github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-09 03:57:41 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #49512 from bowei/cert-rotation-logging

Browse Source 
Automatic merge from submit-queue (batch tested with PRs 49989, 49806, 49649, 49412, 49512)

Add some logs to certificate rotation

```release-note
NONE
```
This commit is contained in:
Kubernetes Submit Queue 2017-08-02 17:06:04 -07:00 committed by GitHub
commit 2495cc602f
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
pkg/kubelet/certificate/certificate_manager.go
View File

@ -197,6 +197,7 @@ func (m *manager) Start() {
// loop to allow bootstrap scenarios, where the certificate manager // loop to allow bootstrap scenarios, where the certificate manager
// doesn't have a certificate at all yet. // doesn't have a certificate at all yet.
if m.shouldRotate() { if m.shouldRotate() {
glog.V(1).Infof("shouldRotate() is true, forcing immediate rotation")
_, err := m.rotateCerts() _, err := m.rotateCerts()
if err != nil { if err != nil {
glog.Errorf("Could not rotate certificates: %v", err) glog.Errorf("Could not rotate certificates: %v", err)
@ -209,7 +210,9 @@ func (m *manager) Start() {
Steps: 7, Steps: 7,
} }
go wait.Forever(func() { go wait.Forever(func() {
time.Sleep(m.rotationDeadline.Sub(time.Now())) sleepInterval := m.rotationDeadline.Sub(time.Now())
glog.V(2).Infof("Waiting %v for next certificate rotation", sleepInterval)
time.Sleep(sleepInterval)
if err := wait.ExponentialBackoff(backoff, m.rotateCerts); err != nil { if err := wait.ExponentialBackoff(backoff, m.rotateCerts); err != nil {
glog.Errorf("Reached backoff limit, still unable to rotate certs: %v", err) glog.Errorf("Reached backoff limit, still unable to rotate certs: %v", err)
wait.PollInfinite(128*time.Second, m.rotateCerts) wait.PollInfinite(128*time.Second, m.rotateCerts)
@ -266,6 +269,8 @@ func (m *manager) shouldRotate() bool {
} }
func (m *manager) rotateCerts() (bool, error) { func (m *manager) rotateCerts() (bool, error) {
glog.V(2).Infof("Rotating certificates")
csrPEM, keyPEM, err := m.generateCSR() csrPEM, keyPEM, err := m.generateCSR()
if err != nil { if err != nil {
glog.Errorf("Unable to generate a certificate signing request: %v", err) glog.Errorf("Unable to generate a certificate signing request: %v", err)
@ -314,6 +319,7 @@ func (m *manager) setRotationDeadline() {
jitteryDuration := wait.Jitter(time.Duration(totalDuration), 0.2) - time.Duration(totalDuration*0.3) jitteryDuration := wait.Jitter(time.Duration(totalDuration), 0.2) - time.Duration(totalDuration*0.3)
m.rotationDeadline = m.cert.Leaf.NotBefore.Add(jitteryDuration) m.rotationDeadline = m.cert.Leaf.NotBefore.Add(jitteryDuration)
glog.V(2).Infof("Certificate rotation deadline is %v", m.rotationDeadline)
} }
func (m *manager) updateCached(cert *tls.Certificate) { func (m *manager) updateCached(cert *tls.Certificate) {