rpms / golang-k8s-kubernetes

Clone
Source Code
GIT

Files

  1.   6195b03bd0e74fc1e55d6fc5f43b2ecf34e05419
  2.   0001-Extract-new-keyutil-package-from-client-go-util-cert.patch
Blob Blame History Raw 
From 18458392ca24c85c688e655aace1afd04f864cbd Mon Sep 17 00:00:00 2001
From: Andrew Lytvynov <awly@google.com>
Date: Sun, 9 Dec 2018 16:24:38 -0800
Subject: [PATCH] Extract new keyutil package from client-go/util/cert

This package contains public/private key utilities copied directly from
client-go/util/cert. All imports were updated.

Future PRs will actually refactor the libraries.

Updates #71004
---

diff -up kubernetes-1.13.7-beta.0/cmd/kubeadm/app/phases/kubeconfig/kubeconfig.go.keyutil kubernetes-1.13.7-beta.0/cmd/kubeadm/app/phases/kubeconfig/kubeconfig.go
--- kubernetes-1.13.7-beta.0/cmd/kubeadm/app/phases/kubeconfig/kubeconfig.go.keyutil	2019-05-08 15:45:41.000000000 +0200
+++ kubernetes-1.13.7-beta.0/cmd/kubeadm/app/phases/kubeconfig/kubeconfig.go	2019-05-21 09:24:07.256958952 +0200
@@ -29,6 +29,7 @@ import (
 	"k8s.io/client-go/tools/clientcmd"
 	clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
 	certutil "k8s.io/client-go/util/cert"
+	"k8s.io/client-go/util/keyutil"
 	"k8s.io/klog"
 	kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
 	kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants"
@@ -205,13 +206,17 @@ func buildKubeConfigFromSpec(spec *kubeC
 		return nil, errors.Wrapf(err, "failure while creating %s client certificate", spec.ClientName)
 	}
 
+	encodedClientKey, err := keyutil.MarshalPrivateKeyToPEM(clientKey)
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed to marshal private key to PEM")
+	}
 	// create a kubeconfig with the client certs
 	return kubeconfigutil.CreateWithCerts(
 		spec.APIServer,
 		clustername,
 		spec.ClientName,
 		certutil.EncodeCertPEM(spec.CACert),
-		certutil.EncodePrivateKeyPEM(clientKey),
+		encodedClientKey,
 		certutil.EncodeCertPEM(clientCert),
 	), nil
 }
diff -up kubernetes-1.13.7-beta.0/cmd/kubeadm/app/util/pkiutil/pki_helpers.go.keyutil kubernetes-1.13.7-beta.0/cmd/kubeadm/app/util/pkiutil/pki_helpers.go
--- kubernetes-1.13.7-beta.0/cmd/kubeadm/app/util/pkiutil/pki_helpers.go.keyutil	2019-05-08 15:45:41.000000000 +0200
+++ kubernetes-1.13.7-beta.0/cmd/kubeadm/app/util/pkiutil/pki_helpers.go	2019-05-21 09:21:29.248165205 +0200
@@ -34,6 +34,7 @@ import (
 
 	"k8s.io/apimachinery/pkg/util/validation"
 	certutil "k8s.io/client-go/util/cert"
+	"k8s.io/client-go/util/keyutil"
 	kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
 	kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants"
 	kubeadmutil "k8s.io/kubernetes/cmd/kubeadm/app/util"
@@ -125,7 +126,11 @@ func WriteKey(pkiPath, name string, key
 	}
 
 	privateKeyPath := pathForKey(pkiPath, name)
-	if err := certutil.WriteKey(privateKeyPath, certutil.EncodePrivateKeyPEM(key)); err != nil {
+	encoded, err := keyutil.MarshalPrivateKeyToPEM(key)
+	if err != nil {
+		return errors.Wrapf(err, "unable to marshal private key to PEM")
+	}
+	if err := keyutil.WriteKey(privateKeyPath, encoded); err != nil {
 		return errors.Wrapf(err, "unable to write private key to file %s", privateKeyPath)
 	}
 
@@ -164,7 +169,7 @@ func WritePublicKey(pkiPath, name string
 		return err
 	}
 	publicKeyPath := pathForPublicKey(pkiPath, name)
-	if err := certutil.WriteKey(publicKeyPath, publicKeyBytes); err != nil {
+	if err := keyutil.WriteKey(publicKeyPath, publicKeyBytes); err != nil {
 		return errors.Wrapf(err, "unable to write public key to file %s", publicKeyPath)
 	}
 
