2dbe942377264850a5
parent	0de189355c6afad6f677029d90fa40dee824141b [diff] [blame]