diff --git a/pkg/cmd/init.go b/pkg/cmd/init.go index 12c6961e96..698ff2c09b 100644 --- a/pkg/cmd/init.go +++ b/pkg/cmd/init.go @@ -21,6 +21,7 @@ import ( "github.com/openshift/microshift/pkg/config" "github.com/openshift/microshift/pkg/controllers" "github.com/openshift/microshift/pkg/util" + ctrl "k8s.io/kubernetes/pkg/controlplane" ) @@ -41,10 +42,6 @@ func initAll(cfg *config.MicroshiftConfig) error { return nil } -func loadCA(cfg *config.MicroshiftConfig) error { - return util.LoadRootCA(cfg.DataDir+"/certs/ca-bundle", "ca-bundle.crt", "ca-bundle.key") -} - func initCerts(cfg *config.MicroshiftConfig) error { _, svcNet, err := net.ParseCIDR(cfg.Cluster.ServiceCIDR) if err != nil { diff --git a/pkg/cmd/run.go b/pkg/cmd/run.go index 9a058e7ff3..f9c76b1fcf 100644 --- a/pkg/cmd/run.go +++ b/pkg/cmd/run.go @@ -20,7 +20,6 @@ import ( "github.com/sirupsen/logrus" "github.com/spf13/cobra" "github.com/spf13/pflag" - "k8s.io/klog/v2" ) const ( @@ -65,15 +64,6 @@ func RunMicroshift(cfg *config.MicroshiftConfig, flags *pflag.FlagSet) error { // TODO: change to only initialize what is strictly necessary for the selected role(s) if _, err := os.Stat(filepath.Join(cfg.DataDir, "certs")); errors.Is(err, os.ErrNotExist) { initAll(cfg) - } else { - err = loadCA(cfg) - if err != nil { - err := os.RemoveAll(filepath.Join(cfg.DataDir, "certs")) - if err != nil { - klog.ErrorS(err, "removing old certs directory") - } - util.Must(initAll(cfg)) - } } m := servicemanager.NewServiceManager() diff --git a/pkg/util/cert.go b/pkg/util/cert.go index 4d7f1d8a46..e0a5fd1bcb 100644 --- a/pkg/util/cert.go +++ b/pkg/util/cert.go @@ -36,7 +36,6 @@ import ( "time" "github.com/pkg/errors" - "k8s.io/klog/v2" ) var ( @@ -73,36 +72,6 @@ func GenCA(common string, svcName []string, duration time.Duration) (*rsa.Privat return key, ca, err } -func LoadRootCA(dir, certFilename, keyFilename string) error { - - key, err := ioutil.ReadFile(filepath.Join(dir, keyFilename)) - if err != nil { - return errors.Wrap(err, "error reading CA key") - } - - if rootKey, err = PemToPrivateKey(key); err != nil { - return errors.Wrap(err, "parsing CA key from PEM") - } - - certPath := filepath.Join(dir, certFilename) - cert, err := ioutil.ReadFile(certPath) - if err != nil { - return errors.Wrap(err, "reading CA certificate") - } - - if rootCA, err = PemToCertificate(cert); err != nil { - return errors.Wrap(err, "parsing CA certificate") - } - - now := time.Now() - - if now.After(rootCA.NotAfter) { - klog.ErrorS(nil, "CA has expired: current time %s is after %s", now.Format(time.RFC3339), rootCA.NotAfter.Format(time.RFC3339)) - } - - return nil -} - func StoreRootCA(common, dir, certFilename, keyFilename string, svcName []string) error { if rootCA == nil || rootKey == nil { var err error @@ -217,15 +186,6 @@ func (cfg *CertCfg) GenerateSelfSignedCertificate() (*rsa.PrivateKey, *x509.Cert // GenerateSignedCertificate generate a key and cert defined by CertCfg and signed by CA. func (cfg *CertCfg) GenerateSignedCertificate(caKey *rsa.PrivateKey, caCert *x509.Certificate) (*rsa.PrivateKey, *x509.Certificate, error) { - - if caCert == nil { - return nil, nil, errors.New("Unable to GenerateSignedCertificate with (nil) caCert") - } - - if caKey == nil { - return nil, nil, errors.New("Unable to GenerateSignedCertificate with (nil) caKey") - } - // create a private key key, err := PrivateKey() if err != nil {