func makeKubeletClientCSR()

in client/internal/bootstrap/csr.go [20:49]

• 26 lines of code
• 4 McCabe index (conditional complexity)

func makeKubeletClientCSR() (csrPEM []byte, privateKey *ecdsa.PrivateKey, err error) {
	hostName, err := getHostname()
	if err != nil {
		return nil, nil, fmt.Errorf("resolving hostname: %w", err)
	}
	privateKey, err = ecdsa.GenerateKey(elliptic.P256(), cryptorand.Reader)
	if err != nil {
		return nil, nil, fmt.Errorf("failed to generate ECDSA 256 private key for kubelet client CSR: %w", err)
	}

	template := x509.CertificateRequest{
		Subject: pkix.Name{
			Organization: []string{"system:nodes"},
			CommonName:   fmt.Sprintf("system:node:%s", hostName),
		},
		SignatureAlgorithm: x509.ECDSAWithSHA256,
	}

	csrDER, err := x509.CreateCertificateRequest(cryptorand.Reader, &template, privateKey)
	if err != nil {
		return nil, nil, fmt.Errorf("unable to create kubelet client certificate request from template: %w", err)
	}

	block := &pem.Block{
		Type:  "CERTIFICATE REQUEST",
		Bytes: csrDER,
	}

	return pem.EncodeToMemory(block), privateKey, nil
}