@@ -242,7 +247,7 @@ func TryLoadKeyFromDisk(pkiPath, name st
 	privateKeyPath := pathForKey(pkiPath, name)
 
 	// Parse the private key from a file
-	privKey, err := certutil.PrivateKeyFromFile(privateKeyPath)
+	privKey, err := keyutil.PrivateKeyFromFile(privateKeyPath)
 	if err != nil {
 		return nil, errors.Wrapf(err, "couldn't load the private key file %s", privateKeyPath)
 	}
@@ -281,7 +286,7 @@ func TryLoadPrivatePublicKeyFromDisk(pki
 	privateKeyPath := pathForKey(pkiPath, name)
 
 	// Parse the private key from a file
-	privKey, err := certutil.PrivateKeyFromFile(privateKeyPath)
+	privKey, err := keyutil.PrivateKeyFromFile(privateKeyPath)
 	if err != nil {
 		return nil, nil, errors.Wrapf(err, "couldn't load the private key file %s", privateKeyPath)
 	}
@@ -289,7 +294,7 @@ func TryLoadPrivatePublicKeyFromDisk(pki
 	publicKeyPath := pathForPublicKey(pkiPath, name)
 
 	// Parse the public key from a file
-	pubKeys, err := certutil.PublicKeysFromFile(publicKeyPath)
+	pubKeys, err := keyutil.PublicKeysFromFile(publicKeyPath)
 	if err != nil {
 		return nil, nil, errors.Wrapf(err, "couldn't load the public key file %s", publicKeyPath)
 	}
diff -up kubernetes-1.13.7-beta.0/cmd/kube-apiserver/app/server.go.keyutil kubernetes-1.13.7-beta.0/cmd/kube-apiserver/app/server.go
--- kubernetes-1.13.7-beta.0/cmd/kube-apiserver/app/server.go.keyutil	2019-05-08 15:45:41.000000000 +0200
+++ kubernetes-1.13.7-beta.0/cmd/kube-apiserver/app/server.go	2019-05-21 09:19:37.160312456 +0200
@@ -54,7 +54,7 @@ import (
 	"k8s.io/apiserver/pkg/util/webhook"
 	clientgoinformers "k8s.io/client-go/informers"
 	clientgoclientset "k8s.io/client-go/kubernetes"
-	certutil "k8s.io/client-go/util/cert"
+	"k8s.io/client-go/util/keyutil"
 	cloudprovider "k8s.io/cloud-provider"
 	"k8s.io/klog"
 	aggregatorapiserver "k8s.io/kube-aggregator/pkg/apiserver"
@@ -576,7 +576,7 @@ func Complete(s *options.ServerRunOption
 	}
 
 	if s.ServiceAccountSigningKeyFile != "" && s.Authentication.ServiceAccounts.Issuer != "" {
-		sk, err := certutil.PrivateKeyFromFile(s.ServiceAccountSigningKeyFile)
+		sk, err := keyutil.PrivateKeyFromFile(s.ServiceAccountSigningKeyFile)
 		if err != nil {
 			return options, fmt.Errorf("failed to parse service-account-issuer-key-file: %v", err)
 		}
diff -up kubernetes-1.13.7-beta.0/cmd/kube-controller-manager/app/controllermanager.go.keyutil kubernetes-1.13.7-beta.0/cmd/kube-controller-manager/app/controllermanager.go
--- kubernetes-1.13.7-beta.0/cmd/kube-controller-manager/app/controllermanager.go.keyutil	2019-05-08 15:45:41.000000000 +0200
+++ kubernetes-1.13.7-beta.0/cmd/kube-controller-manager/app/controllermanager.go	2019-05-21 09:19:37.163312452 +0200
@@ -48,6 +48,7 @@ import (
 	"k8s.io/client-go/tools/leaderelection"
 	"k8s.io/client-go/tools/leaderelection/resourcelock"
 	certutil "k8s.io/client-go/util/cert"
+	"k8s.io/client-go/util/keyutil"
 	cloudprovider "k8s.io/cloud-provider"
 	"k8s.io/klog"
 	genericcontrollermanager "k8s.io/kubernetes/cmd/controller-manager/app"
@@ -536,7 +537,7 @@ func (c serviceAccountTokenControllerSta
 		klog.Warningf("%q is disabled because there is no private key", saTokenControllerName)
 		return nil, false, nil
 	}
-	privateKey, err := certutil.PrivateKeyFromFile(ctx.ComponentConfig.SAController.ServiceAccountKeyFile)
+	privateKey, err := keyutil.PrivateKeyFromFile(ctx.ComponentConfig.SAController.ServiceAccountKeyFile)
 	if err != nil {
 		return nil, true, fmt.Errorf("error reading key for service account token controller: %v", err)
 	}
diff -up kubernetes-1.13.7-beta.0/cmd/kubelet/app/server.go.keyutil kubernetes-1.13.7-beta.0/cmd/kubelet/app/server.go
--- kubernetes-1.13.7-beta.0/cmd/kubelet/app/server.go.keyutil	2019-05-08 15:45:41.000000000 +0200
+++ kubernetes-1.13.7-beta.0/cmd/kubelet/app/server.go	2019-05-21 09:21:29.252165199 +0200
@@ -56,6 +56,7 @@ import (
 	"k8s.io/client-go/tools/record"
 	certutil "k8s.io/client-go/util/cert"
 	"k8s.io/client-go/util/certificate"
+	"k8s.io/client-go/util/keyutil"
 	cloudprovider "k8s.io/cloud-provider"
 	csiclientset "k8s.io/csi-api/pkg/client/clientset/versioned"
 	kubeletconfigv1beta1 "k8s.io/kubelet/config/v1beta1"
@@ -818,7 +819,7 @@ func InitializeTLS(kf *options.KubeletFl
 				return nil, err
 			}
 
