Update to new certs package since latest k8s dropped it

addons/addons.go

@@ -2,6 +2,7 @@ package addons
 
 import (
 	"fmt"
+	"k8s.io/client-go/transport"
 	"strconv"
 
 	"github.com/rancher/rke/k8s"
@@ -27,7 +28,7 @@ func getAddonJob(addonName, nodeName, image string, isDelete bool) (string, erro
 	return templates.CompileTemplateFromMap(templates.AddonJobTemplate, jobConfig)
 }
 
-func AddonJobExists(addonJobName, kubeConfigPath string, k8sWrapTransport k8s.WrapTransport) (bool, error) {
+func AddonJobExists(addonJobName, kubeConfigPath string, k8sWrapTransport transport.WrapperFunc) (bool, error) {
 	k8sClient, err := k8s.NewClient(kubeConfigPath, k8sWrapTransport)
 	if err != nil {
 		return false, err

authz/authz.go

@@ -6,9 +6,10 @@ import (
 	"github.com/rancher/rke/k8s"
 	"github.com/rancher/rke/log"
 	"github.com/rancher/rke/templates"
+	"k8s.io/client-go/transport"
 )
 
-func ApplyJobDeployerServiceAccount(ctx context.Context, kubeConfigPath string, k8sWrapTransport k8s.WrapTransport) error {
+func ApplyJobDeployerServiceAccount(ctx context.Context, kubeConfigPath string, k8sWrapTransport transport.WrapperFunc) error {
 	log.Infof(ctx, "[authz] Creating rke-job-deployer ServiceAccount")
 	k8sClient, err := k8s.NewClient(kubeConfigPath, k8sWrapTransport)
 	if err != nil {
@@ -24,7 +25,7 @@ func ApplyJobDeployerServiceAccount(ctx context.Context, kubeConfigPath string,
 	return nil
 }
 
-func ApplySystemNodeClusterRoleBinding(ctx context.Context, kubeConfigPath string, k8sWrapTransport k8s.WrapTransport) error {
+func ApplySystemNodeClusterRoleBinding(ctx context.Context, kubeConfigPath string, k8sWrapTransport transport.WrapperFunc) error {
 	log.Infof(ctx, "[authz] Creating system:node ClusterRoleBinding")
 	k8sClient, err := k8s.NewClient(kubeConfigPath, k8sWrapTransport)
 	if err != nil {
@@ -37,7 +38,7 @@ func ApplySystemNodeClusterRoleBinding(ctx context.Context, kubeConfigPath strin
 	return nil
 }
 
-func ApplyKubeAPIClusterRole(ctx context.Context, kubeConfigPath string, k8sWrapTransport k8s.WrapTransport) error {
+func ApplyKubeAPIClusterRole(ctx context.Context, kubeConfigPath string, k8sWrapTransport transport.WrapperFunc) error {
 	log.Infof(ctx, "[authz] Creating kube-apiserver proxy ClusterRole and ClusterRoleBinding")
 	k8sClient, err := k8s.NewClient(kubeConfigPath, k8sWrapTransport)
 	if err != nil {

authz/psp.go

@@ -3,12 +3,14 @@ package authz
 import (
 	"context"
 
+	"k8s.io/client-go/transport"
+
 	"github.com/rancher/rke/k8s"
 	"github.com/rancher/rke/log"
 	"github.com/rancher/rke/templates"
 )
 
-func ApplyDefaultPodSecurityPolicy(ctx context.Context, kubeConfigPath string, k8sWrapTransport k8s.WrapTransport) error {
+func ApplyDefaultPodSecurityPolicy(ctx context.Context, kubeConfigPath string, k8sWrapTransport transport.WrapperFunc) error {
 	log.Infof(ctx, "[authz] Applying default PodSecurityPolicy")
 	k8sClient, err := k8s.NewClient(kubeConfigPath, k8sWrapTransport)
 	if err != nil {
@@ -21,7 +23,7 @@ func ApplyDefaultPodSecurityPolicy(ctx context.Context, kubeConfigPath string, k
 	return nil
 }
 
