From a10e5d354cb492324f8be78b5b6d554dde826b21 Mon Sep 17 00:00:00 2001 From: Craig Johnston Date: Thu, 20 Jul 2023 12:40:15 -0700 Subject: [PATCH] improved cert path management --- README.md | 2 +- cmd/amp.go | 13 ++++++------- 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 958d4e7..80f6e00 100644 --- a/README.md +++ b/README.md @@ -70,7 +70,7 @@ kubectl apply -f ./k8s/00-namespace.yml Create Certificate as Kubernets Secret in the new `amp-system` Namespace: ```shell script -curl https://raw.githubusercontent.com/morvencao/kube-mutating-webhook-tutorial/master/deployment/webhook-create-signed-cert.sh -o cert-gen.sh +curl https://raw.githubusercontent.com/IBM/istio101/master/presentation/scripts/install/kubernetes/webhook-create-signed-cert.sh -o cert-gen.sh chmod 775 cert-gen.sh diff --git a/cmd/amp.go b/cmd/amp.go index 9eb2875..313fdcb 100644 --- a/cmd/amp.go +++ b/cmd/amp.go @@ -34,7 +34,8 @@ var ( modeEnv = getEnv("MODE", "release") httpReadTimeoutEnv = getEnv("HTTP_READ_TIMEOUT", "10") httpWriteTimeoutEnv = getEnv("HTTP_WRITE_TIMEOUT", "10") - certPathEnv = getEnv("CERT_PATH", "") + certPathCrtEnv = getEnv("CERT_PATH_CRT", "/cert/tls.crt") + certPathKeyEnv = getEnv("CERT_PATH_KEY", "/cert/tls.key") mutationEpAnnotationEnv = getEnv("MUTATION_EP_ANNOTATION", "mutation.amp.txn2.com/ep") validationEpAnnotationEnv = getEnv("VALIDATION_EP_ANNOTATION", "validation.amp.txn2.com/ep") ) @@ -74,7 +75,8 @@ func main() { var ( ip = flag.String("ip", ipEnv, "Server IP address to bind to.") port = flag.String("port", portEnv, "Server port.") - certPath = flag.String("certPath", certPathEnv, "Cert path. If populated will serve TLS.") + certPathCrt = flag.String("certPathCrt", certPathCrtEnv, "Cert path tls.crt. If populated along with certPathKey will serve TLS.") + certPathKey = flag.String("certPathKey", certPathKeyEnv, "Cert path tls.key. If populated along with certPathCrt will serve TLS.") metricsPort = flag.String("metricsPort", metricsPortEnv, "Metrics port.") mode = flag.String("mode", modeEnv, "debug or release") httpReadTimeout = flag.Int("httpReadTimeout", httpReadTimeoutInt, "HTTP read timeout") @@ -216,11 +218,8 @@ func main() { MaxHeaderBytes: 1 << 20, // 1 MB } - if *certPath != "" { - certFile := *certPath + "/cert.pem" - keyFile := *certPath + "/key.pem" - - err = s.ListenAndServeTLS(certFile, keyFile) + if *certPathKey != "" && *certPathCrt != "" { + err = s.ListenAndServeTLS(*certPathCrt, *certPathKey) if err != nil { logger.Fatal(err.Error()) }