github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2026-01-05 07:27:21 +00:00
Code Issues Projects Releases Wiki Activity

Enable service account signing key rotation

Browse Source
This commit is contained in:
Jordan Liggitt
2016-10-04 13:31:17 -04:00
parent 96fde0fe8d
commit 3c92eb75b3
5 changed files with 82 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
cmd/kube-apiserver/app/server.go
View File

@@ -181,11 +181,11 @@ func Run(s *options.APIServer) error {
}
// Default to the private server key for service account token signing
if s.ServiceAccountKeyFile == "" && s.TLSPrivateKeyFile != "" {
if len(s.ServiceAccountKeyFiles) == 0 && s.TLSPrivateKeyFile != "" {
if authenticator.IsValidServiceAccountKeyFile(s.TLSPrivateKeyFile) {
s.ServiceAccountKeyFile = s.TLSPrivateKeyFile
s.ServiceAccountKeyFiles = []string{s.TLSPrivateKeyFile}
} else {
glog.Warning("No RSA key provided, service account token authentication disabled")
glog.Warning("No TLS key provided, service account token authentication disabled")
}
}
@@ -211,7 +211,7 @@ func Run(s *options.APIServer) error {
OIDCCAFile: s.OIDCCAFile,
OIDCUsernameClaim: s.OIDCUsernameClaim,
OIDCGroupsClaim: s.OIDCGroupsClaim,
ServiceAccountKeyFile: s.ServiceAccountKeyFile,
ServiceAccountKeyFiles: s.ServiceAccountKeyFiles,
ServiceAccountLookup: s.ServiceAccountLookup,
ServiceAccountTokenGetter: serviceAccountGetter,
KeystoneURL: s.KeystoneURL,