-			if err := certutil.WriteKey(kc.TLSPrivateKeyFile, key); err != nil {
+			if err := keyutil.WriteKey(kc.TLSPrivateKeyFile, key); err != nil {
 				return nil, err
 			}
 
diff -up kubernetes-1.13.7-beta.0/pkg/kubeapiserver/authenticator/config.go.keyutil kubernetes-1.13.7-beta.0/pkg/kubeapiserver/authenticator/config.go
--- kubernetes-1.13.7-beta.0/pkg/kubeapiserver/authenticator/config.go.keyutil	2019-05-08 15:45:41.000000000 +0200
+++ kubernetes-1.13.7-beta.0/pkg/kubeapiserver/authenticator/config.go	2019-05-21 09:21:29.254165197 +0200
@@ -38,9 +38,11 @@ import (
 	"k8s.io/apiserver/plugin/pkg/authenticator/request/basicauth"
 	"k8s.io/apiserver/plugin/pkg/authenticator/token/oidc"
 	"k8s.io/apiserver/plugin/pkg/authenticator/token/webhook"
+
 	// Initialize all known client auth plugins.
 	_ "k8s.io/client-go/plugin/pkg/client/auth"
 	certutil "k8s.io/client-go/util/cert"
+	"k8s.io/client-go/util/keyutil"
 	"k8s.io/kubernetes/pkg/features"
 	"k8s.io/kubernetes/pkg/serviceaccount"
 )
@@ -226,7 +228,7 @@ func (config Config) New() (authenticato
 
 // IsValidServiceAccountKeyFile returns true if a valid public RSA key can be read from the given file
 func IsValidServiceAccountKeyFile(file string) bool {
-	_, err := certutil.PublicKeysFromFile(file)
+	_, err := keyutil.PublicKeysFromFile(file)
 	return err == nil
 }
 
@@ -279,7 +281,7 @@ func newAuthenticatorFromOIDCIssuerURL(o
 func newLegacyServiceAccountAuthenticator(keyfiles []string, lookup bool, apiAudiences authenticator.Audiences, serviceAccountGetter serviceaccount.ServiceAccountTokenGetter) (authenticator.Token, error) {
 	allPublicKeys := []interface{}{}
 	for _, keyfile := range keyfiles {
-		publicKeys, err := certutil.PublicKeysFromFile(keyfile)
+		publicKeys, err := keyutil.PublicKeysFromFile(keyfile)
 		if err != nil {
 			return nil, err
 		}
@@ -294,7 +296,7 @@ func newLegacyServiceAccountAuthenticato
 func newServiceAccountAuthenticator(iss string, keyfiles []string, apiAudiences authenticator.Audiences, serviceAccountGetter serviceaccount.ServiceAccountTokenGetter) (authenticator.Token, error) {
 	allPublicKeys := []interface{}{}
 	for _, keyfile := range keyfiles {
-		publicKeys, err := certutil.PublicKeysFromFile(keyfile)
+		publicKeys, err := keyutil.PublicKeysFromFile(keyfile)
 		if err != nil {
 			return nil, err
 		}
diff -up kubernetes-1.13.7-beta.0/pkg/kubelet/certificate/bootstrap/bootstrap.go.keyutil kubernetes-1.13.7-beta.0/pkg/kubelet/certificate/bootstrap/bootstrap.go
--- kubernetes-1.13.7-beta.0/pkg/kubelet/certificate/bootstrap/bootstrap.go.keyutil	2019-05-08 15:45:41.000000000 +0200
+++ kubernetes-1.13.7-beta.0/pkg/kubelet/certificate/bootstrap/bootstrap.go	2019-05-21 09:21:29.257165193 +0200
@@ -43,6 +43,7 @@ import (
 	certutil "k8s.io/client-go/util/cert"
 	"k8s.io/client-go/util/certificate"
 	"k8s.io/client-go/util/certificate/csr"
+	"k8s.io/client-go/util/keyutil"
 )
 
