diff --git a/cluster/certificates.go b/cluster/certificates.go index 7b96aad3..e5cfdbca 100644 --- a/cluster/certificates.go +++ b/cluster/certificates.go @@ -12,7 +12,6 @@ import ( "github.com/rancher/rke/pki" "github.com/rancher/rke/pki/cert" "github.com/rancher/rke/services" - "github.com/sirupsen/logrus" ) func SetUpAuthentication(ctx context.Context, kubeCluster, currentCluster *Cluster, fullState *FullState) error { @@ -24,20 +23,6 @@ func SetUpAuthentication(ctx context.Context, kubeCluster, currentCluster *Clust return nil } -func regenerateAPICertificate(c *Cluster, certificates map[string]pki.CertificatePKI) (map[string]pki.CertificatePKI, error) { - logrus.Debugf("[certificates] Regenerating kubeAPI certificate") - kubeAPIAltNames := pki.GetAltNames(c.ControlPlaneHosts, c.ClusterDomain, c.KubernetesServiceIP, c.Authentication.SANs) - caCrt := certificates[pki.CACertName].Certificate - caKey := certificates[pki.CACertName].Key - kubeAPIKey := certificates[pki.KubeAPICertName].Key - kubeAPICert, _, err := pki.GenerateSignedCertAndKey(caCrt, caKey, true, pki.KubeAPICertName, kubeAPIAltNames, kubeAPIKey, nil) - if err != nil { - return nil, err - } - certificates[pki.KubeAPICertName] = pki.ToCertObject(pki.KubeAPICertName, "", "", kubeAPICert, kubeAPIKey, nil) - return certificates, nil -} - func GetClusterCertsFromKubernetes(ctx context.Context, kubeCluster *Cluster) (map[string]pki.CertificatePKI, error) { log.Infof(ctx, "[certificates] Getting Cluster certificates from Kubernetes") @@ -132,24 +117,6 @@ func (c *Cluster) getBackupHosts() []*hosts.Host { return backupHosts } -func regenerateAPIAggregationCerts(c *Cluster, certificates map[string]pki.CertificatePKI) (map[string]pki.CertificatePKI, error) { - logrus.Debugf("[certificates] Regenerating Kubernetes API server aggregation layer requestheader client CA certificates") - requestHeaderCACrt, requestHeaderCAKey, err := pki.GenerateCACertAndKey(pki.RequestHeaderCACertName, nil) - if err != nil { - return nil, err - } - certificates[pki.RequestHeaderCACertName] = pki.ToCertObject(pki.RequestHeaderCACertName, "", "", requestHeaderCACrt, requestHeaderCAKey, nil) - - //generate API server proxy client key and certs - logrus.Debugf("[certificates] Regenerating Kubernetes API server proxy client certificates") - apiserverProxyClientCrt, apiserverProxyClientKey, err := pki.GenerateSignedCertAndKey(requestHeaderCACrt, requestHeaderCAKey, true, pki.APIProxyClientCertName, nil, nil, nil) - if err != nil { - return nil, err - } - certificates[pki.APIProxyClientCertName] = pki.ToCertObject(pki.APIProxyClientCertName, "", "", apiserverProxyClientCrt, apiserverProxyClientKey, nil) - return certificates, nil -} - func RotateRKECertificates(ctx context.Context, c *Cluster, flags ExternalFlags, clusterState *FullState) error { var ( serviceAccountTokenKey string diff --git a/cluster/cluster.go b/cluster/cluster.go index 3231c806..e7c1d269 100644 --- a/cluster/cluster.go +++ b/cluster/cluster.go @@ -265,14 +265,6 @@ func rebuildLocalAdminConfig(ctx context.Context, kubeCluster *Cluster) error { return nil } -func isLocalConfigWorking(ctx context.Context, localKubeConfigPath string, k8sWrapTransport transport.WrapperFunc) bool { - if _, err := GetK8sVersion(localKubeConfigPath, k8sWrapTransport); err != nil { - log.Infof(ctx, "[reconcile] Local config is not valid (error: %v), rebuilding admin config", err) - return false - } - return true -} - func getLocalConfigAddress(localConfigPath string) (string, error) { config, err := clientcmd.BuildConfigFromFlags("", localConfigPath) if err != nil { diff --git a/cmd/cert.go b/cmd/cert.go index ce189c90..276d693a 100644 --- a/cmd/cert.go +++ b/cmd/cert.go @@ -126,10 +126,6 @@ func generateCSRFromCli(ctx *cli.Context) error { return GenerateRKECSRs(context.Background(), rkeConfig, externalFlags) } -func showRKECertificatesFromCli(ctx *cli.Context) error { - return nil -} - func rebuildClusterWithRotatedCertificates(ctx context.Context, dialersOptions hosts.DialersOptions, flags cluster.ExternalFlags, svcOptionData map[string]*v3.KubernetesServicesOptions) (string, string, string, string, map[string]pki.CertificatePKI, error) { diff --git a/pki/util.go b/pki/util.go index e54a3dfe..d66efda7 100644 --- a/pki/util.go +++ b/pki/util.go @@ -14,7 +14,6 @@ import ( "math/big" "net" "os" - "path" "path/filepath" "reflect" "strings" @@ -373,19 +372,6 @@ func GetLocalKubeConfig(configPath, configDir string) string { return fmt.Sprintf("%s%s%s", baseDir, KubeAdminConfigPrefix, fileName) } -func strCrtToEnv(crtName, crt string) string { - return fmt.Sprintf("%s=%s", getEnvFromName(crtName), crt) -} - -func strKeyToEnv(crtName, key string) string { - envName := getEnvFromName(crtName) - return fmt.Sprintf("%s=%s", getKeyEnvFromEnv(envName), key) -} - -func getTempPath(s string) string { - return TempCertPath + path.Base(s) -} - func populateCertMap(tmpCerts map[string]CertificatePKI, localConfigPath string, extraHosts []*hosts.Host) map[string]CertificatePKI { certs := make(map[string]CertificatePKI) // CACert diff --git a/services/workerplane.go b/services/workerplane.go index 2197d392..41affce4 100644 --- a/services/workerplane.go +++ b/services/workerplane.go @@ -7,7 +7,7 @@ import ( "github.com/rancher/rke/log" "github.com/rancher/rke/pki" "github.com/rancher/rke/util" - "github.com/rancher/types/apis/management.cattle.io/v3" + v3 "github.com/rancher/types/apis/management.cattle.io/v3" "golang.org/x/sync/errgroup" ) @@ -149,11 +149,3 @@ func doDeployWorkerPlane(ctx context.Context, host *hosts.Host, } return runKubeproxy(ctx, host, localConnDialerFactory, prsMap, processMap[KubeproxyContainerName], alpineImage) } - -func copyProcessMap(m map[string]v3.Process) map[string]v3.Process { - c := make(map[string]v3.Process) - for k, v := range m { - c[k] = v - } - return c -}