in pkg/admission/webhook_manager.go [773:799]
func getAndValidateCertificate(secretData map[string][]byte, certName string, keyName string) (*x509.Certificate, *rsa.PrivateKey, error) {
certPem, ok := secretData[certName]
if !ok {
return nil, nil, fmt.Errorf("webhook: no certificate found with id %s", certName)
}
privateKeyPem, ok := secretData[keyName]
if !ok {
return nil, nil, fmt.Errorf("webhook: no private key found with id %s", keyName)
}
cert, err := pki.DecodeCertificatePem(&certPem)
if err != nil {
return nil, nil, err
}
privateKey, err := pki.DecodePrivateKeyPem(&privateKeyPem)
if err != nil {
return nil, nil, err
}
cutoff := time.Now().AddDate(0, 0, 90)
if cert.NotAfter.Before(cutoff) {
return nil, nil, fmt.Errorf("webhook: ca certificate %s will expire within 90 days", certName)
}
return cert, privateKey, nil
}