Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump Go to v1.24 #17295

Merged
merged 2 commits into from
Mar 10, 2025
Merged

Bump Go to v1.24 #17295

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
f3191bd
Bump to Go 1.24
ameukam Feb 28, 2025
1ed0cde
Increase the key size for KubeConfig private key
ameukam Mar 5, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .golangci.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
run:
timeout: 30m
go: "1.23"
go: "1.24"

issues:
max-same-issues: 0
Expand Down
108 changes: 54 additions & 54 deletions cloudbuild.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,64 +2,64 @@
timeout: 1800s
options:
substitution_option: ALLOW_LOOSE
machineType: 'N1_HIGHCPU_32'
machineType: "E2_HIGHCPU_32"
steps:
# Push the images
- name: 'docker.io/library/golang:1.23.5-bookworm'
id: images
entrypoint: make
env:
# _GIT_TAG is not a valid semver, we use CI=1 instead
# - VERSION=$_GIT_TAG
- CI=$_CI
- PULL_BASE_REF=$_PULL_BASE_REF
- DOCKER_REGISTRY=$_DOCKER_REGISTRY
- DOCKER_IMAGE_PREFIX=$_DOCKER_IMAGE_PREFIX
args:
- kops-utils-cp-push
- kops-controller-push
- dns-controller-push
- kube-apiserver-healthcheck-push
# Push the artifacts
- name: 'docker.io/library/golang:1.23.5-bookworm'
id: artifacts
entrypoint: make
env:
# _GIT_TAG is not a valid semver, we use CI=1 instead
# - VERSION=$_GIT_TAG
- CI=$_CI
- PULL_BASE_REF=$_PULL_BASE_REF
- DOCKER_REGISTRY=$_DOCKER_REGISTRY
- DOCKER_IMAGE_PREFIX=$_DOCKER_IMAGE_PREFIX
- GCS_LOCATION=$_GCS_LOCATION
- LATEST_FILE=markers/${_PULL_BASE_REF}/latest-ci.txt
args:
- gcs-upload-and-tag
# Build cloudbuild artifacts (for attestation)
- name: 'docker.io/library/golang:1.23.5-bookworm'
id: cloudbuild-artifacts
entrypoint: make
env:
# _GIT_TAG is not a valid semver, we use CI=1 instead
# - VERSION=$_GIT_TAG
- CI=$_CI
- PULL_BASE_REF=$_PULL_BASE_REF
- DOCKER_REGISTRY=$_DOCKER_REGISTRY
- DOCKER_IMAGE_PREFIX=$_DOCKER_IMAGE_PREFIX
- GCS_LOCATION=$_GCS_LOCATION
- LATEST_FILE=markers/${_PULL_BASE_REF}/latest-ci.txt
args:
- cloudbuild-artifacts
# Push the images
- name: "mirror.gcr.io/library/golang:1.24.1-bookworm"
id: images
entrypoint: make
env:
# _GIT_TAG is not a valid semver, we use CI=1 instead
# - VERSION=$_GIT_TAG
- CI=$_CI
- PULL_BASE_REF=$_PULL_BASE_REF
- DOCKER_REGISTRY=$_DOCKER_REGISTRY
- DOCKER_IMAGE_PREFIX=$_DOCKER_IMAGE_PREFIX
args:
- kops-utils-cp-push
- kops-controller-push
- dns-controller-push
- kube-apiserver-healthcheck-push
# Push the artifacts
- name: "mirror.gcr.io/library/golang:1.24.1-bookworm"
id: artifacts
entrypoint: make
env:
# _GIT_TAG is not a valid semver, we use CI=1 instead
# - VERSION=$_GIT_TAG
- CI=$_CI
- PULL_BASE_REF=$_PULL_BASE_REF
- DOCKER_REGISTRY=$_DOCKER_REGISTRY
- DOCKER_IMAGE_PREFIX=$_DOCKER_IMAGE_PREFIX
- GCS_LOCATION=$_GCS_LOCATION
- LATEST_FILE=markers/${_PULL_BASE_REF}/latest-ci.txt
args:
- gcs-upload-and-tag
# Build cloudbuild artifacts (for attestation)
- name: "mirror.gcr.io/library/golang:1.24.1-bookworm"
id: cloudbuild-artifacts
entrypoint: make
env:
# _GIT_TAG is not a valid semver, we use CI=1 instead
# - VERSION=$_GIT_TAG
- CI=$_CI
- PULL_BASE_REF=$_PULL_BASE_REF
- DOCKER_REGISTRY=$_DOCKER_REGISTRY
- DOCKER_IMAGE_PREFIX=$_DOCKER_IMAGE_PREFIX
- GCS_LOCATION=$_GCS_LOCATION
- LATEST_FILE=markers/${_PULL_BASE_REF}/latest-ci.txt
args:
- cloudbuild-artifacts
substitutions:
# _GIT_TAG will be filled with a git-based tag for the image, of the form vYYYYMMDD-hash, and
# can be used as a substitution
_CI: '1'
_GIT_TAG: '12345'
_PULL_BASE_REF: 'dev'
_DOCKER_REGISTRY: 'gcr.io'
_DOCKER_IMAGE_PREFIX: 'k8s-staging-kops/'
_GCS_LOCATION: 'gs://k8s-staging-kops/kops/releases/'
_CI: "1"
_GIT_TAG: "12345"
_PULL_BASE_REF: "dev"
_DOCKER_REGISTRY: "gcr.io"
_DOCKER_IMAGE_PREFIX: "k8s-staging-kops/"
_GCS_LOCATION: "gs://k8s-staging-kops/kops/releases/"
artifacts:
objects:
location: '$_GCS_LOCATION/$_GIT_TAG/cloudbuild/'
location: "$_GCS_LOCATION/$_GIT_TAG/cloudbuild/"
paths: ["cloudbuild/*"]
4 changes: 3 additions & 1 deletion go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
module k8s.io/kops

