| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051 |
- /*
- Copyright 2018 The Kubernetes Authors.
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- */
- package main
- import (
- "crypto/tls"
- "flag"
- "k8s.io/klog"
- )
- // Config contains the server (the webhook) cert and key.
- type Config struct {
- CertFile string
- KeyFile string
- }
- func (c *Config) addFlags() {
- flag.StringVar(&c.CertFile, "tls-cert-file", c.CertFile, ""+
- "File containing the default x509 Certificate for HTTPS. (CA cert, if any, concatenated "+
- "after server cert).")
- flag.StringVar(&c.KeyFile, "tls-private-key-file", c.KeyFile, ""+
- "File containing the default x509 private key matching --tls-cert-file.")
- }
- func configTLS(config Config) *tls.Config {
- sCert, err := tls.LoadX509KeyPair(config.CertFile, config.KeyFile)
- if err != nil {
- klog.Fatal(err)
- }
- return &tls.Config{
- Certificates: []tls.Certificate{sCert},
- // TODO: uses mutual tls after we agree on what cert the apiserver should use.
- // ClientAuth: tls.RequireAndVerifyClientCert,
- }
- }
|
