github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-27 13:37:30 +00:00
Code Issues Projects Releases Wiki Activity

rename dynamic cert loading to be more accurate

Browse Source
This commit is contained in:
David Eads 2020-01-17 15:50:26 -05:00
parent 6ccfc3aecf
commit 5c2d2c5ef1
3 changed files with 27 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/controller/certificates/signer/ca_provider.go
View File

@ -47,7 +47,7 @@ func newCAProvider(caFile, caKeyFile string) (*caProvider, error) {
type caProvider struct { type caProvider struct {
caValue atomic.Value caValue atomic.Value
caLoader *dynamiccertificates.DynamicFileServingContent caLoader *dynamiccertificates.DynamicCertKeyPairContent
} }
// setCA unconditionally stores the current cert/key content // setCA unconditionally stores the current cert/key content

46
staging/src/k8s.io/apiserver/pkg/server/dynamiccertificates/dynamic_serving_content.go
View File

@ -29,8 +29,8 @@ import (
"k8s.io/klog" "k8s.io/klog"
) )
// DynamicFileServingContent provides a CertKeyContentProvider that can dynamically react to new file content // DynamicCertKeyPairContent provides a CertKeyContentProvider that can dynamically react to new file content
type DynamicFileServingContent struct { type DynamicCertKeyPairContent struct {
name string name string
// certFile is the name of the certificate file to read. // certFile is the name of the certificate file to read.
@ -39,7 +39,7 @@ type DynamicFileServingContent struct {
keyFile string keyFile string
// servingCert is a certKeyContent that contains the last read, non-zero length content of the key and cert // servingCert is a certKeyContent that contains the last read, non-zero length content of the key and cert
servingCert atomic.Value certKeyPair atomic.Value
listeners []Listener listeners []Listener
@ -47,24 +47,24 @@ type DynamicFileServingContent struct {
queue workqueue.RateLimitingInterface queue workqueue.RateLimitingInterface
} }
var _ Notifier = &DynamicFileServingContent{} var _ Notifier = &DynamicCertKeyPairContent{}
var _ CertKeyContentProvider = &DynamicFileServingContent{} var _ CertKeyContentProvider = &DynamicCertKeyPairContent{}
var _ ControllerRunner = &DynamicFileServingContent{} var _ ControllerRunner = &DynamicCertKeyPairContent{}
// NewDynamicServingContentFromFiles returns a dynamic CertKeyContentProvider based on a cert and key filename // NewDynamicServingContentFromFiles returns a dynamic CertKeyContentProvider based on a cert and key filename
func NewDynamicServingContentFromFiles(purpose, certFile, keyFile string) (*DynamicFileServingContent, error) { func NewDynamicServingContentFromFiles(purpose, certFile, keyFile string) (*DynamicCertKeyPairContent, error) {
if len(certFile) == 0 || len(keyFile) == 0 { if len(certFile) == 0 || len(keyFile) == 0 {
return nil, fmt.Errorf("missing filename for serving cert") return nil, fmt.Errorf("missing filename for serving cert")
} }
name := fmt.Sprintf("%s::%s::%s", purpose, certFile, keyFile) name := fmt.Sprintf("%s::%s::%s", purpose, certFile, keyFile)
ret := &DynamicFileServingContent{ ret := &DynamicCertKeyPairContent{
name: name, name: name,
certFile: certFile, certFile: certFile,
keyFile: keyFile, keyFile: keyFile,
queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), fmt.Sprintf("DynamicCABundle-%s", purpose)), queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), fmt.Sprintf("DynamicCABundle-%s", purpose)),
} }
if err := ret.loadServingCert(); err != nil { if err := ret.loadCertKeyPair(); err != nil {
return nil, err return nil, err
} }
@ -72,12 +72,12 @@ func NewDynamicServingContentFromFiles(purpose, certFile, keyFile string) (*Dyna
} }
// AddListener adds a listener to be notified when the serving cert content changes. // AddListener adds a listener to be notified when the serving cert content changes.
func (c *DynamicFileServingContent) AddListener(listener Listener) { func (c *DynamicCertKeyPairContent) AddListener(listener Listener) {
c.listeners = append(c.listeners, listener) c.listeners = append(c.listeners, listener)
} }
// loadServingCert determines the next set of content for the file. // loadServingCert determines the next set of content for the file.
