| /* |
| Copyright 2018 The Kubernetes Authors. |
| |
| Licensed under the Apache License, Version 2.0 (the "License"); |
| you may not use this file except in compliance with the License. |
| You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| */ |
| |
| package main |
| |
| import ( |
| "crypto/tls" |
| "flag" |
| |
| "k8s.io/klog" |
| ) |
| |
| // Config contains the server (the webhook) cert and key. |
| type Config struct { |
| CertFile string |
| KeyFile string |
| } |
| |
| func (c *Config) addFlags() { |
| flag.StringVar(&c.CertFile, "tls-cert-file", c.CertFile, ""+ |
| "File containing the default x509 Certificate for HTTPS. (CA cert, if any, concatenated "+ |
| "after server cert).") |
| flag.StringVar(&c.KeyFile, "tls-private-key-file", c.KeyFile, ""+ |
| "File containing the default x509 private key matching --tls-cert-file.") |
| } |
| |
| func configTLS(config Config) *tls.Config { |
| sCert, err := tls.LoadX509KeyPair(config.CertFile, config.KeyFile) |
| if err != nil { |
| klog.Fatal(err) |
| } |
| return &tls.Config{ |
| Certificates: []tls.Certificate{sCert}, |
| // TODO: uses mutual tls after we agree on what cert the apiserver should use. |
| // ClientAuth: tls.RequireAndVerifyClientCert, |
| } |
| } |