 const tmpPrivateKeyFile = "kubelet-client.key.tmp"
@@ -82,7 +83,7 @@ func LoadClientCert(kubeconfigPath strin
 	var keyData []byte
 	if cert, err := store.Current(); err == nil {
 		if cert.PrivateKey != nil {
-			keyData, err = certutil.MarshalPrivateKeyToPEM(cert.PrivateKey)
+			keyData, err = keyutil.MarshalPrivateKeyToPEM(cert.PrivateKey)
 			if err != nil {
 				keyData = nil
 			}
@@ -96,7 +97,7 @@ func LoadClientCert(kubeconfigPath strin
 		klog.V(2).Infof("No valid private key and/or certificate found, reusing existing private key or creating a new one")
 		// Note: always call LoadOrGenerateKeyFile so that private key is
 		// reused on next startup if CSR request fails.
-		keyData, _, err = certutil.LoadOrGenerateKeyFile(privKeyPath)
+		keyData, _, err = keyutil.LoadOrGenerateKeyFile(privKeyPath)
 		if err != nil {
 			return err
 		}
@@ -218,7 +219,7 @@ func verifyKeyData(data []byte) bool {
 	if len(data) == 0 {
 		return false
 	}
-	_, err := certutil.ParsePrivateKeyPEM(data)
+	_, err := keyutil.ParsePrivateKeyPEM(data)
 	return err == nil
 }
 
@@ -262,7 +263,7 @@ func requestNodeCertificate(client certi
 		CommonName:   "system:node:" + string(nodeName),
 	}
 
-	privateKey, err := certutil.ParsePrivateKeyPEM(privateKeyData)
+	privateKey, err := keyutil.ParsePrivateKeyPEM(privateKeyData)
 	if err != nil {
 		return nil, fmt.Errorf("invalid private key for certificate request: %v", err)
 	}
diff -up kubernetes-1.13.7-beta.0/pkg/kubelet/certificate/bootstrap/bootstrap_test.go.keyutil kubernetes-1.13.7-beta.0/pkg/kubelet/certificate/bootstrap/bootstrap_test.go
--- kubernetes-1.13.7-beta.0/pkg/kubelet/certificate/bootstrap/bootstrap_test.go.keyutil	2019-05-08 15:45:41.000000000 +0200
+++ kubernetes-1.13.7-beta.0/pkg/kubelet/certificate/bootstrap/bootstrap_test.go	2019-05-21 09:21:29.258165191 +0200
@@ -29,7 +29,7 @@ import (
 	"k8s.io/apimachinery/pkg/watch"
 	certificatesclient "k8s.io/client-go/kubernetes/typed/certificates/v1beta1"
 	restclient "k8s.io/client-go/rest"
-	certutil "k8s.io/client-go/util/cert"
+	"k8s.io/client-go/util/keyutil"
 )
 
 func TestLoadRESTClientConfig(t *testing.T) {
@@ -104,7 +104,7 @@ func TestRequestNodeCertificateErrorCrea
 	client := &fakeClient{
 		failureType: createError,
 	}
-	privateKeyData, err := certutil.MakeEllipticPrivateKeyPEM()
+	privateKeyData, err := keyutil.MakeEllipticPrivateKeyPEM()
 	if err != nil {
 		t.Fatalf("Unable to generate a new private key: %v", err)
 	}
@@ -119,7 +119,7 @@ func TestRequestNodeCertificateErrorCrea
 }
 