-func ApplyDefaultPodSecurityPolicyRole(ctx context.Context, kubeConfigPath, namespace string, k8sWrapTransport k8s.WrapTransport) error {
+func ApplyDefaultPodSecurityPolicyRole(ctx context.Context, kubeConfigPath, namespace string, k8sWrapTransport transport.WrapperFunc) error {
 	log.Infof(ctx, "[authz] Applying default PodSecurityPolicy Role and RoleBinding in %s", namespace)
 	k8sClient, err := k8s.NewClient(kubeConfigPath, k8sWrapTransport)
 	if err != nil {

cluster/certificates.go

@@ -10,9 +10,9 @@ import (
 	"github.com/rancher/rke/k8s"
 	"github.com/rancher/rke/log"
 	"github.com/rancher/rke/pki"
+	"github.com/rancher/rke/pki/cert"
 	"github.com/rancher/rke/services"
 	"github.com/sirupsen/logrus"
-	"k8s.io/client-go/util/cert"
 )
 
 func SetUpAuthentication(ctx context.Context, kubeCluster, currentCluster *Cluster, fullState *FullState) error {

cluster/cluster.go

@@ -8,14 +8,15 @@ import (
 	"strings"
 	"time"
 
-	"github.com/rancher/rke/metadata"
+	"github.com/rancher/rke/pki/cert"
 
 	"github.com/docker/docker/api/types"
 	"github.com/rancher/rke/authz"
 	"github.com/rancher/rke/docker"
 	"github.com/rancher/rke/hosts"
 	"github.com/rancher/rke/k8s"
 	"github.com/rancher/rke/log"
+	"github.com/rancher/rke/metadata"
 	"github.com/rancher/rke/pki"
 	"github.com/rancher/rke/services"
 	"github.com/rancher/rke/util"
@@ -26,7 +27,7 @@ import (
 	v1 "k8s.io/api/core/v1"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/tools/clientcmd"
-	"k8s.io/client-go/util/cert"
+	"k8s.io/client-go/transport"
 )
 
 type Cluster struct {
@@ -46,7 +47,7 @@ type Cluster struct {
 	EtcdReadyHosts                   []*hosts.Host
 	ForceDeployCerts                 bool
 	InactiveHosts                    []*hosts.Host
-	K8sWrapTransport                 k8s.WrapTransport
+	K8sWrapTransport                 transport.WrapperFunc
 	KubeClient                       *kubernetes.Clientset
 	KubernetesServiceIP              net.IP
 	LocalKubeConfigPath              string
@@ -264,7 +265,7 @@ func rebuildLocalAdminConfig(ctx context.Context, kubeCluster *Cluster) error {
 	return nil
 }
 
-func isLocalConfigWorking(ctx context.Context, localKubeConfigPath string, k8sWrapTransport k8s.WrapTransport) bool {
+func isLocalConfigWorking(ctx context.Context, localKubeConfigPath string, k8sWrapTransport transport.WrapperFunc) bool {
 	if _, err := GetK8sVersion(localKubeConfigPath, k8sWrapTransport); err != nil {
 		log.Infof(ctx, "[reconcile] Local config is not valid, rebuilding admin config")
 		return false

cluster/reconcile.go

@@ -10,11 +10,11 @@ import (
 	"github.com/rancher/rke/k8s"
 	"github.com/rancher/rke/log"
 	"github.com/rancher/rke/pki"
+	"github.com/rancher/rke/pki/cert"
 	"github.com/rancher/rke/services"
 	v3 "github.com/rancher/types/apis/management.cattle.io/v3"
 	"github.com/sirupsen/logrus"
 	"k8s.io/client-go/kubernetes"
-	"k8s.io/client-go/util/cert"
 )
 
 const (

cluster/state.go

@@ -11,6 +11,8 @@ import (
 	"strings"
 	"time"
 
+	"k8s.io/client-go/transport"
+
 	"github.com/rancher/rke/hosts"
 	"github.com/rancher/rke/k8s"
 	"github.com/rancher/rke/log"
@@ -130,7 +132,7 @@ func GetStateFromKubernetes(ctx context.Context, kubeCluster *Cluster) (*Cluster
 	}
 }
 
