Merge pull request #56415 from liggitt/tls-cache-key

Automatic merge from submit-queue (batch tested with PRs 56094, 52910, 55953, 56405, 56415). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Include ServerName in tls transport cache key

Fixes #56385

```release-note
Fixes server name verification of aggregated API servers and webhook admission endpoints
```

Kubernetes-commit: a46153e2f988382535aaf27a5a90b13b6c10712b

Godeps/Godeps.json

@@ -488,215 +488,215 @@
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/api/equality",
-			"Rev": "a04e753f5223cf882db01ac64212682ea28767b4"
+      "Rev": "65ea0794289ccbf04d9145bb1d7b57dc8127ebb6"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/api/errors",
-			"Rev": "a04e753f5223cf882db01ac64212682ea28767b4"
+      "Rev": "65ea0794289ccbf04d9145bb1d7b57dc8127ebb6"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/api/meta",
-			"Rev": "a04e753f5223cf882db01ac64212682ea28767b4"
+      "Rev": "65ea0794289ccbf04d9145bb1d7b57dc8127ebb6"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/api/resource",
-			"Rev": "a04e753f5223cf882db01ac64212682ea28767b4"
+      "Rev": "65ea0794289ccbf04d9145bb1d7b57dc8127ebb6"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/api/testing",
-			"Rev": "a04e753f5223cf882db01ac64212682ea28767b4"
+      "Rev": "65ea0794289ccbf04d9145bb1d7b57dc8127ebb6"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/api/testing/fuzzer",
-			"Rev": "a04e753f5223cf882db01ac64212682ea28767b4"
+      "Rev": "65ea0794289ccbf04d9145bb1d7b57dc8127ebb6"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/api/testing/roundtrip",
-			"Rev": "a04e753f5223cf882db01ac64212682ea28767b4"
+      "Rev": "65ea0794289ccbf04d9145bb1d7b57dc8127ebb6"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/apimachinery",
-			"Rev": "a04e753f5223cf882db01ac64212682ea28767b4"
+      "Rev": "65ea0794289ccbf04d9145bb1d7b57dc8127ebb6"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/apimachinery/announced",
-			"Rev": "a04e753f5223cf882db01ac64212682ea28767b4"
+      "Rev": "65ea0794289ccbf04d9145bb1d7b57dc8127ebb6"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/apimachinery/registered",
-			"Rev": "a04e753f5223cf882db01ac64212682ea28767b4"
+      "Rev": "65ea0794289ccbf04d9145bb1d7b57dc8127ebb6"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/apis/meta/fuzzer",
-			"Rev": "a04e753f5223cf882db01ac64212682ea28767b4"
+      "Rev": "65ea0794289ccbf04d9145bb1d7b57dc8127ebb6"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/apis/meta/internalversion",
-			"Rev": "a04e753f5223cf882db01ac64212682ea28767b4"
+      "Rev": "65ea0794289ccbf04d9145bb1d7b57dc8127ebb6"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/apis/meta/v1",
-			"Rev": "a04e753f5223cf882db01ac64212682ea28767b4"
+      "Rev": "65ea0794289ccbf04d9145bb1d7b57dc8127ebb6"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured",
-			"Rev": "a04e753f5223cf882db01ac64212682ea28767b4"
+      "Rev": "65ea0794289ccbf04d9145bb1d7b57dc8127ebb6"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/apis/meta/v1alpha1",
-			"Rev": "a04e753f5223cf882db01ac64212682ea28767b4"
+      "Rev": "65ea0794289ccbf04d9145bb1d7b57dc8127ebb6"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/conversion",
-			"Rev": "a04e753f5223cf882db01ac64212682ea28767b4"
+      "Rev": "65ea0794289ccbf04d9145bb1d7b57dc8127ebb6"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/conversion/queryparams",
-			"Rev": "a04e753f5223cf882db01ac64212682ea28767b4"
+      "Rev": "65ea0794289ccbf04d9145bb1d7b57dc8127ebb6"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/fields",
-			"Rev": "a04e753f5223cf882db01ac64212682ea28767b4"
