From 0a005e3dac5304adb74f73bb58f42697cb2eca6a Mon Sep 17 00:00:00 2001
From: Yago Nobre <nobre.yago@gmail.com>
Date: Tue, 14 May 2019 01:43:53 -0300
Subject: [PATCH] Add kubeadm certificate-key command

---
 cmd/kubeadm/app/cmd/alpha/BUILD    |  2 ++
 cmd/kubeadm/app/cmd/alpha/certs.go | 26 ++++++++++++++++++++++++++
 2 files changed, 28 insertions(+)

diff --git a/cmd/kubeadm/app/cmd/alpha/BUILD b/cmd/kubeadm/app/cmd/alpha/BUILD
index 92e9d05a89..df4eabaa81 100644
--- a/cmd/kubeadm/app/cmd/alpha/BUILD
+++ b/cmd/kubeadm/app/cmd/alpha/BUILD
@@ -22,6 +22,7 @@ go_library(
         "//cmd/kubeadm/app/constants:go_default_library",
         "//cmd/kubeadm/app/features:go_default_library",
         "//cmd/kubeadm/app/phases/certs/renewal:go_default_library",
+        "//cmd/kubeadm/app/phases/copycerts:go_default_library",
         "//cmd/kubeadm/app/phases/kubeconfig:go_default_library",
         "//cmd/kubeadm/app/phases/kubelet:go_default_library",
         "//cmd/kubeadm/app/phases/selfhosting:go_default_library",
@@ -33,6 +34,7 @@ go_library(
         "//pkg/util/normalizer:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/util/duration:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/util/version:go_default_library",
+        "//vendor/github.com/lithammer/dedent:go_default_library",
         "//vendor/github.com/pkg/errors:go_default_library",
         "//vendor/github.com/spf13/cobra:go_default_library",
         "//vendor/k8s.io/utils/exec:go_default_library",
diff --git a/cmd/kubeadm/app/cmd/alpha/certs.go b/cmd/kubeadm/app/cmd/alpha/certs.go
index 94355cfa2a..6dcedd579d 100644
--- a/cmd/kubeadm/app/cmd/alpha/certs.go
+++ b/cmd/kubeadm/app/cmd/alpha/certs.go
@@ -21,6 +21,7 @@ import (
 	"io"
 	"text/tabwriter"
 
+	"github.com/lithammer/dedent"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 
@@ -33,6 +34,7 @@ import (
 	"k8s.io/kubernetes/cmd/kubeadm/app/constants"
 	kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants"
 	"k8s.io/kubernetes/cmd/kubeadm/app/phases/certs/renewal"
+	"k8s.io/kubernetes/cmd/kubeadm/app/phases/copycerts"
 	kubeadmutil "k8s.io/kubernetes/cmd/kubeadm/app/util"
 	configutil "k8s.io/kubernetes/cmd/kubeadm/app/util/config"
 	kubeconfigutil "k8s.io/kubernetes/cmd/kubeadm/app/util/kubeconfig"
@@ -61,6 +63,14 @@ var (
 	expirationLongDesc = normalizer.LongDesc(`
 	Checks expiration for the certificates in the local PKI managed by kubeadm.
 `)
+
+	certificateKeyLongDesc = dedent.Dedent(`
+	This command will print out a secure randomly-generated certificate key that can be used with
+	the "init" command.
+
+	You can also use "kubeadm init --experimental-upload-certs" without specifying a certificate key and it will
+	generate and print one for you.
+`)
 )
 
 // newCmdCertsUtility returns main command for certs phase
@@ -73,9 +83,25 @@ func newCmdCertsUtility(out io.Writer) *cobra.Command {
 
 	cmd.AddCommand(newCmdCertsRenewal())
 	cmd.AddCommand(newCmdCertsExpiration(out, kubeadmconstants.KubernetesDir))
+	cmd.AddCommand(NewCmdCertificateKey())
 	return cmd
 }
 
+// NewCmdCertificateKey returns cobra.Command for certificate key generate
+func NewCmdCertificateKey() *cobra.Command {
+	return &cobra.Command{
+		Use:   "certificate-key",
+		Short: "Generate certificate keys",
+		Long:  certificateKeyLongDesc,
+
+		Run: func(cmd *cobra.Command, args []string) {
+			key, err := copycerts.CreateCertificateKey()
+			kubeadmutil.CheckErr(err)
+			fmt.Println(key)
+		},
+	}
+}
+
 // newCmdCertsRenewal creates a new `cert renew` command.
 func newCmdCertsRenewal() *cobra.Command {
 	cmd := &cobra.Command{