func (c *DynamicFileServingContent) loadServingCert() error { func (c *DynamicCertKeyPairContent) loadCertKeyPair() error {
cert, err := ioutil.ReadFile(c.certFile) cert, err := ioutil.ReadFile(c.certFile)
if err != nil { if err != nil {
return err return err
@ -102,12 +102,12 @@ func (c *DynamicFileServingContent) loadServingCert() error {
} }
// check to see if we have a change. If the values are the same, do nothing. // check to see if we have a change. If the values are the same, do nothing.
existing, ok := c.servingCert.Load().(*certKeyContent) existing, ok := c.certKeyPair.Load().(*certKeyContent)
if ok && existing != nil && existing.Equal(newCertKey) { if ok && existing != nil && existing.Equal(newCertKey) {
return nil return nil
} }
c.servingCert.Store(newCertKey) c.certKeyPair.Store(newCertKey)
for _, listener := range c.listeners { for _, listener := range c.listeners {
listener.Enqueue() listener.Enqueue()
@ -117,12 +117,12 @@ func (c *DynamicFileServingContent) loadServingCert() error {
} }
// RunOnce runs a single sync loop // RunOnce runs a single sync loop
func (c *DynamicFileServingContent) RunOnce() error { func (c *DynamicCertKeyPairContent) RunOnce() error {
return c.loadServingCert() return c.loadCertKeyPair()
} }
// Run starts the controller and blocks until stopCh is closed. // Run starts the controller and blocks until stopCh is closed.
func (c *DynamicFileServingContent) Run(workers int, stopCh <-chan struct{}) { func (c *DynamicCertKeyPairContent) Run(workers int, stopCh <-chan struct{}) {
defer utilruntime.HandleCrash() defer utilruntime.HandleCrash()
defer c.queue.ShutDown() defer c.queue.ShutDown()
@ -143,19 +143,19 @@ func (c *DynamicFileServingContent) Run(workers int, stopCh <-chan struct{}) {
<-stopCh <-stopCh
} }
func (c *DynamicFileServingContent) runWorker() { func (c *DynamicCertKeyPairContent) runWorker() {
for c.processNextWorkItem() { for c.processNextWorkItem() {
} }
} }
func (c *DynamicFileServingContent) processNextWorkItem() bool { func (c *DynamicCertKeyPairContent) processNextWorkItem() bool {
dsKey, quit := c.queue.Get() dsKey, quit := c.queue.Get()
if quit { if quit {
return false return false
} }
defer c.queue.Done(dsKey) defer c.queue.Done(dsKey)
err := c.loadServingCert() err := c.loadCertKeyPair()
if err == nil { if err == nil {
c.queue.Forget(dsKey) c.queue.Forget(dsKey)
return true return true
@ -168,12 +168,12 @@ func (c *DynamicFileServingContent) processNextWorkItem() bool {
} }
// Name is just an identifier // Name is just an identifier
func (c *DynamicFileServingContent) Name() string { func (c *DynamicCertKeyPairContent) Name() string {
return c.name return c.name
} }
// CurrentCertKeyContent provides serving cert byte content // CurrentCertKeyContent provides cert and key byte content
func (c *DynamicFileServingContent) CurrentCertKeyContent() ([]byte, []byte) { func (c *DynamicCertKeyPairContent) CurrentCertKeyContent() ([]byte, []byte) {
certKeyContent := c.servingCert.Load().(*certKeyContent) certKeyContent := c.certKeyPair.Load().(*certKeyContent)
return certKeyContent.cert, certKeyContent.key return certKeyContent.cert, certKeyContent.key
} }

6
staging/src/k8s.io/apiserver/pkg/server/dynamiccertificates/dynamic_sni_content.go
View File

@ -18,7 +18,7 @@ package dynamiccertificates
// DynamicFileSNIContent provides a SNICertKeyContentProvider that can dynamically react to new file content // DynamicFileSNIContent provides a SNICertKeyContentProvider that can dynamically react to new file content
type DynamicFileSNIContent struct { type DynamicFileSNIContent struct {
*DynamicFileServingContent *DynamicCertKeyPairContent
sniNames []string sniNames []string
} }
@ -34,10 +34,10 @@ func NewDynamicSNIContentFromFiles(purpose, certFile, keyFile string, sniNames .
} }
ret := &DynamicFileSNIContent{ ret := &DynamicFileSNIContent{
DynamicFileServingContent: servingContent, DynamicCertKeyPairContent: servingContent,
sniNames: sniNames, sniNames: sniNames,
} }
if err := ret.loadServingCert(); err != nil { if err := ret.loadCertKeyPair(); err != nil {
return nil, err return nil, err
} }