m/node/kubernetes/pki: refactor out CA functionality This factors out all non-k8s-specific CA functionality from metropolis/node/kubernetes/pki into metropolis/pkg/pki. This will allow us to re-use the same PKI-in-CA system to issue certificates for the Metropolis cluster and nodes. We also drive-by change some Kubernetes/PKI interactions to make things cleaner. Notably, this implements Certificate.Mount to return a fileargs.FileArgs containing all the files neede to use this Certificate. Test Plan: covered by current e2e tests. An etcd harness to test this independently would be nice, though. X-Origin-Diff: phab/D709 GitOrigin-RevId: bdc9ff215b94c9192f65c6da8935fe2818fd14ad

commit: 9411f7c2ed0afbbf617075ab37901addc76fadfb [log] [tgz]
author: Serge Bazanski <serge@nexantic.com> Wed Mar 10 13:12:53 2021 +0100
committer: Serge Bazanski <serge@nexantic.com> Wed Mar 10 13:12:53 2021 +0100
tree: f1f62aa538ba3c2265815d2dbe942377264850a5
parent: 0de189355c6afad6f677029d90fa40dee824141b [diff] [blame]
diff --git a/metropolis/pkg/pki/BUILD.bazel b/metropolis/pkg/pki/BUILD.bazel
new file mode 100644
index 0000000..243abf9
--- /dev/null
+++ b/metropolis/pkg/pki/BUILD.bazel

@@ -0,0 +1,17 @@
+load("@io_bazel_rules_go//go:def.bzl", "go_library")
+
+go_library(
+    name = "go_default_library",
+    srcs = [
+        "ca.go",
+        "certificate.go",
+        "doc.go",
+        "x509.go",
+    ],
+    importpath = "source.monogon.dev/metropolis/pkg/pki",
+    visibility = ["//visibility:public"],
+    deps = [
+        "//metropolis/pkg/fileargs:go_default_library",
+        "@io_etcd_go_etcd//clientv3:go_default_library",
+    ],
+)
commit	9411f7c2ed0afbbf617075ab37901addc76fadfb	[log] [tgz]
author	Serge Bazanski <serge@nexantic.com>	Wed Mar 10 13:12:53 2021 +0100
committer	Serge Bazanski <serge@nexantic.com>	Wed Mar 10 13:12:53 2021 +0100
tree	f1f62aa538ba3c2265815d2dbe942377264850a5
parent	0de189355c6afad6f677029d90fa40dee824141b [diff] [blame]