commit dbfc638fa03704d274f78b31f508dde1e37502ee
author Serge Bazanski <serge@nexantic.com> Fri Jun 19 20:35:43 2020 +0200
committer Serge Bazanski <serge@nexantic.com> Fri Jun 19 20:35:43 2020 +0200
tree 607f2fbd8683bfd5fc855cd03bce700a107f68fd
parent 71f7a567f372b41b3ea5cf72dfebd0546e3ff7df

core/internal/kubernetes: refactor PKI fully

We move ad-hoc certificate/key creation to a little declarative,
future-inspired API.

The API is split into two distinct layers:
 - an etcd-backed managed certificate storage that understands server
   certificates, client certificates and CAs
 - a Kubernetes PKI object, that understands what certificates are
   needed to bring up a cluster

This allows for deduplicated path names in etcd, some semantic
information about available certificates, and is in general groundwork
for some future improvements, like:
 - a slightly higher level etcd 'data store' api, with
   less-stringly-typed paths
 - simplification of service startup code (there's a bunch of cleanups
   that can be still done in core/internal/kubernetes wrt. to
   certificate marshaling to the filesystem, etc)

Test Plan: covered by existing tests - but this should also now be nicely testable in isolation!

X-Origin-Diff: phab/D564
GitOrigin-RevId: a58620c37ac064a15b7db106b7a5cbe9bd0b7cd0

core/internal/kubernetes/BUILD.bazel

diff --git a/core/internal/kubernetes/BUILD.bazel b/core/internal/kubernetes/BUILD.bazel
index f3304cc..97387df 100644
--- a/core/internal/kubernetes/BUILD.bazel
+++ b/core/internal/kubernetes/BUILD.bazel
@@ -4,7 +4,6 @@
     name = "go_default_library",
     srcs = [
         "apiserver.go",
-        "auth.go",
         "controller-manager.go",
         "csi.go",
         "kubelet.go",
@@ -19,6 +18,7 @@
         "//core/internal/common:go_default_library",
         "//core/internal/common/supervisor:go_default_library",
         "//core/internal/consensus:go_default_library",
+        "//core/internal/kubernetes/pki:go_default_library",
         "//core/internal/kubernetes/reconciler:go_default_library",
         "//core/internal/storage:go_default_library",
         "//core/pkg/fileargs:go_default_library",
@@ -39,7 +39,6 @@
         "@io_k8s_client_go//kubernetes/typed/core/v1:go_default_library",
         "@io_k8s_client_go//tools/cache:go_default_library",
         "@io_k8s_client_go//tools/clientcmd:go_default_library",
-        "@io_k8s_client_go//tools/clientcmd/api:go_default_library",
         "@io_k8s_client_go//tools/record:go_default_library",
         "@io_k8s_client_go//tools/reference:go_default_library",
         "@io_k8s_client_go//util/workqueue:go_default_library",