github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-29 14:37:00 +00:00
Code Issues Projects Releases Wiki Activity

kubeadm: use client-go's MakeCSRFromTemplate() in 'renew'

Browse Source 
Create CSR using the mentioned function which also encodes the
type CertificateRequestBlockType.

Without that 'certs renew' is failing with:
'PEM block type must be CERTIFICATE REQUEST'
This commit is contained in:
Lubomir I. Ivanov 2018-11-08 01:16:33 +02:00
parent 224448b858
commit 8bc0447d8c
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
cmd/kubeadm/app/phases/certs/renewal/certsapi.go
View File

@ -17,7 +17,6 @@ limitations under the License.
package renewal
import (
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"crypto/x509/pkix"
@ -70,7 +69,7 @@ func (r *CertsAPIRenewal) Renew(cfg *certutil.Config) (*x509.Certificate, *rsa.P
return nil, nil, errors.Wrap(err, "couldn't create new private key")
}
csr, err := x509.CreateCertificateRequest(rand.Reader, reqTmp, key)
csr, err := certutil.MakeCSRFromTemplate(key, reqTmp)
if err != nil {
return nil, nil, errors.Wrap(err, "couldn't create certificate signing request")
}