Merge pull request #91228 from sambdavidson/iprotflags

Add SNI flags usage to configure-*.sh
This commit is contained in:
Kubernetes Prow Robot 2020-05-20 19:41:30 -07:00 committed by GitHub
commit 52358fe010
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 14 additions and 0 deletions

View File

@ -576,6 +576,13 @@ function create-master-pki {
SERVICEACCOUNT_KEY="${MASTER_KEY}" SERVICEACCOUNT_KEY="${MASTER_KEY}"
fi fi
if [[ -n "${OLD_MASTER_CERT:-}" && -n "${OLD_MASTER_KEY:-}" ]]; then
OLD_MASTER_CERT_PATH="${pki_dir}/oldapiserver.crt"
echo "${OLD_MASTER_CERT}" | base64 --decode > "${OLD_MASTER_CERT_PATH}"
OLD_MASTER_KEY_PATH="${pki_dir}/oldapiserver.key"
echo "${OLD_MASTER_KEY}" | base64 --decode > "${OLD_MASTER_KEY_PATH}"
fi
SERVICEACCOUNT_CERT_PATH="${pki_dir}/serviceaccount.crt" SERVICEACCOUNT_CERT_PATH="${pki_dir}/serviceaccount.crt"
write-pki-data "${SERVICEACCOUNT_CERT}" "${SERVICEACCOUNT_CERT_PATH}" write-pki-data "${SERVICEACCOUNT_CERT}" "${SERVICEACCOUNT_CERT_PATH}"

View File

@ -82,6 +82,13 @@ function start-kube-apiserver {
fi fi
params+=" --tls-cert-file=${APISERVER_SERVER_CERT_PATH}" params+=" --tls-cert-file=${APISERVER_SERVER_CERT_PATH}"
params+=" --tls-private-key-file=${APISERVER_SERVER_KEY_PATH}" params+=" --tls-private-key-file=${APISERVER_SERVER_KEY_PATH}"
if [[ -n "${OLD_MASTER_IP:-}" ]]; then
local old_ips="${OLD_MASTER_IP}"
if [[ -n "${OLD_LOAD_BALANCER_IP}" ]]; then
old_ips+=",${OLD_LOAD_BALANCER_IP}"
fi
params+=" --tls-sni-cert-key=${OLD_MASTER_CERT_PATH},${OLD_MASTER_KEY_PATH}:${old_ips}"
fi
params+=" --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname" params+=" --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname"
if [[ -s "${REQUESTHEADER_CA_CERT_PATH:-}" ]]; then if [[ -s "${REQUESTHEADER_CA_CERT_PATH:-}" ]]; then
params+=" --requestheader-client-ca-file=${REQUESTHEADER_CA_CERT_PATH}" params+=" --requestheader-client-ca-file=${REQUESTHEADER_CA_CERT_PATH}"