github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-31 23:37:01 +00:00
Code Issues Projects Releases Wiki Activity

fix apiserver tls overwrite bug

Browse Source
This commit is contained in:
AdoHe 2016-02-02 22:05:21 -05:00
parent dae5ac4828
commit 2302c6604f
1 changed files with 29 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
pkg/genericapiserver/genericapiserver.go
View File

@ -22,6 +22,7 @@ import (
"net"
"net/http"
"net/http/pprof"
"os"
"path"
"regexp"
"sort"
@ -700,10 +701,12 @@ func (s *GenericAPIServer) Run(options *ServerRunOptions) {
alternateDNS := []string{"kubernetes.default.svc", "kubernetes.default", "kubernetes"}
// It would be nice to set a fqdn subject alt name, but only the kubelets know, the apiserver is clueless
// alternateDNS = append(alternateDNS, "kubernetes.default.svc.CLUSTER.DNS.NAME")
if err := crypto.GenerateSelfSignedCert(s.ClusterIP.String(), options.TLSCertFile, options.TLSPrivateKeyFile, alternateIPs, alternateDNS); err != nil {
glog.Errorf("Unable to generate self signed cert: %v", err)
} else {
glog.Infof("Using self-signed cert (%v, %v)", options.TLSCertFile, options.TLSPrivateKeyFile)
if shouldGenSelfSignedCerts(options.TLSCertFile, options.TLSPrivateKeyFile) {
if err := crypto.GenerateSelfSignedCert(s.ClusterIP.String(), options.TLSCertFile, options.TLSPrivateKeyFile, alternateIPs, alternateDNS); err != nil {
glog.Errorf("Unable to generate self signed cert: %v", err)
} else {
glog.Infof("Using self-signed cert (%options, %options)", options.TLSCertFile, options.TLSPrivateKeyFile)
}
}
}
@ -737,6 +740,28 @@ func (s *GenericAPIServer) Run(options *ServerRunOptions) {
glog.Fatal(http.ListenAndServe())
}
// If the file represented by path exists and
// readable, return true otherwise return false.
func canReadFile(path string) bool {
f, err := os.Open(path)
if err != nil {
return false
}
defer f.Close()
return true
}
func shouldGenSelfSignedCerts(certPath, keyPath string) bool {
if canReadFile(certPath) || canReadFile(keyPath) {
glog.Infof("using existing apiserver.crt and apiserver.key files")
return false
}
return true
}
func (s *GenericAPIServer) installAPIGroup(apiGroupInfo *APIGroupInfo) error {
apiPrefix := s.APIGroupPrefix
if apiGroupInfo.IsLegacyGroup {