+      "Rev": "65ea0794289ccbf04d9145bb1d7b57dc8127ebb6"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/labels",
-			"Rev": "a04e753f5223cf882db01ac64212682ea28767b4"
+      "Rev": "65ea0794289ccbf04d9145bb1d7b57dc8127ebb6"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/runtime",
-			"Rev": "a04e753f5223cf882db01ac64212682ea28767b4"
+      "Rev": "65ea0794289ccbf04d9145bb1d7b57dc8127ebb6"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/runtime/schema",
-			"Rev": "a04e753f5223cf882db01ac64212682ea28767b4"
+      "Rev": "65ea0794289ccbf04d9145bb1d7b57dc8127ebb6"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer",
-			"Rev": "a04e753f5223cf882db01ac64212682ea28767b4"
+      "Rev": "65ea0794289ccbf04d9145bb1d7b57dc8127ebb6"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer/json",
-			"Rev": "a04e753f5223cf882db01ac64212682ea28767b4"
+      "Rev": "65ea0794289ccbf04d9145bb1d7b57dc8127ebb6"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer/protobuf",
-			"Rev": "a04e753f5223cf882db01ac64212682ea28767b4"
+      "Rev": "65ea0794289ccbf04d9145bb1d7b57dc8127ebb6"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer/recognizer",
-			"Rev": "a04e753f5223cf882db01ac64212682ea28767b4"
+      "Rev": "65ea0794289ccbf04d9145bb1d7b57dc8127ebb6"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer/streaming",
-			"Rev": "a04e753f5223cf882db01ac64212682ea28767b4"
+      "Rev": "65ea0794289ccbf04d9145bb1d7b57dc8127ebb6"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer/versioning",
-			"Rev": "a04e753f5223cf882db01ac64212682ea28767b4"
+      "Rev": "65ea0794289ccbf04d9145bb1d7b57dc8127ebb6"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/selection",
-			"Rev": "a04e753f5223cf882db01ac64212682ea28767b4"
+      "Rev": "65ea0794289ccbf04d9145bb1d7b57dc8127ebb6"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/types",
-			"Rev": "a04e753f5223cf882db01ac64212682ea28767b4"
+      "Rev": "65ea0794289ccbf04d9145bb1d7b57dc8127ebb6"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/util/cache",
-			"Rev": "a04e753f5223cf882db01ac64212682ea28767b4"
+      "Rev": "65ea0794289ccbf04d9145bb1d7b57dc8127ebb6"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/util/clock",
-			"Rev": "a04e753f5223cf882db01ac64212682ea28767b4"
+      "Rev": "65ea0794289ccbf04d9145bb1d7b57dc8127ebb6"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/util/diff",
-			"Rev": "a04e753f5223cf882db01ac64212682ea28767b4"
+      "Rev": "65ea0794289ccbf04d9145bb1d7b57dc8127ebb6"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/util/errors",
-			"Rev": "a04e753f5223cf882db01ac64212682ea28767b4"
+      "Rev": "65ea0794289ccbf04d9145bb1d7b57dc8127ebb6"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/util/framer",
-			"Rev": "a04e753f5223cf882db01ac64212682ea28767b4"
+      "Rev": "65ea0794289ccbf04d9145bb1d7b57dc8127ebb6"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/util/httpstream",
-			"Rev": "a04e753f5223cf882db01ac64212682ea28767b4"
+      "Rev": "65ea0794289ccbf04d9145bb1d7b57dc8127ebb6"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/util/httpstream/spdy",
-			"Rev": "a04e753f5223cf882db01ac64212682ea28767b4"
+      "Rev": "65ea0794289ccbf04d9145bb1d7b57dc8127ebb6"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/util/intstr",
-			"Rev": "a04e753f5223cf882db01ac64212682ea28767b4"
+      "Rev": "65ea0794289ccbf04d9145bb1d7b57dc8127ebb6"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/util/json",
-			"Rev": "a04e753f5223cf882db01ac64212682ea28767b4"
+      "Rev": "65ea0794289ccbf04d9145bb1d7b57dc8127ebb6"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/util/mergepatch",
