Use selected API server port in manifest templates. (#597)

(Originally submitted as #555).

Requires bumping the Go build image to 1.8.0+. Removes another Go
1.8-related TODO in the process.

Author: diegs

.travis.yml

@@ -1,5 +1,5 @@
 language: go
 go:
-  - 1.7
+  - 1.8
 script:
   - make clean release

build/build-release.sh

@@ -5,5 +5,5 @@ BOOTKUBE_ROOT=$(git rev-parse --show-toplevel)
 sudo rkt run \
     --volume bk,kind=host,source=${BOOTKUBE_ROOT} \
     --mount volume=bk,target=/go/src/github.com/kubernetes-incubator/bootkube \
-    --insecure-options=image docker://golang:1.7.5 --exec /bin/bash -- -c \
+    --insecure-options=image docker://golang:1.8.3 --exec /bin/bash -- -c \
     "cd /go/src/github.com/kubernetes-incubator/bootkube && make release"

pkg/asset/internal/templates.go

@@ -178,7 +178,7 @@ spec:
         - --insecure-port=0
         - --kubelet-client-certificate=/etc/kubernetes/secrets/apiserver.crt
         - --kubelet-client-key=/etc/kubernetes/secrets/apiserver.key
-        - --secure-port=443
+        - --secure-port={{ (index .APIServers 0).Port }}
         - --service-account-key-file=/etc/kubernetes/secrets/service-account.pub
         - --service-cluster-ip-range={{ .ServiceCIDR }}
         - --storage-backend=etcd3
@@ -254,7 +254,7 @@ spec:
     - --insecure-port=0
     - --kubelet-client-certificate=/etc/kubernetes/secrets/apiserver.crt
     - --kubelet-client-key=/etc/kubernetes/secrets/apiserver.key
-    - --secure-port=443
+    - --secure-port={{ (index .APIServers 0).Port }}
     - --service-account-key-file=/etc/kubernetes/secrets/service-account.pub
     - --service-cluster-ip-range={{ .ServiceCIDR }}
     - --cloud-provider={{ .CloudProvider }}

pkg/asset/tls.go

@@ -5,7 +5,6 @@ import (
 	"crypto/x509"
 	"net"
 	"net/url"
-	"strings"
 
 	"github.com/kubernetes-incubator/bootkube/pkg/tlsutil"
 )
@@ -211,7 +210,7 @@ func newSelfHostedEtcdTLSAssets(etcdSvcIP, bootEtcdSvcIP string, caCert *x509.Ce
 func newEtcdKeyAndCert(caCert *x509.Certificate, caPrivKey *rsa.PrivateKey, commonName string, etcdServers []*url.URL) (*rsa.PrivateKey, *x509.Certificate, error) {
 	addrs := make([]string, len(etcdServers))
 	for i := range etcdServers {
-		addrs[i] = etcdServers[i].Host
+		addrs[i] = etcdServers[i].Hostname()
 	}
 	return newKeyAndCert(caCert, caPrivKey, commonName, addrs)
 }
@@ -223,11 +222,10 @@ func newKeyAndCert(caCert *x509.Certificate, caPrivKey *rsa.PrivateKey, commonNa
 	}
 	var altNames tlsutil.AltNames
 	for _, addr := range addrs {
-		hostname := stripPort(addr)
-		if ip := net.ParseIP(hostname); ip != nil {
+		if ip := net.ParseIP(addr); ip != nil {
 			altNames.IPs = append(altNames.IPs, ip)
 		} else {
-			altNames.DNSNames = append(altNames.DNSNames, hostname)
+			altNames.DNSNames = append(altNames.DNSNames, addr)
 		}
 	}
 	config := tlsutil.CertConfig{
@@ -241,15 +239,3 @@ func newKeyAndCert(caCert *x509.Certificate, caPrivKey *rsa.PrivateKey, commonNa
 	}
 	return key, cert, err
 }
-
-// TODO(diegs): remove this and switch to URL.Hostname() once bootkube uses Go 1.8.
-func stripPort(hostport string) string {
-	colon := strings.IndexByte(hostport, ':')
-	if colon == -1 {
-		return hostport
-	}
-	if i := strings.IndexByte(hostport, ']'); i != -1 {
-		return strings.TrimPrefix(hostport[:i], "[")
-	}
-	return hostport[:colon]
-}