github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-09-15 22:20:51 +00:00
Code Issues Projects Releases Wiki Activity

use ca.crt as client certificate authority for inClusterConfig

Browse Source
This commit is contained in:
Mike Danese
2015-06-23 20:54:19 -07:00
parent 56bde3342a
commit 5760fe1957
1 changed files with 14 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
pkg/client/helper.go
View File

@@ -29,6 +29,7 @@ import (
"strings" "strings"
"time" "time"
"github.com/GoogleCloudPlatform/kubernetes/pkg/api"
"github.com/GoogleCloudPlatform/kubernetes/pkg/api/latest" "github.com/GoogleCloudPlatform/kubernetes/pkg/api/latest"
"github.com/GoogleCloudPlatform/kubernetes/pkg/api/registered" "github.com/GoogleCloudPlatform/kubernetes/pkg/api/registered"
"github.com/GoogleCloudPlatform/kubernetes/pkg/runtime" "github.com/GoogleCloudPlatform/kubernetes/pkg/runtime"
@@ -236,17 +237,24 @@ func NewOrDie(c *Config) *Client {
// running inside a pod running on kuberenetes. It will return an error if // running inside a pod running on kuberenetes. It will return an error if
// called from a process not running in a kubernetes environment. // called from a process not running in a kubernetes environment.
func InClusterConfig() (*Config, error) { func InClusterConfig() (*Config, error) {
token, err := ioutil.ReadFile("/var/run/secrets/kubernetes.io/serviceaccount/token") token, err := ioutil.ReadFile("/var/run/secrets/kubernetes.io/serviceaccount/" + api.ServiceAccountTokenKey)
if err != nil { if err != nil {
return nil, err return nil, err
} }
tlsClientConfig := TLSClientConfig{}
rootCAFile := "/var/run/secrets/kubernetes.io/serviceaccount/" + api.ServiceAccountRootCAKey
if _, err := util.CertPoolFromFile(rootCAFile); err != nil {
glog.Errorf("expected to load root ca config from %s, but got err: %v", rootCAFile, err)
} else {
tlsClientConfig.CAFile = rootCAFile
}
return &Config{ return &Config{
// TODO: switch to using cluster DNS. // TODO: switch to using cluster DNS.
Host: "https://" + net.JoinHostPort(os.Getenv("KUBERNETES_SERVICE_HOST"), os.Getenv("KUBERNETES_SERVICE_PORT")), Host: "https://" + net.JoinHostPort(os.Getenv("KUBERNETES_SERVICE_HOST"), os.Getenv("KUBERNETES_SERVICE_PORT")),
Version: "v1beta3", Version: "v1beta3",
BearerToken: string(token), BearerToken: string(token),
// TODO: package certs along with the token TLSClientConfig: tlsClientConfig,
Insecure: true,
}, nil }, nil
} }