-			"Rev": "a04e753f5223cf882db01ac64212682ea28767b4"
+      "Rev": "65ea0794289ccbf04d9145bb1d7b57dc8127ebb6"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/util/net",
-			"Rev": "a04e753f5223cf882db01ac64212682ea28767b4"
+      "Rev": "65ea0794289ccbf04d9145bb1d7b57dc8127ebb6"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/util/remotecommand",
-			"Rev": "a04e753f5223cf882db01ac64212682ea28767b4"
+      "Rev": "65ea0794289ccbf04d9145bb1d7b57dc8127ebb6"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/util/runtime",
-			"Rev": "a04e753f5223cf882db01ac64212682ea28767b4"
+      "Rev": "65ea0794289ccbf04d9145bb1d7b57dc8127ebb6"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/util/sets",
-			"Rev": "a04e753f5223cf882db01ac64212682ea28767b4"
+      "Rev": "65ea0794289ccbf04d9145bb1d7b57dc8127ebb6"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/util/strategicpatch",
-			"Rev": "a04e753f5223cf882db01ac64212682ea28767b4"
+      "Rev": "65ea0794289ccbf04d9145bb1d7b57dc8127ebb6"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/util/validation",
-			"Rev": "a04e753f5223cf882db01ac64212682ea28767b4"
+      "Rev": "65ea0794289ccbf04d9145bb1d7b57dc8127ebb6"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/util/validation/field",
-			"Rev": "a04e753f5223cf882db01ac64212682ea28767b4"
+      "Rev": "65ea0794289ccbf04d9145bb1d7b57dc8127ebb6"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/util/wait",
-			"Rev": "a04e753f5223cf882db01ac64212682ea28767b4"
+      "Rev": "65ea0794289ccbf04d9145bb1d7b57dc8127ebb6"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/util/yaml",
-			"Rev": "a04e753f5223cf882db01ac64212682ea28767b4"
+      "Rev": "65ea0794289ccbf04d9145bb1d7b57dc8127ebb6"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/version",
-			"Rev": "a04e753f5223cf882db01ac64212682ea28767b4"
+      "Rev": "65ea0794289ccbf04d9145bb1d7b57dc8127ebb6"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/watch",
-			"Rev": "a04e753f5223cf882db01ac64212682ea28767b4"
+      "Rev": "65ea0794289ccbf04d9145bb1d7b57dc8127ebb6"
     },
     {
       "ImportPath": "k8s.io/apimachinery/third_party/forked/golang/json",
-			"Rev": "a04e753f5223cf882db01ac64212682ea28767b4"
+      "Rev": "65ea0794289ccbf04d9145bb1d7b57dc8127ebb6"
     },
     {
       "ImportPath": "k8s.io/apimachinery/third_party/forked/golang/netutil",
-			"Rev": "a04e753f5223cf882db01ac64212682ea28767b4"
+      "Rev": "65ea0794289ccbf04d9145bb1d7b57dc8127ebb6"
     },
     {
       "ImportPath": "k8s.io/apimachinery/third_party/forked/golang/reflect",
-			"Rev": "a04e753f5223cf882db01ac64212682ea28767b4"
+      "Rev": "65ea0794289ccbf04d9145bb1d7b57dc8127ebb6"
     },
     {
       "ImportPath": "k8s.io/kube-openapi/pkg/common",

transport/cache.go

@@ -88,5 +88,5 @@ func tlsConfigKey(c *Config) (string, error) {
 		return "", err
 	}
 	// Only include the things that actually affect the tls.Config
-	return fmt.Sprintf("%v/%x/%x/%x", c.TLS.Insecure, c.TLS.CAData, c.TLS.CertData, c.TLS.KeyData), nil
+	return fmt.Sprintf("%v/%x/%x/%x/%v", c.TLS.Insecure, c.TLS.CAData, c.TLS.CertData, c.TLS.KeyData, c.TLS.ServerName), nil
 }

transport/cache_test.go

@@ -62,6 +62,20 @@ func TestTLSConfigKey(t *testing.T) {
 				KeyData:  []byte{1},
 			},
 		},
+		"cert 1, key 1, servername 1": {
+			TLS: TLSConfig{
+				CertData:   []byte{1},
+				KeyData:    []byte{1},
+				ServerName: "1",
+			},
+		},
+		"cert 1, key 1, servername 2": {
+			TLS: TLSConfig{
+				CertData:   []byte{1},
+				KeyData:    []byte{1},
+				ServerName: "2",
+			},
+		},
 		"cert 1, key 2": {
 			TLS: TLSConfig{
 				CertData: []byte{1},