Merge pull request #40612 from jcbsmpsn/share-certificate-loading-function

Automatic merge from submit-queue Move certificate loading function where it can be shared.
2025-07-28 22:17:14 +00:00 · 2017-02-01 14:43:31 -08:00 · 2017-02-01 14:43:31 -08:00 · e75aafd0de
commit e75aafd0de
parent 0bb31560c2 f15e6aac32
2 changed files with 22 additions and 21 deletions
--- a/cmd/kubelet/app/bootstrap.go
+++ b/cmd/kubelet/app/bootstrap.go
@ -18,7 +18,6 @@ package app

 import (
 	"fmt"
-	"io/ioutil"
 	_ "net/http/pprof"
 	"os"
 	"path/filepath"
@ -74,7 +73,7 @@ func bootstrapClientCert(kubeconfigPath string, bootstrapPath string, certDir st
 	if err != nil {
 		return fmt.Errorf("unable to build bootstrap key path: %v", err)
 	}
-	keyData, generatedKeyFile, err := loadOrGenerateKeyFile(keyPath)
+	keyData, generatedKeyFile, err := certutil.LoadOrGenerateKeyFile(keyPath)
 	if err != nil {
 		return err
 	}
@ -161,22 +160,3 @@ func loadRESTClientConfig(kubeconfig string) (*restclient.Config, error) {
 		loader,
 	).ClientConfig()
 }
-
-func loadOrGenerateKeyFile(keyPath string) (data []byte, wasGenerated bool, err error) {
-	loadedData, err := ioutil.ReadFile(keyPath)
-	if err == nil {
-		return loadedData, false, err
-	}
-	if !os.IsNotExist(err) {
-		return nil, false, fmt.Errorf("error loading key from %s: %v", keyPath, err)
-	}
-
-	generatedData, err := certutil.MakeEllipticPrivateKeyPEM()
-	if err != nil {
-		return nil, false, fmt.Errorf("error generating key: %v", err)
-	}
-	if err := certutil.WriteKey(keyPath, generatedData); err != nil {
-		return nil, false, fmt.Errorf("error writing key to %s: %v", keyPath, err)
-	}
-	return generatedData, true, nil
-}
--- a/staging/src/k8s.io/client-go/util/cert/io.go
+++ b/staging/src/k8s.io/client-go/util/cert/io.go
@ -86,6 +86,27 @@ func WriteKey(keyPath string, data []byte) error {
 	return nil
 }

+// LoadOrGenerateKeyFile looks for a key in the file at the given path. If it
+// can't find one, it will generate a new key and store it there.
+func LoadOrGenerateKeyFile(keyPath string) (data []byte, wasGenerated bool, err error) {
+	loadedData, err := ioutil.ReadFile(keyPath)
+	if err == nil {
+		return loadedData, false, err
+	}
+	if !os.IsNotExist(err) {
+		return nil, false, fmt.Errorf("error loading key from %s: %v", keyPath, err)
+	}
+
+	generatedData, err := MakeEllipticPrivateKeyPEM()
+	if err != nil {
+		return nil, false, fmt.Errorf("error generating key: %v", err)
+	}
+	if err := WriteKey(keyPath, generatedData); err != nil {
+		return nil, false, fmt.Errorf("error writing key to %s: %v", keyPath, err)
+	}
+	return generatedData, true, nil
+}
+
 // NewPool returns an x509.CertPool containing the certificates in the given PEM-encoded file.
 // Returns an error if the file could not be read, a certificate could not be parsed, or if the file does not contain any certificates
 func NewPool(filename string) (*x509.CertPool, error) {