nhyatt/mutating-webhook
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
mutating-webhook/internal/certificate/create-csr.go

58 lines
1.3 KiB
Go
Raw Blame History

package certificate
import (
"bytes"
"fmt"
"log"
"crypto/rand"
"crypto/x509"
"crypto/x509/pkix"
"encoding/pem"
)
func CreateCSR(privateKey string) (string, error) {
csr := x509.CertificateRequest{
Subject: pkix.Name{
Organization: []string{"Kubernetes Mutating Webserver"},
Country: []string{"K8S"},
Province: []string{"Cluster Service"},
Locality: []string{"Cluster Local"},
//StreetAddress: []string{""},
//PostalCode: []string{""},
},
DNSNames: []string{
"webhook",
"webhook.ingress-nginx",
"webhook.ingress-nginx.svc",
"webhook.ingress-nginx.svc.cluster",
"webhook.ingress-nginx.svc.cluster.local",
"*.svc.cluster.local",
},
SignatureAlgorithm: x509.SHA384WithRSA,
}
pemKey, _ := pem.Decode([]byte(privateKey))
if pemKey == nil || pemKey.Type != "RSA PRIVATE KEY" {
return "", fmt.Errorf("failed to decode PEM block containing private key")
}
keyPair, err := x509.ParsePKCS1PrivateKey(pemKey.Bytes)
if err != nil {
return "", err
}
csrData, err := x509.CreateCertificateRequest(rand.Reader, &csr, keyPair)
if err != nil {
return "", err
}
c := new(bytes.Buffer)
pem.Encode(c, &pem.Block{
Type: "CERTIFICATE REQUEST",
Bytes: csrData,
})
log.Printf("[TRACE] Generated Host CSR:\n%s", c.String())
return c.String(), nil
}
Reference in New Issue View Git Blame Copy Permalink