kubelet: add key encipherment usage only if it is rsa key

remove allowOmittingUsageKeyEncipherment as it is always true Signed-off-by: Paco Xu <paco.xu@daocloud.io> Kubernetes-commit: 160f015ef4affe903f98e74cf42b40fceef15cb9
2025-09-20 18:48:02 +00:00 · 2022-08-03 16:41:09 +08:00
parent 26d70e3a1c
commit 6a07cedcd3
2 changed files with 105 additions and 17 deletions
--- a/util/certificate/certificate_manager_test.go
+++ b/util/certificate/certificate_manager_test.go
@@ -276,7 +276,6 @@ func TestSetRotationDeadline(t *testing.T) {
 					},
 				},
 				getTemplate: func() *x509.CertificateRequest { return &x509.CertificateRequest{} },
-				usages:      []certificatesv1.KeyUsage{},
 				now:         func() time.Time { return now },
 				logf:        t.Logf,
 			}
@@ -472,7 +471,6 @@ func TestRotateCertCreateCSRError(t *testing.T) {
 			},
 		},
 		getTemplate: func() *x509.CertificateRequest { return &x509.CertificateRequest{} },
-		usages:      []certificatesv1.KeyUsage{},
 		clientsetFn: func(_ *tls.Certificate) (clientset.Interface, error) {
 			return newClientset(fakeClient{failureType: createError}), nil
 		},
@@ -497,7 +495,6 @@ func TestRotateCertWaitingForResultError(t *testing.T) {
 			},
 		},
 		getTemplate: func() *x509.CertificateRequest { return &x509.CertificateRequest{} },
-		usages:      []certificatesv1.KeyUsage{},
 		clientsetFn: func(_ *tls.Certificate) (clientset.Interface, error) {
 			return newClientset(fakeClient{failureType: watchError}), nil
 		},