-func GetK8sVersion(localConfigPath string, k8sWrapTransport k8s.WrapTransport) (string, error) {
+func GetK8sVersion(localConfigPath string, k8sWrapTransport transport.WrapperFunc) (string, error) {
 	logrus.Debugf("[version] Using %s to connect to Kubernetes cluster..", localConfigPath)
 	k8sClient, err := k8s.NewClient(localConfigPath, k8sWrapTransport)
 	if err != nil {

cmd/cert.go

@@ -8,10 +8,10 @@ import (
 	"github.com/rancher/rke/hosts"
 	"github.com/rancher/rke/log"
 	"github.com/rancher/rke/pki"
+	"github.com/rancher/rke/pki/cert"
 	"github.com/rancher/rke/services"
-	"github.com/rancher/types/apis/management.cattle.io/v3"
+	v3 "github.com/rancher/types/apis/management.cattle.io/v3"
 	"github.com/urfave/cli"
-	"k8s.io/client-go/util/cert"
 )
 
 func CertificateCommand() cli.Command {

cmd/up.go

@@ -11,9 +11,9 @@ import (
 	"github.com/rancher/rke/hosts"
 	"github.com/rancher/rke/log"
 	"github.com/rancher/rke/pki"
-	"github.com/rancher/types/apis/management.cattle.io/v3"
+	"github.com/rancher/rke/pki/cert"
+	v3 "github.com/rancher/types/apis/management.cattle.io/v3"
 	"github.com/urfave/cli"
-	"k8s.io/client-go/util/cert"
 )
 
 const DINDWaitTime = 3

hosts/dialer.go

@@ -2,12 +2,12 @@ package hosts
 
 import (
 	"fmt"
+	"k8s.io/client-go/transport"
 	"net"
 	"net/http"
 	"strings"
 	"time"
 
-	"github.com/rancher/rke/k8s"
 	"github.com/rancher/types/apis/management.cattle.io/v3"
 	"golang.org/x/crypto/ssh"
 )
@@ -33,10 +33,10 @@ type dialer struct {
 type DialersOptions struct {
 	DockerDialerFactory    DialerFactory
 	LocalConnDialerFactory DialerFactory
-	K8sWrapTransport       k8s.WrapTransport
+	K8sWrapTransport       transport.WrapperFunc
 }
 
-func GetDialerOptions(d, l DialerFactory, w k8s.WrapTransport) DialersOptions {
+func GetDialerOptions(d, l DialerFactory, w transport.WrapperFunc) DialersOptions {
 	return DialersOptions{
 		DockerDialerFactory:    d,
 		LocalConnDialerFactory: l,
@@ -221,7 +221,7 @@ func (d *dialer) getBastionHostTunnelConn() (*ssh.Client, error) {
 	return ssh.NewClient(newClientConn, channels, sshRequest), nil
 }
 
-func BastionHostWrapTransport(bastionHost v3.BastionHost) (k8s.WrapTransport, error) {
+func BastionHostWrapTransport(bastionHost v3.BastionHost) (transport.WrapperFunc, error) {
 
 	bastionDialer := &dialer{
 		sshAddress:      fmt.Sprintf("%s:%s", bastionHost.Address, bastionHost.Port),

k8s/job.go

@@ -2,22 +2,21 @@ package k8s
 
 import (
 	"fmt"
-
 	"github.com/sirupsen/logrus"
 	"k8s.io/api/batch/v1"
 	corev1 "k8s.io/api/core/v1"
-	"k8s.io/client-go/kubernetes"
-
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/transport"
 )
 
 type JobStatus struct {
 	Completed bool
 	Created   bool
 }
 
-func ApplyK8sSystemJob(jobYaml, kubeConfigPath string, k8sWrapTransport WrapTransport, timeout int, addonUpdated bool) error {
+func ApplyK8sSystemJob(jobYaml, kubeConfigPath string, k8sWrapTransport transport.WrapperFunc, timeout int, addonUpdated bool) error {
 	job := v1.Job{}
 	if err := decodeYamlResource(&job, jobYaml); err != nil {
 		return err

k8s/k8s.go

@@ -2,7 +2,7 @@ package k8s
 
 import (
 	"bytes"
-	"net/http"
+	"k8s.io/client-go/transport"
 	"time"
 
 	yamlutil "k8s.io/apimachinery/pkg/util/yaml"
@@ -19,9 +19,7 @@ const (
 
 type k8sCall func(*kubernetes.Clientset, interface{}) error
 
-type WrapTransport func(rt http.RoundTripper) http.RoundTripper
-
-func NewClient(kubeConfigPath string, k8sWrapTransport WrapTransport) (*kubernetes.Clientset, error) {
+func NewClient(kubeConfigPath string, k8sWrapTransport transport.WrapperFunc) (*kubernetes.Clientset, error) {
 	// use the current admin kubeconfig
 	config, err := clientcmd.BuildConfigFromFlags("", kubeConfigPath)
 	if err != nil {