Merge pull request #10835 from mesosphere/mesos-root-ca-file

Add --root-ca-key code to Mesos controller-manager fork
2025-07-23 11:50:44 +00:00 · 2015-07-14 12:16:49 -07:00 · 2015-07-14 12:16:49 -07:00 · 3dad5a0652
commit 3dad5a0652
parent eff5f17b1e 39b3af0fdc
1 changed files with 17 additions and 1 deletions
--- a/contrib/mesos/pkg/controllermanager/controllermanager.go
+++ b/contrib/mesos/pkg/controllermanager/controllermanager.go
@ -17,6 +17,8 @@ limitations under the License.
 package controllermanager

 import (
+	"fmt"
+	"io/ioutil"
 	"net"
 	"net/http"
 	"strconv"
@ -150,6 +152,20 @@ func (s *CMServer) Run(_ []string) error {
 	}
 	pvRecycler.Run()

+	var rootCA []byte
+
+	if s.RootCAFile != "" {
+		rootCA, err = ioutil.ReadFile(s.RootCAFile)
+		if err != nil {
+			return fmt.Errorf("error reading root-ca-file at %s: %v", s.RootCAFile, err)
+		}
+		if _, err := util.CertsFromPEM(rootCA); err != nil {
+			return fmt.Errorf("error parsing root-ca-file at %s: %v", s.RootCAFile, err)
+		}
+	} else {
+		rootCA = kubeconfig.CAData
+	}
+
 	if len(s.ServiceAccountKeyFile) > 0 {
 		privateKey, err := serviceaccount.ReadPrivateKey(s.ServiceAccountKeyFile)
 		if err != nil {
@ -159,7 +175,7 @@ func (s *CMServer) Run(_ []string) error {
 				kubeClient,
 				serviceaccount.TokensControllerOptions{
 					TokenGenerator: serviceaccount.JWTTokenGenerator(privateKey),
-					RootCA:         kubeconfig.CAData,
+					RootCA:         rootCA,
 				},
 			).Run()
 		}