certificates: update controllers to understand signerName field

Signed-off-by: James Munnelly <james.munnelly@jetstack.io>

Kubernetes-commit: d5dae048983cd299cdce9d2703f564bf4bd246ee

util/certificate/certificate_manager.go

@@ -85,6 +85,9 @@ type Config struct {
 	// If no template is available, nil may be returned, and no certificate will be requested.
 	// If specified, takes precedence over Template.
 	GetTemplate func() *x509.CertificateRequest
+	// SignerName is the name of the certificate signer that should sign certificates
+	// generated by the manager.
+	SignerName string
 	// Usages is the types of usages that certificates generated by the manager
 	// can be used for.
 	Usages []certificates.KeyUsage
@@ -174,6 +177,7 @@ type manager struct {
 	lastRequest       *x509.CertificateRequest
 
 	dynamicTemplate bool
+	signerName      string
 	usages          []certificates.KeyUsage
 	forceRotation   bool
 
@@ -219,6 +223,7 @@ func NewManager(config *Config) (Manager, error) {
 		clientFn:                config.ClientFn,
 		getTemplate:             getTemplate,
 		dynamicTemplate:         config.GetTemplate != nil,
+		signerName:              config.SignerName,
 		usages:                  config.Usages,
 		certStore:               config.CertificateStore,
 		cert:                    cert,
@@ -424,7 +429,7 @@ func (m *manager) rotateCerts() (bool, error) {
 
 	// Call the Certificate Signing Request API to get a certificate for the
 	// new private key.
-	req, err := csr.RequestCertificate(client, csrPEM, "", m.usages, privateKey)
+	req, err := csr.RequestCertificate(client, csrPEM, "", m.signerName, m.usages, privateKey)
 	if err != nil {
 		utilruntime.HandleError(fmt.Errorf("Failed while requesting a signed certificate from the master: %v", err))
 		if m.certificateRenewFailure != nil {