search

kubernetes-retired / etcdadm

[EOL] etcdadm is a command-line tool for operating an etcd cluster
Apache License 2.0
765 stars 135 forks source link

Cert renewal #272

Closed ntaylor1781 closed 2 years ago

ntaylor1781 commented 2 years ago

This is continuing the work from https://github.com/kubernetes-sigs/etcdadm/pull/147 done by @pytimer. If it is preferred this continuation is done a different way, please let me know. Essentially this feature would be really helpful for myself, and I found the time to dig into it.

Last concern was about an issues with CSR generation. This was due to trying to write the CSR and key to the certificate directory. When calling TryLoadCSRAndKeyFromDisk it registered the key existed, and tried to load both. This caused the error stating it couldn't load the CSR.

As with kubeadm, this needed a directory to output the csr specifically. I added a new argument of csr-dir (with a default of the local directory). I split the RenewUsingLocalCA function into two functions. One for the CSRs, and one for the full certificates. The new RenewCSRUsingLocalCA function uses the new csr-dir path to output the CSRs. This ensures the key, from the cert being used, is not overwritten/cause the process to fail.

linux-foundation-easycla[bot] commented 2 years ago

CLA Not Signed

k8s-ci-robot commented 2 years ago

Thanks for your pull request. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

:memo: Please follow instructions at https://git.k8s.io/community/CLA.md#the-contributor-license-agreement to sign the CLA.

It may take a couple minutes for the CLA signature to be fully registered; after that, please reply here with a new comment and we'll verify. Thanks.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository. I understand the commands that are listed [here](https://go.k8s.io/bot-commands).
k8s-ci-robot commented 2 years ago

Hi @ntaylor1781. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
k8s-ci-robot commented 2 years ago

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: ntaylor1781 To complete the pull request process, please assign dlipovetsky after the PR has been reviewed. You can assign the PR to them by writing /assign @dlipovetsky in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files: - **[OWNERS](https://github.com/kubernetes-sigs/etcdadm/blob/master/OWNERS)** Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment
ntaylor1781 commented 2 years ago

Had the wrong email in config. Closing this, and will open a proper one.