Commit Graph

11 Commits

Author SHA1 Message Date
inosato
27de641f75 Remove ioutil from client-go
Signed-off-by: inosato <si17_21@yahoo.co.jp>

Kubernetes-commit: 88dfa51b6003c90e8f0a0508939a1d79950a40df
2022-07-30 20:54:41 +09:00
David Eads
a7d8568b02 add ability to authenticators for dynamic update of certs
Kubernetes-commit: 51195dd86012c4c4b17a1707ef50a46fa046f74f
2019-09-05 09:59:59 -04:00
Andrew Lytvynov
ba851ad197 Extract new keyutil package from client-go/util/cert
This package contains public/private key utilities copied directly from
client-go/util/cert. All imports were updated.

Future PRs will actually refactor the libraries.

Updates #71004

Kubernetes-commit: 18458392ca24c85c688e655aace1afd04f864cbd
2018-12-09 16:24:38 -08:00
Andrew Lytvynov
321986595f Re-use private key after failed CSR
If we create a new key on each CSR, if CSR fails the next attempt will
create a new one instead of reusing previous CSR.

If approver/signer don't handle CSRs as quickly as new nodes come up,
they can pile up and approver would keep handling old abandoned CSRs and
Nodes would keep timing out on startup.

Kubernetes-commit: 2c0f043957d25da162fe4e1026c50e2587529ff9
2018-06-13 11:27:25 -07:00
Clayton Coleman
caf2e70aa1 When bootstrapping a client cert, store it with other client certs
The kubelet uses two different locations to store certificates on
initial bootstrap and then on subsequent rotation:

* bootstrap: certDir/kubelet-client.(crt|key)
* rotation:  certDir/kubelet-client-(DATE|current).pem

Bootstrap also creates an initial node.kubeconfig that points to the
certs. Unfortunately, with short rotation the node.kubeconfig then
becomes out of date because it points to the initial cert/key, not the
rotated cert key.

Alter the bootstrap code to store client certs exactly as if they would
be rotated (using the same cert Store code), and reference the PEM file
containing cert/key from node.kubeconfig, which is supported by kubectl
and other Go tooling. This ensures that the node.kubeconfig continues to
be valid past the first expiration.

Kubernetes-commit: 368959346af6e06085c63a4cc7c37839f262f636
2018-04-04 21:56:15 -04:00
Marcin Owsiany
c80a7b8142 Fix lint warnings for useless err checks.
This check was recently added to golint.

Kubernetes-commit: 49553d4a7a5179f0cfabbdcb7d3551c21cbcb646
2017-10-17 12:52:54 +02:00
Christoph Blecker
2ae2a25386 Move remaining cert helper functions to client-go/util/cert
- Move public key functions to client-go/util/cert
- Move pki file helper functions to client-go/util/cert
- Standardize on certutil package alias
- Update dependencies to client-go/util/cert

Kubernetes-commit: aac4d5382d8ea632360a08369f5adfdebce7c2c3
2017-08-29 12:50:17 +00:00
Chao Xu
088dc4a30d manually sync with k8s.io/kubernetest at 17375fc59fff39135af63bd1750bb07c36ef873b, k8s.io/apimachinery at d90aa2c8531f13b0ca734845934c10dcb6a56ca7 2017-02-23 12:27:32 -08:00
Chao Xu
17c583b142 manually fix master, revert to when client-go depends on apimachinery 7080e31e90e981181435294bca96c80a37db8941 2017-02-11 19:16:07 -08:00
Kubernetes Publisher
7ac1236194 published by bot
(https://github.com/kubernetes/test-infra/tree/master/mungegithub)

copied from https://github.com/kubernetes/kubernetes.git, branch master,
last commit is ab794c612853e6c6dfda63594cb5d74914e7e151
2017-02-03 22:09:57 +00:00
Kubernetes Publisher
fcdf37233b published by bot
(https://github.com/kubernetes/contrib/tree/master/mungegithub)

copied from https://github.com/kubernetes/kubernetes.git, branch master,
last commit is baaaf26609565b4299008018486ec75fb30903eb
2017-01-25 15:19:43 +00:00