github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-23 19:56:01 +00:00
Code Issues Projects Releases Wiki Activity

Allow the CertificateController to use any Signer implementation.

Browse Source 
This will allow developers to create CertificateControllers with
arbitrary Signers, instead of forcing the use of CFSSLSigner.
This commit is contained in:
Jacob Beacham 2017-02-10 14:02:58 -08:00
parent b88b31cff4
commit 7682aa53b1
3 changed files with 16 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
cmd/kube-controller-manager/app/certificates.go
View File

@ -32,11 +32,17 @@ func startCSRController(ctx ControllerContext) (bool, error) {
return false, nil return false, nil
} }
c := ctx.ClientBuilder.ClientOrDie("certificate-controller") c := ctx.ClientBuilder.ClientOrDie("certificate-controller")
signer, err := certcontroller.NewCFSSLSigner(ctx.Options.ClusterSigningCertFile, ctx.Options.ClusterSigningKeyFile)
if err != nil {
glog.Errorf("Failed to start certificate controller: %v", err)
return false, nil
}
certController, err := certcontroller.NewCertificateController( certController, err := certcontroller.NewCertificateController(
c, c,
ctx.NewInformerFactory.Certificates().V1beta1().CertificateSigningRequests(), ctx.NewInformerFactory.Certificates().V1beta1().CertificateSigningRequests(),
ctx.Options.ClusterSigningCertFile, signer,
ctx.Options.ClusterSigningKeyFile,
certcontroller.NewGroupApprover(ctx.Options.ApproveAllKubeletCSRsForGroup), certcontroller.NewGroupApprover(ctx.Options.ApproveAllKubeletCSRsForGroup),
) )
if err != nil { if err != nil {

9
pkg/controller/certificates/certificate_controller.go
View File

@ -63,21 +63,16 @@ type CertificateController struct {
queue workqueue.RateLimitingInterface queue workqueue.RateLimitingInterface
} }
func NewCertificateController(kubeClient clientset.Interface, csrInformer certificatesinformers.CertificateSigningRequestInformer, caCertFile, caKeyFile string, approver AutoApprover) (*CertificateController, error) { func NewCertificateController(kubeClient clientset.Interface, csrInformer certificatesinformers.CertificateSigningRequestInformer, signer Signer, approver AutoApprover) (*CertificateController, error) {
// Send events to the apiserver // Send events to the apiserver
eventBroadcaster := record.NewBroadcaster() eventBroadcaster := record.NewBroadcaster()
eventBroadcaster.StartLogging(glog.Infof) eventBroadcaster.StartLogging(glog.Infof)
eventBroadcaster.StartRecordingToSink(&v1core.EventSinkImpl{Interface: v1core.New(kubeClient.Core().RESTClient()).Events("")}) eventBroadcaster.StartRecordingToSink(&v1core.EventSinkImpl{Interface: v1core.New(kubeClient.Core().RESTClient()).Events("")})
s, err := NewCFSSLSigner(caCertFile, caKeyFile)
if err != nil {
return nil, err
}
cc := &CertificateController{ cc := &CertificateController{
kubeClient: kubeClient, kubeClient: kubeClient,
queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "certificate"), queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "certificate"),
signer: s, signer: signer,
approver: approver, approver: approver,
} }

8
pkg/controller/certificates/certificate_controller_test.go
View File

@ -58,12 +58,16 @@ func newController(csrs ...runtime.Object) (*testController, error) {
return nil, err return nil, err
} }
signer, err := NewCFSSLSigner(certFile, keyFile)
if err != nil {
return nil, err
}
approver := &fakeAutoApprover{make(chan *certificates.CertificateSigningRequest, 1)} approver := &fakeAutoApprover{make(chan *certificates.CertificateSigningRequest, 1)}
controller, err := NewCertificateController( controller, err := NewCertificateController(
client, client,
informerFactory.Certificates().V1beta1().CertificateSigningRequests(), informerFactory.Certificates().V1beta1().CertificateSigningRequests(),
certFile, signer,
keyFile,
approver, approver,
) )
if err != nil { if err != nil {