Rename cert

Signed-off-by: Serge Logvinov <serge.logvinov@sinextra.dev>
siderolabs · Jun 18, 2021 · 37864fb · 37864fb
1 parent 383bb57
commit 37864fb
Show file tree

Hide file tree

Showing 5 changed files with 17 additions and 17 deletions.
diff --git a/internal/app/machined/pkg/controllers/secrets/etcd.go b/internal/app/machined/pkg/controllers/secrets/etcd.go
@@ -130,19 +130,19 @@ func (ctrl *EtcdController) Run(ctx context.Context, r controller.Runtime, logge
 func (ctrl *EtcdController) updateSecrets(etcdRoot *secrets.RootEtcdSpec, etcdCerts *secrets.EtcdCertsSpec) error {
 	var err error
 
-	etcdCerts.EtcdPeer, err = etcd.GeneratePeerCert(etcdRoot.EtcdCA)
+	etcdCerts.Etcd, err = etcd.GenerateClientCert(etcdRoot.EtcdCA)
 	if err != nil {
-		return fmt.Errorf("error generating etcd certs: %w", err)
+		return fmt.Errorf("error generating etcd client certs: %w", err)
 	}
 
-	etcdCerts.EtcdClient, err = etcd.GenerateClientCert(etcdRoot.EtcdCA)
+	etcdCerts.EtcdPeer, err = etcd.GeneratePeerCert(etcdRoot.EtcdCA)
 	if err != nil {
-		return fmt.Errorf("error generating etcd client certs: %w", err)
+		return fmt.Errorf("error generating etcd peer certs: %w", err)
 	}
 
 	etcdCerts.EtcdAPIServer, err = etcd.GenerateKubeAPIClientCert(etcdRoot.EtcdCA)
 	if err != nil {
-		return fmt.Errorf("error generating kube-apiserver etcd certs: %w", err)
+		return fmt.Errorf("error generating kube-apiserver etcd client certs: %w", err)
 	}
 
 	return nil

diff --git a/internal/app/machined/pkg/system/services/etcd.go b/internal/app/machined/pkg/system/services/etcd.go
@@ -220,11 +220,11 @@ func generatePKI(r runtime.Runtime) (err error) {
 		return err
 	}
 
-	if err = ioutil.WriteFile(constants.KubernetesEtcdClientKey, clientCertAndKey.Key, 0o400); err != nil {
+	if err = ioutil.WriteFile(constants.KubernetesEtcdKey, clientCertAndKey.Key, 0o400); err != nil {
 		return err
 	}
 
-	return ioutil.WriteFile(constants.KubernetesEtcdClientCert, clientCertAndKey.Crt, 0o400)
+	return ioutil.WriteFile(constants.KubernetesEtcdCert, clientCertAndKey.Crt, 0o400)
 }
 
 func addMember(ctx context.Context, r runtime.Runtime, addrs []string, name string) (*clientv3.MemberListResponse, uint64, error) {
@@ -357,8 +357,8 @@ func (e *Etcd) argsForInit(ctx context.Context, r runtime.Runtime) error {
 		"listen-peer-urls":      "https://" + net.FormatAddress(listenAddress) + ":2380",
 		"listen-client-urls":    "https://" + net.FormatAddress(listenAddress) + ":2379",
 		"client-cert-auth":      "true",
-		"cert-file":             constants.KubernetesEtcdClientCert,
-		"key-file":              constants.KubernetesEtcdClientKey,
+		"cert-file":             constants.KubernetesEtcdCert,
+		"key-file":              constants.KubernetesEtcdKey,
 		"trusted-ca-file":       constants.KubernetesEtcdCACert,
 		"peer-client-cert-auth": "true",
 		"peer-cert-file":        constants.KubernetesEtcdPeerCert,

diff --git a/internal/pkg/etcd/etcd.go b/internal/pkg/etcd/etcd.go
@@ -40,8 +40,8 @@ type Client struct {
 // a list of endpoints.
 func NewClient(endpoints []string) (client *Client, err error) {
 	tlsInfo := transport.TLSInfo{
-		CertFile:      constants.KubernetesEtcdClientCert,
-		KeyFile:       constants.KubernetesEtcdClientKey,
+		CertFile:      constants.KubernetesEtcdCert,
+		KeyFile:       constants.KubernetesEtcdKey,
 		TrustedCAFile: constants.KubernetesEtcdCACert,
 	}
 

diff --git a/pkg/machinery/constants/constants.go b/pkg/machinery/constants/constants.go
@@ -147,11 +147,11 @@ const (
 	// KubernetesEtcdPeerKey is the path to the etcd peer private key.
 	KubernetesEtcdPeerKey = EtcdPKIPath + "/" + "peer.key"
 
-	// KubernetesEtcdClientCert is the path to the etcd client certificate.
-	KubernetesEtcdClientCert = EtcdPKIPath + "/" + "client.crt"
+	// KubernetesEtcdCert is the path to the etcd client certificate.
+	KubernetesEtcdCert = EtcdPKIPath + "/" + "client.crt"
 
-	// KubernetesEtcdClientKey is the path to the etcd client private key.
-	KubernetesEtcdClientKey = EtcdPKIPath + "/" + "client.key"
+	// KubernetesEtcdKey is the path to the etcd client private key.
+	KubernetesEtcdKey = EtcdPKIPath + "/" + "client.key"
 
 	// KubernetesEtcdListenClientPort defines the port etcd listen on for client traffic.
 	KubernetesEtcdListenClientPort = "2379"

diff --git a/pkg/resources/secrets/etcd.go b/pkg/resources/secrets/etcd.go
@@ -26,9 +26,9 @@ type Etcd struct {
 
 // EtcdCertsSpec describes etcd certs secrets.
 type EtcdCertsSpec struct {
+	Etcd          *x509.PEMEncodedCertificateAndKey `yaml:"etcd"`
 	EtcdPeer      *x509.PEMEncodedCertificateAndKey `yaml:"etcdPeer"`
-	EtcdClient    *x509.PEMEncodedCertificateAndKey `yaml:"etcdClient"`
-	EtcdAPIServer *x509.PEMEncodedCertificateAndKey `yaml:"EtcdAPIServer"`
+	EtcdAPIServer *x509.PEMEncodedCertificateAndKey `yaml:"etcdAPIServer"`
 }
 
 // NewEtcd initializes a Etc resource.