diff --git a/cmd/kubeadm/app/cmd/phases/kubeconfig.go b/cmd/kubeadm/app/cmd/phases/kubeconfig.go index 108af43579e..d698f768e85 100644 --- a/cmd/kubeadm/app/cmd/phases/kubeconfig.go +++ b/cmd/kubeadm/app/cmd/phases/kubeconfig.go @@ -103,6 +103,7 @@ func getKubeConfigSubCommands(out io.Writer, outDir, defaultKubernetesVersion st legacyscheme.Scheme.Default(cfg) var cfgPath, token, clientName string + var organizations []string var subCmds []*cobra.Command subCmdProperties := []struct { @@ -159,7 +160,7 @@ func getKubeConfigSubCommands(out io.Writer, outDir, defaultKubernetesVersion st } // Otherwise, write a kubeconfig file with a generate client cert - return kubeconfigphase.WriteKubeConfigWithClientCert(out, cfg, clientName) + return kubeconfigphase.WriteKubeConfigWithClientCert(out, cfg, clientName, organizations) }, }, } @@ -188,6 +189,7 @@ func getKubeConfigSubCommands(out io.Writer, outDir, defaultKubernetesVersion st if properties.use == "user" { cmd.Flags().StringVar(&token, "token", token, "The token that should be used as the authentication mechanism for this kubeconfig, instead of client certificates") cmd.Flags().StringVar(&clientName, "client-name", clientName, "The name of user. It will be used as the CN if client certificates are created") + cmd.Flags().StringSliceVar(&organizations, "org", organizations, "The orgnizations of the client certificate. It will be used as the O if client certificates are created") } subCmds = append(subCmds, cmd) diff --git a/cmd/kubeadm/app/phases/kubeconfig/kubeconfig.go b/cmd/kubeadm/app/phases/kubeconfig/kubeconfig.go index b3449ff7bf3..a3e2060204e 100644 --- a/cmd/kubeadm/app/phases/kubeconfig/kubeconfig.go +++ b/cmd/kubeadm/app/phases/kubeconfig/kubeconfig.go @@ -271,7 +271,7 @@ func createKubeConfigFileIfNotExists(outDir, filename string, config *clientcmda } // WriteKubeConfigWithClientCert writes a kubeconfig file - with a client certificate as authentication info - to the given writer. -func WriteKubeConfigWithClientCert(out io.Writer, cfg *kubeadmapi.MasterConfiguration, clientName string) error { +func WriteKubeConfigWithClientCert(out io.Writer, cfg *kubeadmapi.MasterConfiguration, clientName string, organizations []string) error { // creates the KubeConfigSpecs, actualized for the current MasterConfiguration caCert, caKey, err := pkiutil.TryLoadCertAndKeyFromDisk(cfg.CertificatesDir, kubeadmconstants.CACertAndKeyBaseName) @@ -289,7 +289,8 @@ func WriteKubeConfigWithClientCert(out io.Writer, cfg *kubeadmapi.MasterConfigur APIServer: masterEndpoint, CACert: caCert, ClientCertAuth: &clientCertAuth{ - CAKey: caKey, + CAKey: caKey, + Organizations: organizations, }, } diff --git a/cmd/kubeadm/app/phases/kubeconfig/kubeconfig_test.go b/cmd/kubeadm/app/phases/kubeconfig/kubeconfig_test.go index 6904ce7cf33..cbb74be7b28 100644 --- a/cmd/kubeadm/app/phases/kubeconfig/kubeconfig_test.go +++ b/cmd/kubeadm/app/phases/kubeconfig/kubeconfig_test.go @@ -335,7 +335,7 @@ func TestWriteKubeConfigFailsIfCADoesntExists(t *testing.T) { }{ { // Test WriteKubeConfigWithClientCert writeKubeConfigFunction: func(out io.Writer) error { - return WriteKubeConfigWithClientCert(out, cfg, "myUser") + return WriteKubeConfigWithClientCert(out, cfg, "myUser", []string{"myOrg"}) }, }, { // Test WriteKubeConfigWithToken @@ -383,7 +383,7 @@ func TestWriteKubeConfig(t *testing.T) { }{ { // Test WriteKubeConfigWithClientCert writeKubeConfigFunction: func(out io.Writer) error { - return WriteKubeConfigWithClientCert(out, cfg, "myUser") + return WriteKubeConfigWithClientCert(out, cfg, "myUser", []string{"myOrg"}) }, withClientCert: true, },