 func TestRequestNodeCertificate(t *testing.T) {
-	privateKeyData, err := certutil.MakeEllipticPrivateKeyPEM()
+	privateKeyData, err := keyutil.MakeEllipticPrivateKeyPEM()
 	if err != nil {
 		t.Fatalf("Unable to generate a new private key: %v", err)
 	}
diff -up kubernetes-1.13.7-beta.0/pkg/kubelet/certificate/bootstrap/BUILD.keyutil kubernetes-1.13.7-beta.0/pkg/kubelet/certificate/bootstrap/BUILD
--- kubernetes-1.13.7-beta.0/pkg/kubelet/certificate/bootstrap/BUILD.keyutil	2019-05-08 15:45:41.000000000 +0200
+++ kubernetes-1.13.7-beta.0/pkg/kubelet/certificate/bootstrap/BUILD	2019-05-21 09:21:29.256165194 +0200
@@ -17,7 +17,7 @@ go_test(
         "//staging/src/k8s.io/apimachinery/pkg/watch:go_default_library",
         "//staging/src/k8s.io/client-go/kubernetes/typed/certificates/v1beta1:go_default_library",
         "//staging/src/k8s.io/client-go/rest:go_default_library",
-        "//staging/src/k8s.io/client-go/util/cert:go_default_library",
+        "//staging/src/k8s.io/client-go/util/keyutil:go_default_library",
     ],
 )
 
@@ -40,6 +40,7 @@ go_library(
         "//staging/src/k8s.io/client-go/util/cert:go_default_library",
         "//staging/src/k8s.io/client-go/util/certificate:go_default_library",
         "//staging/src/k8s.io/client-go/util/certificate/csr:go_default_library",
+        "//staging/src/k8s.io/client-go/util/keyutil:go_default_library",
         "//vendor/k8s.io/klog:go_default_library",
     ],
 )
diff -up kubernetes-1.13.7-beta.0/pkg/serviceaccount/jwt_test.go.keyutil kubernetes-1.13.7-beta.0/pkg/serviceaccount/jwt_test.go
--- kubernetes-1.13.7-beta.0/pkg/serviceaccount/jwt_test.go.keyutil	2019-05-08 15:45:41.000000000 +0200
+++ kubernetes-1.13.7-beta.0/pkg/serviceaccount/jwt_test.go	2019-05-21 09:25:20.167863782 +0200
@@ -21,12 +21,12 @@ import (
 	"reflect"
 	"testing"
 
-	"k8s.io/api/core/v1"
+	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apiserver/pkg/authentication/authenticator"
 	clientset "k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/kubernetes/fake"
-	certutil "k8s.io/client-go/util/cert"
+	"k8s.io/client-go/util/keyutil"
 	serviceaccountcontroller "k8s.io/kubernetes/pkg/controller/serviceaccount"
 	"k8s.io/kubernetes/pkg/serviceaccount"
 )
@@ -95,12 +95,12 @@ X2i8uIp/C/ASqiIGUeeKQtX0/IR3qCXyThP/dbCi
 -----END PUBLIC KEY-----`
 
 func getPrivateKey(data string) interface{} {
-	key, _ := certutil.ParsePrivateKeyPEM([]byte(data))
+	key, _ := keyutil.ParsePrivateKeyPEM([]byte(data))
 	return key
 }
 
 func getPublicKey(data string) interface{} {
-	keys, _ := certutil.ParsePublicKeysPEM([]byte(data))
+	keys, _ := keyutil.ParsePublicKeysPEM([]byte(data))
 	return keys[0]
 }
 func TestTokenGenerateAndValidate(t *testing.T) {
diff -up kubernetes-1.13.7-beta.0/test/e2e/apimachinery/certs.go.keyutil kubernetes-1.13.7-beta.0/test/e2e/apimachinery/certs.go
--- kubernetes-1.13.7-beta.0/test/e2e/apimachinery/certs.go.keyutil	2019-05-21 09:21:29.265165182 +0200
+++ kubernetes-1.13.7-beta.0/test/e2e/apimachinery/certs.go	2019-05-21 09:30:18.346474554 +0200
@@ -22,6 +22,7 @@ import (
 	"os"
 
 	"k8s.io/client-go/util/cert"
+	"k8s.io/client-go/util/keyutil"
 	"k8s.io/kubernetes/test/e2e/framework"
 )
 