// This should be kept in sync with cloudbuild.yaml and the other go.mod files
go 1.23.5
go 1.24.1

godebug default=go1.24

require (
cloud.google.com/go/compute/metadata v0.5.2
Expand Down
2 changes: 1 addition & 1 deletion hack/go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
module k8s.io/kops/hack

go 1.23.5
go 1.24.1

require (
github.com/client9/misspell v0.3.4
Expand Down
2 changes: 1 addition & 1 deletion pkg/kubeconfig/create_kubecfg_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -142,7 +142,7 @@ func fakeKeyset() *fi.Keyset {

func TestBuildKubecfg(t *testing.T) {
originalPKIDefaultPrivateKeySize := pki.DefaultPrivateKeySize
pki.DefaultPrivateKeySize = 512
pki.DefaultPrivateKeySize = 2048
defer func() {
pki.DefaultPrivateKeySize = originalPKIDefaultPrivateKeySize
}()
Expand Down
15 changes: 10 additions & 5 deletions pkg/pki/certificate_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,10 +29,10 @@ import (
)

func TestGenerateCertificate(t *testing.T) {
data := "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEA4JwpEprZ5n8RIEt6jT2lAh+UDgRgx/4px21gjgywQivYHVxH\nAZexVb/E9pBa9Q2G9B1Q7TCO7YsUVRQy4JMDZVt+McFnWVwexnqBYFNcVjkEmDgA\ngvCYGE0P9d/RwRL4KuLHo+u6fv7P0jXMN+CpOxyLhYZZNa0ZOZDHsSiJSQSj9WGF\nGHrbCf0KVDpKieR1uBqHrRO+mLR5zkX2L58m74kjK4dsBhmjeq/7OAoTmiG2QgJ/\nP2IjyhiA2mRqY+hl55lwEUV/0yHYEkJC8LdGkwwZz2eF77aSPGmi/A2CSKgMwDTx\n9m+P7jcpWreYw6NG9BueGoDIve/tgFKwvVFF6QIDAQABAoIBAA0ktjaTfyrAxsTI\nBezb7Zr5NBW55dvuII299cd6MJo+rI/TRYhvUv48kY8IFXp/hyUjzgeDLunxmIf9\n/Zgsoic9Ol44/g45mMduhcGYPzAAeCdcJ5OB9rR9VfDCXyjYLlN8H8iU0734tTqM\n0V13tQ9zdSqkGPZOIcq/kR/pylbOZaQMe97BTlsAnOMSMKDgnftY4122Lq3GYy+t\nvpr+bKVaQZwvkLoSU3rECCaKaghgwCyX7jft9aEkhdJv+KlwbsGY6WErvxOaLWHd\ncuMQjGapY1Fa/4UD00mvrA260NyKfzrp6+P46RrVMwEYRJMIQ8YBAk6N6Hh7dc0G\n8Z6i1m0CgYEA9HeCJR0TSwbIQ1bDXUrzpftHuidG5BnSBtax/ND9qIPhR/FBW5nj\n22nwLc48KkyirlfIULd0ae4qVXJn7wfYcuX/cJMLDmSVtlM5Dzmi/91xRiFgIzx1\nAsbBzaFjISP2HpSgL+e9FtSXaaqeZVrflitVhYKUpI/AKV31qGHf04sCgYEA6zTV\n99Sb49Wdlns5IgsfnXl6ToRttB18lfEKcVfjAM4frnkk06JpFAZeR+9GGKUXZHqs\nz2qcplw4d/moCC6p3rYPBMLXsrGNEUFZqBlgz72QA6BBq3X0Cg1Bc2ZbK5VIzwkg\nST2SSux6ccROfgULmN5ZiLOtdUKNEZpFF3i3qtsCgYADT/s7dYFlatobz3kmMnXK\nsfTu2MllHdRys0YGHu7Q8biDuQkhrJwhxPW0KS83g4JQym+0aEfzh36bWcl+u6R7\nKhKj+9oSf9pndgk345gJz35RbPJYh+EuAHNvzdgCAvK6x1jETWeKf6btj5pF1U1i\nQ4QNIw/QiwIXjWZeubTGsQKBgQCbduLu2rLnlyyAaJZM8DlHZyH2gAXbBZpxqU8T\nt9mtkJDUS/KRiEoYGFV9CqS0aXrayVMsDfXY6B/S/UuZjO5u7LtklDzqOf1aKG3Q\ndGXPKibknqqJYH+bnUNjuYYNerETV57lijMGHuSYCf8vwLn3oxBfERRX61M/DU8Z\nworz/QKBgQDCTJI2+jdXg26XuYUmM4XXfnocfzAXhXBULt1nENcogNf1fcptAVtu\nBAiz4/HipQKqoWVUYmxfgbbLRKKLK0s0lOWKbYdVjhEm/m2ZU8wtXTagNwkIGoyq\nY/C1Lox4f1ROJnCjc/hfcOjcxX5M8A8peecHWlVtUPKTJgxQ7oMKcw==\n-----END RSA PRIVATE KEY-----\n"
publicKeyData := "-----BEGIN RSA PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4JwpEprZ5n8RIEt6jT2l\nAh+UDgRgx/4px21gjgywQivYHVxHAZexVb/E9pBa9Q2G9B1Q7TCO7YsUVRQy4JMD\nZVt+McFnWVwexnqBYFNcVjkEmDgAgvCYGE0P9d/RwRL4KuLHo+u6fv7P0jXMN+Cp\nOxyLhYZZNa0ZOZDHsSiJSQSj9WGFGHrbCf0KVDpKieR1uBqHrRO+mLR5zkX2L58m\n74kjK4dsBhmjeq/7OAoTmiG2QgJ/P2IjyhiA2mRqY+hl55lwEUV/0yHYEkJC8LdG\nkwwZz2eF77aSPGmi/A2CSKgMwDTx9m+P7jcpWreYw6NG9BueGoDIve/tgFKwvVFF\n6QIDAQAB\n-----END RSA PUBLIC KEY-----\n"
signerCertData := "-----BEGIN CERTIFICATE-----\nMIIBTDCB96ADAgECAhBjHcUz56MCdYqSYy7TYNe3MA0GCSqGSIb3DQEBCwUAMBUx\nEzARBgNVBAMTCnNlbGZzaWduZWQwHhcNMjAwNDI0MjMzNDM5WhcNMzAwNDI0MjMz\nNDM5WjAVMRMwEQYDVQQDEwpzZWxmc2lnbmVkMFwwDQYJKoZIhvcNAQEBBQADSwAw\nSAJBAL5zWUObMH5dBestQgDIa4B/rT7Cc21AK+B7gPvMcEfIWow5u6QE+EyhRTPv\n727oY+2MU9e4vq5RXBG7hneuBoECAwEAAaMjMCEwDgYDVR0PAQH/BAQDAgEGMA8G\nA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADQQBLUFz7gDKRRyjEwgRZnZzP\nOma9WIgOjX36OFllyGkspu1ZcW/EtGEGNXqtMsm1QmG38Lh7Nkehb5xoAmm6hkFA\n-----END CERTIFICATE-----"
signerKeyData := "-----BEGIN RSA PRIVATE KEY-----\nMIIBOQIBAAJBAL5zWUObMH5dBestQgDIa4B/rT7Cc21AK+B7gPvMcEfIWow5u6QE\n+EyhRTPv727oY+2MU9e4vq5RXBG7hneuBoECAwEAAQJAZ9ZUUPwIEJ1/YJ4oYmzj\n0AfM2W8DqAlY4ufzh1YL0daGUkiuQg0p6CeqFqgnQluZ3bcXPG8iBQp1EeekULFL\nAQIhAOGbozbIEI+26Ehv41aCMWkKO1R05AVzmoNp1T2Ke6npAiEA2BtEPRSdhLek\nZR7vhk7KNTJ2XExJ+T/l2849EsojANkCIAWYD1b3ZPm7Rk0tgQyPE9yP5WK1t0Wv\nVSB3ClOJUIGpAiAfUBQbJZmNWW6gmFLsiw4RlzY/OW6ehvuvVbrTtiZMQQIgD2zY\nU2EjvR0zY5PsJYbcLHa9ieCA5ni/VW70WKn9K5s=\n-----END RSA PRIVATE KEY-----"
data := "-----BEGIN PRIVATE