From 7682aa53b1f8356da39425e068a2829c9d886d0c Mon Sep 17 00:00:00 2001 From: Jacob Beacham Date: Fri, 10 Feb 2017 14:02:58 -0800 Subject: [PATCH] Allow the CertificateController to use any Signer implementation. This will allow developers to create CertificateControllers with arbitrary Signers, instead of forcing the use of CFSSLSigner. --- cmd/kube-controller-manager/app/certificates.go | 10 ++++++++-- pkg/controller/certificates/certificate_controller.go | 9 ++------- .../certificates/certificate_controller_test.go | 8 ++++++-- 3 files changed, 16 insertions(+), 11 deletions(-) diff --git a/cmd/kube-controller-manager/app/certificates.go b/cmd/kube-controller-manager/app/certificates.go index c377af0795b..acc81707df0 100644 --- a/cmd/kube-controller-manager/app/certificates.go +++ b/cmd/kube-controller-manager/app/certificates.go @@ -32,11 +32,17 @@ func startCSRController(ctx ControllerContext) (bool, error) { return false, nil } c := ctx.ClientBuilder.ClientOrDie("certificate-controller") + + signer, err := certcontroller.NewCFSSLSigner(ctx.Options.ClusterSigningCertFile, ctx.Options.ClusterSigningKeyFile) + if err != nil { + glog.Errorf("Failed to start certificate controller: %v", err) + return false, nil + } + certController, err := certcontroller.NewCertificateController( c, ctx.NewInformerFactory.Certificates().V1beta1().CertificateSigningRequests(), - ctx.Options.ClusterSigningCertFile, - ctx.Options.ClusterSigningKeyFile, + signer, certcontroller.NewGroupApprover(ctx.Options.ApproveAllKubeletCSRsForGroup), ) if err != nil { diff --git a/pkg/controller/certificates/certificate_controller.go b/pkg/controller/certificates/certificate_controller.go index ca921331788..9efe1ec738d 100644 --- a/pkg/controller/certificates/certificate_controller.go +++ b/pkg/controller/certificates/certificate_controller.go @@ -63,21 +63,16 @@ type CertificateController struct { queue workqueue.RateLimitingInterface } -func NewCertificateController(kubeClient clientset.Interface, csrInformer certificatesinformers.CertificateSigningRequestInformer, caCertFile, caKeyFile string, approver AutoApprover) (*CertificateController, error) { +func NewCertificateController(kubeClient clientset.Interface, csrInformer certificatesinformers.CertificateSigningRequestInformer, signer Signer, approver AutoApprover) (*CertificateController, error) { // Send events to the apiserver eventBroadcaster := record.NewBroadcaster() eventBroadcaster.StartLogging(glog.Infof) eventBroadcaster.StartRecordingToSink(&v1core.EventSinkImpl{Interface: v1core.New(kubeClient.Core().RESTClient()).Events("")}) - s, err := NewCFSSLSigner(caCertFile, caKeyFile) - if err != nil { - return nil, err - } - cc := &CertificateController{ kubeClient: kubeClient, queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "certificate"), - signer: s, + signer: signer, approver: approver, } diff --git a/pkg/controller/certificates/certificate_controller_test.go b/pkg/controller/certificates/certificate_controller_test.go index beb2c30add7..f74f562acae 100644 --- a/pkg/controller/certificates/certificate_controller_test.go +++ b/pkg/controller/certificates/certificate_controller_test.go @@ -58,12 +58,16 @@ func newController(csrs ...runtime.Object) (*testController, error) { return nil, err } + signer, err := NewCFSSLSigner(certFile, keyFile) + if err != nil { + return nil, err + } + approver := &fakeAutoApprover{make(chan *certificates.CertificateSigningRequest, 1)} controller, err := NewCertificateController( client, informerFactory.Certificates().V1beta1().CertificateSigningRequests(), - certFile, - keyFile, + signer, approver, ) if err != nil {