github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-08 11:38:15 +00:00
Code Issues Projects Releases Wiki Activity

fix apiserver tls overwrite bug

Browse Source
This commit is contained in:
AdoHe 2016-02-02 22:05:21 -05:00
parent dae5ac4828
commit 2302c6604f
1 changed files with 29 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
pkg/genericapiserver/genericapiserver.go
View File

@ -22,6 +22,7 @@ import (
"net" "net"
"net/http" "net/http"
"net/http/pprof" "net/http/pprof"
"os"
"path" "path"
"regexp" "regexp"
"sort" "sort"
@ -700,10 +701,12 @@ func (s *GenericAPIServer) Run(options *ServerRunOptions) {
alternateDNS := []string{"kubernetes.default.svc", "kubernetes.default", "kubernetes"} alternateDNS := []string{"kubernetes.default.svc", "kubernetes.default", "kubernetes"}
// It would be nice to set a fqdn subject alt name, but only the kubelets know, the apiserver is clueless // It would be nice to set a fqdn subject alt name, but only the kubelets know, the apiserver is clueless
// alternateDNS = append(alternateDNS, "kubernetes.default.svc.CLUSTER.DNS.NAME") // alternateDNS = append(alternateDNS, "kubernetes.default.svc.CLUSTER.DNS.NAME")
if err := crypto.GenerateSelfSignedCert(s.ClusterIP.String(), options.TLSCertFile, options.TLSPrivateKeyFile, alternateIPs, alternateDNS); err != nil { if shouldGenSelfSignedCerts(options.TLSCertFile, options.TLSPrivateKeyFile) {
glog.Errorf("Unable to generate self signed cert: %v", err) if err := crypto.GenerateSelfSignedCert(s.ClusterIP.String(), options.TLSCertFile, options.TLSPrivateKeyFile, alternateIPs, alternateDNS); err != nil {
} else { glog.Errorf("Unable to generate self signed cert: %v", err)
glog.Infof("Using self-signed cert (%v, %v)", options.TLSCertFile, options.TLSPrivateKeyFile) } else {
glog.Infof("Using self-signed cert (%options, %options)", options.TLSCertFile, options.TLSPrivateKeyFile)
}
} }
} }
@ -737,6 +740,28 @@ func (s *GenericAPIServer) Run(options *ServerRunOptions) {
glog.Fatal(http.ListenAndServe()) glog.Fatal(http.ListenAndServe())
} }
// If the file represented by path exists and
// readable, return true otherwise return false.
func canReadFile(path string) bool {
f, err := os.Open(path)
if err != nil {
return false
}
defer f.Close()
return true
}
func shouldGenSelfSignedCerts(certPath, keyPath string) bool {
if canReadFile(certPath) || canReadFile(keyPath) {
glog.Infof("using existing apiserver.crt and apiserver.key files")
return false
}
return true
}
func (s *GenericAPIServer) installAPIGroup(apiGroupInfo *APIGroupInfo) error { func (s *GenericAPIServer) installAPIGroup(apiGroupInfo *APIGroupInfo) error {
apiPrefix := s.APIGroupPrefix apiPrefix := s.APIGroupPrefix
if apiGroupInfo.IsLegacyGroup { if apiGroupInfo.IsLegacyGroup {