KEY-----\nMIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCthOYz2rjTI2x7hyWDiqxUS4LPBXctThTRCm8mGANvCaHESVhMMAVkeIINn90zhVHvr48CnMR2qSWwxR8AZJpFvR7hKk8gHh494pLW/eSUwP3pJbSOxt0OsxXEflaiHR5x1VJ9DsTl9Vy3qSkhsYBFPMMoLk7kpb3Y0F+t6ewIFrFw0IHXvbSYm07dN6amJXU/L78X/kAcsD9IDfE4EqOf5P4WBpXZ4YnCt+kpQR0sFmCst/2ktlgU+TCsP+PNUuzHsAovmLNdOdpplC1VmIUaT5/CuAITz0YASs8L2H9MlgxtwJ3CkNr/H4Y1UhTXxgKPMskdvrMGLLkh+Y7z4k/vAgMBAAECggEABLEsI759h/a/F2SzVCga+oPji3iQ3UXtadetOMD70B6uY/yTFCr/l6oV44ttSQLeZoD/TilHZhQIg7auMhhbqZjFwyid5MxGXL20jcwQyHWi3Waacs/tfgPEChZb07ITjC13YmVUrV6MqB9oEClYwsaJWnFMyyxbgrI5HB6lYMnnjzU+otkqwVtMbe1mO1nX7paBxJ+pNbtasihKCWRJZAMZ9bcRw01+QFRca2CVJjPWlkD9N2S/0Q7+4YqUTNh/dx3t2uBuxg1ji7TQzBKT5ftF9lLlDwlEyXYqqOYUFgU9541sGVUVisXp/mykJVN7z3osoz+oU62kXqQm0YLlQQKBgQDdZqDKwDVmL23Tguwhrs6quj8VWCpD78YC8zzICFBDDWWY5Jdl+07Bw9gwgHyb8h3JfRMXXFg62tFald10hqi5raLva6QKYwkLSe372syrJXaEej/x8NE1bQf8wzl6yS0fv/UwZ1aZTiKUSj7LKNS720IDAGdEn/1NdL6zUBNkQQKBgQDIorZGO/zkLyWRU1Zzc2pxwtL/iYwFmsndKEEojvs0NIe6ySIG0HOw+wFqczjoiyIORten8Vypz4CEUe4fVJwkeJa6GrVFNWTlNi4mX2p33L9OJEFa82Uisf0amTedC2RQEfnMu5PKDedVl5WZ3HOUbQPNJ+qYy+9SyhHi73joLwKBgBpbb2TzwOerWc3GVkokP2I/zebCmjWAQ/hx8Jh3tOZmn+O1wvhXFKcoo4ISqcL+7eDgzPcI/U/0YNwB311R8qA4NZ9/FwZNh/QaFwTWpWryiMt4qkgpPR65HixPKXaeoIqZFZ1vj/WsQZ2ZwSP6dmjuz0sAL0sSKNuhvFoofEaBAoGAGzppvjJZ6aW0VXqX2uco5PNpqyBBjmkpSAg0f4qX8MfIO8McCQy1Bqmp0YZ9jKGFJ6bZkYMh7jGo4Uw1Iq9a2WA8JFmHjDLo1Gp77N06F7YviC1HaU5qxUCedsOgVoG7RVqLKguyzNMCOA1wUgcm8FezEl5+aeoTOosNzlxtbiUCgYB0OWavac9ZP/BDU2gfTkeks/Z+HtIssToBQ1AiByQxdTPNHZ5GCDvvy/9g8CKETkHU1DoG78lAsMCMDUc1mPFVpTJllxaO9SOIgfYxgkRt9fyenQmdhiXbvJ4vv503sAQdU1knw2UgIcwPjXAaBR3Rf2gyMBkdZ2icQvILKz2OOQ==\n-----END PRIVATE KEY-----"
publicKeyData := "-----BEGIN RSA PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArYTmM9q40yNse4clg4qs\nVEuCzwV3LU4U0QpvJhgDbwmhxElYTDAFZHiCDZ/dM4VR76+PApzEdqklsMUfAGSa\nRb0e4SpPIB4ePeKS1v3klMD96SW0jsbdDrMVxH5Woh0ecdVSfQ7E5fVct6kpIbGA\nRTzDKC5O5KW92NBfrensCBaxcNCB1720mJtO3TempiV1Py+/F/5AHLA/SA3xOBKj\nn+T+FgaV2eGJwrfpKUEdLBZgrLf9pLZYFPkwrD/jzVLsx7AKL5izXTnaaZQtVZiF\nGk+fwrgCE89GAErPC9h/TJYMbcCdwpDa/x+GNVIU18YCjzLJHb6zBiy5IfmO8+JP\n7wIDAQAB\n-----END RSA PUBLIC KEY-----\n"
signerCertData := "-----BEGIN CERTIFICATE-----\nMIIDAzCCAeugAwIBAgIUX5OneoJSyzLbD5/cUsacl0+kbLcwDQYJKoZIhvcNAQELBQAwETEPMA0GA1UEAwwGc2lnbmVyMB4XDTI1MDMxMDEzMzkwNFoXDTM1MDMwODEzMzkwNFowETEPMA0GA1UEAwwGc2lnbmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Ym6Hcv4f7OU8rkrZr6ur9VC9HnJe/Gi/lmHvwLe+RqnpqDWxbQDR5Q3dwVnBgbMS3CVVTwcERqK5AkHSehG68OtUu9ygMFZDoqMU+7UJglfsY550SBk5YZuvhTRFgtlGqiKjRoD+p8/thrx0l4BV54FJvE9g7k31X+ynHP75hAsPTIobsAk3DYAtV651NLwpmyEQqCiyImJKi7jcvR/YpZobzFSQ1fPp9yBxxKTJZrBf54ZATPOLc0Pxv0rA5MscT0ujFYe7lC1EKUAlZ6mSIWFXsuJaXQmPmGctX5m50DxhKXfVEfr77xIa1+Xqh9bq4/sFxryuPyYiNJNnRMY4QIDAQABo1MwUTAdBgNVHQ4EFgQU0pax2FviEHNrcKbXtjmQsB8LBe8wHwYDVR0jBBgwFoAU0pax2FviEHNrcKbXtjmQsB8LBe8wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAxtC4lB/HqvfFh/7qcgUInfZ7f0p4EzthTSDOf83zuOV4YFzD1K003YloTC720PNjURc3JMCSl2gT4vzM3zxwfp0FXuzTkW9mU8IPoWX7iArXp80wl1zLBc9HJ2eVN4zK8abTgnq2j7U3Fd/pCQjNeToyHfYk7VW3d4Xco38NIh9GWTCDwjfYAr0jNLBATuYZreCSatysIITQcE7LNUhD1QywNtF74SS4J3rHOgYHK+/jFW4KqCMA5VeXBenutpqYKIcP8lg4/qQiAWrqiY/dTyhKSDdb8vczaq31H6XMv5czcmUHRx0yI2XwoKuD4uTBIPGisJWqoMaW/GyyKdvugw==\n-----END CERTIFICATE-----"
signerKeyData := "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDZibody/h/s5TyuStmvq6v1UL0ecl78aL+WYe/At75GqemoNbFtANHlDd3BWcGBsxLcJVVPBwRGorkCQdJ6Ebrw61S73KAwVkOioxT7tQmCV+xjnnRIGTlhm6+FNEWC2UaqIqNGgP6nz+2GvHSXgFXngUm8T2DuTfVf7Kcc/vmECw9MihuwCTcNgC1XrnU0vCmbIRCoKLIiYkqLuNy9H9ilmhvMVJDV8+n3IHHEpMlmsF/nhkBM84tzQ/G/SsDkyxxPS6MVh7uULUQpQCVnqZIhYVey4lpdCY+YZy1fmbnQPGEpd9UR+vvvEhrX5eqH1urj+wXGvK4/JiI0k2dExjhAgMBAAECggEAAXDKDLx3DtFvoRPc17dXjM6KvPe5f9qfy7NoFLm+JEQq7A2QnoqMowK2Q1GD1yRgYfeC5aeaP/q/BLeSlsi0/4ayNSRky7l8D36XY07nlMDnI1PgNqRSRrrXLOcSY2T77GtFT53mfNhlIZ2YEF6S/7OKMTHTyHWHiyBnXGXgOyvJHufKZ6+VECL4PlYLIAom1PlClNVt/TafwbEIhpbfpH/XYJCJ6GcpbWU2EpkZPYxxlCF+kd7PVI7kPzQQ9DTWDBmBI6mX9t0HPFmzlo4TfaUdgqIZfOwuBEVwi5+Pb4kppVK1QGKAl4DxqBgQnmqeWfEelwhsEEzIyUaocU0PYQKBgQDw1e+5tjL4bqNvuKGJwZcMplVMmEv6W+sxV4qMfFkV/dzEwsYQgqjDz2B9lipTadlXiuQ6B6iNVkAGwfZhTHjq0ruf5UB7yZ5CJSA8sXARR1Y4aEefes4np5Pw+N/jOY30PWrgtClT4PJxON3w9LnSWHDg62whvMUzqDZuz2JVdQKBgQDnPEB607FNoEgFAnfm4hy0JcmePvgndIPRJe+2vlWr0+xwtLoFCAQWIm4sagXWWzRco981eCPovElQ7T9SZwFVH1xBSEY54N4KSoX7L+HffeDB52i1a+UlQQEY0vi6ep48smBoJ+7UOFpDHp2LSn3bkyNy5XtxAG9hTXilBW5MPQKBgQCZXFJ0my5n/uQ6b4MGWu2aE4174ft36PKjEBDdFw4PsAHWlgVUXC+lyTezoV1AksXhNkPRJDFUF1lcNEV1fiH9vsXVs0HV0fTiQAwAOimYBypDbzw0tRn0LIVLzN+dLXhU0Itvnao3jKY2LTU/jEeMR99RivjnnvKgy3wmIg+HRQKBgFmzTtQW8M3LIoUG+xpOlpHvorHHfZ5YnZXxoHcEiNlaIXtrMEopXOR1QMXr7w3DXaGeVEU6sLtk5xAEqK6/lI2/15rffZaQO7JETIsvfPCktR6jNURDcaWs/M7zcFdun5muHKXq78PVhHZLFxRktkQKZRL6IJOqdoqJcgaZ/7qFAoGAWb2dubn2yi6EoRh24T9+qQ1FZLMOigHEnv0+X93A8KS5pqKJ7Fc9NBnXng1f3R5wBjinXjenVGWDJYLe3LQA2w85OmdEL/cqkLIuCARyc/r5MFB0jzGTvbXZUvg2TCE2MdwZMX91dN4RS5B1o06g4ISWO6cdLl9y0EUHLtUTiZc=\n-----END PRIVATE KEY-----"

