From f663ad38b22bed432f266d6da6a93383efb3d199 Mon Sep 17 00:00:00 2001
From: kaiyou <dev@kaiyou.fr>
Date: Mon, 31 Oct 2022 11:06:06 +0100
Subject: [PATCH] Make certificates persistent

---
 cmd/hepto/config.go   | 2 ++
 pkg/cluster/certs.go  | 9 +++++----
 pkg/cluster/config.go | 2 ++
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/cmd/hepto/config.go b/cmd/hepto/config.go
index 3030b1a..f9f95ac 100644
--- a/cmd/hepto/config.go
+++ b/cmd/hepto/config.go
@@ -35,12 +35,14 @@ func (c *Config) Complete() error {
 	c.Container.Logger = c.Logger
 	c.Cluster.Logger = c.Logger
 	c.Cluster.ZapLogger = logger
+	c.Cluster.CertsPath = "/certs"
 	// Setup paths and container settings
 	c.Container.Data = path.Join(c.DataDir, c.Cluster.Name, c.Node.Name)
 	err = os.MkdirAll(c.Container.Data, 0o700)
 	if err != nil {
 		return err
 	}
+	c.Container.Mounts[c.Cluster.CertsPath] = path.Join(c.Container.Data, "certs")
 	c.Container.Name = c.Node.Name
 	c.Container.Capabilities = additionalCapabilities
 	c.Container.Devices = additionalDevices
diff --git a/pkg/cluster/certs.go b/pkg/cluster/certs.go
index 659b602..a7c7bed 100644
--- a/pkg/cluster/certs.go
+++ b/pkg/cluster/certs.go
@@ -2,6 +2,7 @@ package cluster
 
 import (
 	"os"
+	"path"
 
 	"forge.tedomum.net/acides/hepto/hepto/pkg/pki"
 )
@@ -9,12 +10,12 @@ import (
 func (c *Cluster) initCerts() {
 	// Prepare the cluster PKI
 	if c.node.Role == Master {
-		ca, err := pki.NewClusterCA("/pki")
+		ca, err := pki.NewClusterCA(path.Join(c.settings.CertsPath, "pki"))
 		if err != nil {
 			c.settings.Logger.Error(err, "could not initialize pki")
 			os.Exit(1)
 		}
-		masterCerts, err := pki.NewMasterCerts("/master", c.networking.NodeAddress.IP)
+		masterCerts, err := pki.NewMasterCerts(path.Join(c.settings.CertsPath, "master"), c.networking.NodeAddress.IP)
 		if err != nil {
 			c.settings.Logger.Error(err, "could not initialize master certs")
 			os.Exit(1)
@@ -23,7 +24,7 @@ func (c *Cluster) initCerts() {
 		c.masterCerts = masterCerts
 		c.pki.SignMasterCerts(c.masterCerts)
 	} else {
-		ca, err := pki.EmptyClusterCA("/pki")
+		ca, err := pki.EmptyClusterCA(path.Join(c.settings.CertsPath, "pki"))
 		if err != nil {
 			c.settings.Logger.Error(err, "could not initialize pki")
 			os.Exit(1)
@@ -32,7 +33,7 @@ func (c *Cluster) initCerts() {
 	}
 	c.ml.State.PKI = c.pki
 	// Initialize node certificates
-	certs, err := pki.NewNodeCerts("/certs", c.node.Name)
+	certs, err := pki.NewNodeCerts(path.Join(c.settings.CertsPath, "node"), c.node.Name)
 	if err != nil {
 		c.settings.Logger.Error(err, "could not initialize node certs")
 		os.Exit(1)
diff --git a/pkg/cluster/config.go b/pkg/cluster/config.go
index 5babd68..cfc34bf 100644
--- a/pkg/cluster/config.go
+++ b/pkg/cluster/config.go
@@ -13,6 +13,8 @@ type ClusterSettings struct {
 	Logger logr.Logger
 	// Concrete zap logger for etcd
 	ZapLogger *zap.Logger
+	// Path to certificate storage
+	CertsPath string
 	// Cluster name, should be locally unique
 	Name string
 	// Cluster key, must be shared across nodes
-- 
GitLab