@@ -79,12 +80,16 @@ func setupServerCert(namespaceName, serv
 	if err = ioutil.WriteFile(certFile.Name(), cert.EncodeCertPEM(signedCert), 0600); err != nil {
 		framework.Failf("Failed to write cert file %v", err)
 	}
-	if err = ioutil.WriteFile(keyFile.Name(), cert.EncodePrivateKeyPEM(key), 0644); err != nil {
+	privateKeyPEM, err := keyutil.MarshalPrivateKeyToPEM(key)
+	if err != nil {
+		framework.Failf("Failed to marshal key %v", err)
+	}
+	if err = ioutil.WriteFile(keyFile.Name(), privateKeyPEM, 0644); err != nil {
 		framework.Failf("Failed to write key file %v", err)
 	}
 	return &certContext{
 		cert:        cert.EncodeCertPEM(signedCert),
-		key:         cert.EncodePrivateKeyPEM(key),
+		key:         privateKeyPEM,
 		signingCert: cert.EncodeCertPEM(signingCert),
 	}
 }
diff -up kubernetes-1.13.7-beta.0/test/e2e/auth/certificates.go.keyutil kubernetes-1.13.7-beta.0/test/e2e/auth/certificates.go
diff -up kubernetes-1.13.7-beta.0/test/integration/auth/svcaccttoken_test.go.keyutil kubernetes-1.13.7-beta.0/test/integration/auth/svcaccttoken_test.go
--- kubernetes-1.13.7-beta.0/test/integration/auth/svcaccttoken_test.go.keyutil	2019-05-08 15:45:41.000000000 +0200
+++ kubernetes-1.13.7-beta.0/test/integration/auth/svcaccttoken_test.go	2019-05-21 09:32:44.894283241 +0200
@@ -39,7 +39,7 @@ import (
 	utilfeature "k8s.io/apiserver/pkg/util/feature"
 	utilfeaturetesting "k8s.io/apiserver/pkg/util/feature/testing"
 	clientset "k8s.io/client-go/kubernetes"
-	certutil "k8s.io/client-go/util/cert"
+	"k8s.io/client-go/util/keyutil"
 	"k8s.io/kubernetes/pkg/apis/core"
 	serviceaccountgetter "k8s.io/kubernetes/pkg/controller/serviceaccount"
 	"k8s.io/kubernetes/pkg/features"
@@ -57,7 +57,7 @@ func TestServiceAccountTokenCreate(t *te
 	defer utilfeaturetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.TokenRequest, true)()
 
 	// Build client config, clientset, and informers
-	sk, err := certutil.ParsePrivateKeyPEM([]byte(ecdsaPrivateKey))
+	sk, err := keyutil.ParsePrivateKeyPEM([]byte(ecdsaPrivateKey))
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
diff -up kubernetes-1.13.7-beta.0/test/integration/examples/apiserver_test.go.keyutil kubernetes-1.13.7-beta.0/test/integration/examples/apiserver_test.go
--- kubernetes-1.13.7-beta.0/test/integration/examples/apiserver_test.go.keyutil	2019-05-21 09:21:29.272165173 +0200
+++ kubernetes-1.13.7-beta.0/test/integration/examples/apiserver_test.go	2019-05-21 09:35:51.578039553 +0200
@@ -43,6 +43,7 @@ import (
 	"k8s.io/client-go/tools/clientcmd"
 	clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
 	"k8s.io/client-go/util/cert"
+	"k8s.io/client-go/util/keyutil"
 	apiregistrationv1beta1 "k8s.io/kube-aggregator/pkg/apis/apiregistration/v1beta1"
 	aggregatorclient "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset"
 	kubeaggregatorserver "k8s.io/kube-aggregator/pkg/cmd/server"
@@ -250,7 +251,11 @@ func TestAggregatedAPIServer(t *testing.
 	if err := ioutil.WriteFile(proxyClientCertFile.Name(), cert.EncodeCertPEM(proxyClientCert), 0600); err != nil {
 		t.Fatal(err)
 	}
-	if err := ioutil.WriteFile(proxyClientKeyFile.Name(), cert.EncodePrivateKeyPEM(proxyClientKey), 0644); err != nil {
+	proxyClientKeyPEM, err := keyutil.MarshalPrivateKeyToPEM(proxyClientKey)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if err := ioutil.WriteFile(proxyClientKeyFile.Name(), proxyClientKeyPEM, 0644); err != nil {
 		t.Fatal(err)
 	}
 	aggregatorPort := new(int32)
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.