key, err := ParsePEMPrivateKey([]byte(data))
require.NoError(t, err, "ParsePEMPrivateKey")
Expand Down Expand Up @@ -64,6 +64,7 @@ func TestGenerateCertificate(t *testing.T) {
name: "selfsigned",
template: x509.Certificate{
KeyUsage: x509.KeyUsageCertSign | x509.KeyUsageCRLSign,
Issuer: pkix.Name{CommonName: "selfsigned"},
ExtKeyUsage: []x509.ExtKeyUsage{},
BasicConstraintsValid: true,
IsCA: true,
Expand Down Expand Up @@ -133,7 +134,11 @@ func TestGenerateCertificate(t *testing.T) {
if tc.signer == nil {
tc.signer = cert.Certificate
}
assert.Equal(t, cert.Certificate.Issuer, signer.Certificate.Subject, "Issuer")
if tc.name == "selfsigned" {
assert.Equal(t, cert.Certificate.Issuer, cert.Certificate.Subject, "Issuer")
} else {
assert.Equal(t, cert.Certificate.Issuer, signer.Certificate.Subject, "Issuer")
}
pool := x509.NewCertPool()
pool.AddCert(tc.signer)
_, err = cert.Certificate.Verify(x509.VerifyOptions{
Expand Down
29 changes: 24 additions & 5 deletions pkg/pki/issue_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,9 +18,11 @@ package pki

import (
"context"
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"crypto/x509/pkix"
"math/big"
"net"
"os"
"testing"
Expand Down Expand Up @@ -54,12 +56,29 @@ func TestIssueCert(t *testing.T) {
os.Setenv("KOPS_RSA_PRIVATE_KEY_SIZE", origSize)
}()

caCertificate, err := ParsePEMCertificate([]byte("-----BEGIN CERTIFICATE-----\nMIIBRjCB8aADAgECAhAzhRMOcwfggPtgZNIOFU19MA0GCSqGSIb3DQEBCwUAMBIx\nEDAOBgNVBAMTB1Rlc3QgQ0EwHhcNMjAwNTE1MDIzNjI0WhcNMzAwNTE1MDIzNjI0\nWjASMRAwDgYDVQQDEwdUZXN0IENBMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAM/S\ncagGaiDA3jJWBXUr8rM19TWLA65jK/iA05FCsmQbyvETs5gbJdBfnhQp8wkKFlkt\nKxZ34k3wQUzoB1lv8/kCAwEAAaMjMCEwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB\n/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADQQCDOxvs58AVAWgWLtD3Obvy7XXsKx6d\nMzg9epbiQchLE4G/jlbgVu7vwh8l5XFNfQooG6stCU7pmLFXkXzkJQxr\n-----END CERTIFICATE-----\n"))
// Generate a new RSA key pair using rsa.GenerateKey
caKey, err := rsa.GenerateKey(rand.Reader, 2048)
require.NoError(t, err)
caPrivateKey, err := ParsePEMPrivateKey([]byte("-----BEGIN RSA PRIVATE KEY-----\nMIIBPAIBAAJBAM/ScagGaiDA3jJWBXUr8rM19TWLA65jK/iA05FCsmQbyvETs5gb\nJdBfnhQp8wkKFlktKxZ34k3wQUzoB1lv8/kCAwEAAQJBAJzXQZeBX87gP9DVQsEv\nLbc6XZjPFTQi/ChLcWALaf5J7drFJHUcWbKIHzOmM3fm3lQlb/1IcwOBU5cTY0e9\nBVECIQD73kxOWWAIzKqMOvFZ9s79Et7G1HUMnVAVKJ1NS1uvYwIhANM7LULdi0YD\nbcHvDl3+Msj4cPH7CXAJFyPWaQZPlXPzAiEAhDg6jpbUl0n57guzT6sFFk2lrXMy\nzyB2PeVITp9UzkkCIEpcF7flQ+U2ycmuvVELbpdfFmupIw5ktNex4DEPjR5PAiEA\n68vR1L1Kaja/GzU76qAQaYA/V1Ag4sPmOQdEaVZKu78=\n-----END RSA PRIVATE KEY-----\n"))

// Create pki.PrivateKey wrapper for CA key
caPrivateKey := &PrivateKey{Key: caKey}

// Create the CA
caTemplate := &x509.Certificate{
SerialNumber: big.NewInt(1),
Subject: pkix.Name{CommonName: "Test CA"},
NotBefore: time.Now(),
NotAfter: time.Now().Add(10 * 365 * 24 * time.Hour),
KeyUsage: x509.KeyUsageCertSign | x509.KeyUsageCRLSign,
BasicConstraintsValid: true,
IsCA: true,
}

caCertDER, err := x509.CreateCertificate(rand.Reader, caTemplate, caTemplate, &caKey.PublicKey, caKey)
require.NoError(t, err)
privateKey, err := ParsePEMPrivateKey([]byte("-----BEGIN RSA PRIVATE KEY-----\nMIIBOQIBAAJBANgL5cR2cLOB7oZZTiuiUmMwQRBaia8yLULt+XtBtDHf0lPOrn78\nvLPh7P7zRBgHczbTddcsg68g9vAfb9TC5M8CAwEAAQJAJytxCv+WS1VhU4ZZf9u8\nKDOVeEuR7uuf/SR8OPaenvPqONpYbZSVjnWnRBRHvg3HaHchQqH32UljZUojs9z4\nEQIhAO/yoqCFckfqswOGwWyYX1oNOtU8w9ulXlZqAtZieavVAiEA5n/tKHoZyx3U\nbZcks/wns1WqhAoSmDJpMyVXOVrUlBMCIDGnalQBiYasYOMn7bsFRSYjertJ2dYI\nQJ9tTK0Er90JAiAmpVQx8SbZ80pmhWzV8HUHkFligf3UHr+cn6ocJ6p0mQIgB728\npdvrS5zRPoUN8BHfWOZcPrElKTuJjP2kH6eNPvI=\n-----END RSA PRIVATE KEY-----"))
caCert, err := x509.ParseCertificate(caCertDER)
require.NoError(t, err)
caCertificate := &Certificate{Certificate: caCert}

for _, tc := range []struct {
name string
Expand Down Expand Up @@ -115,7 +134,7 @@ func TestIssueCert(t *testing.T) {
CommonName: "Test client/server",
},
AlternateNames: []string{"*.internal.test.cluster.local", "localhost", "127.0.0.1"},
PrivateKey: privateKey,
PrivateKey: caPrivateKey,
},
expectedKeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment,
expectedExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
Expand All @@ -131,7 +150,7 @@ func TestIssueCert(t *testing.T) {
CommonName: "Test server",
},
AlternateNames: []string{"*.internal.test.cluster.local", "localhost", "127.0.0.1"},
PrivateKey: privateKey,
PrivateKey: caPrivateKey,
},
expectedKeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment,
expectedExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
Expand Down
2 changes: 1 addition & 1 deletion tests/e2e/go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
module k8s.io/kops/tests/e2e

go 1.23.5
go 1.24.1

replace k8s.io/kops => ../../.

Expand Down
2 changes: 1 addition & 1 deletion tools/otel/traceserver/go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
module k8s.io/kops/tools/otel/traceserver

go 1.23.5
go 1.24.1

require (
go.opentelemetry.io/proto/otlp v1.3.1
Expand Down
Loading