github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-09-09 13:12:20 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #20313 from AdoHe/apiserver_tls_overwrite

Browse Source 
Auto commit by PR queue bot
This commit is contained in:
k8s-merge-robot
2016-03-25 00:02:24 -07:00
parent b8e390a0f3 2302c6604f
commit 903972e628
1 changed files with 29 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
pkg/genericapiserver/genericapiserver.go
View File

@@ -22,6 +22,7 @@ import (
"net" "net"
"net/http" "net/http"
"net/http/pprof" "net/http/pprof"
"os"
"path" "path"
"regexp" "regexp"
"sort" "sort"
@@ -706,10 +707,12 @@ func (s *GenericAPIServer) Run(options *ServerRunOptions) {
alternateDNS := []string{"kubernetes.default.svc", "kubernetes.default", "kubernetes"} alternateDNS := []string{"kubernetes.default.svc", "kubernetes.default", "kubernetes"}
// It would be nice to set a fqdn subject alt name, but only the kubelets know, the apiserver is clueless // It would be nice to set a fqdn subject alt name, but only the kubelets know, the apiserver is clueless
// alternateDNS = append(alternateDNS, "kubernetes.default.svc.CLUSTER.DNS.NAME") // alternateDNS = append(alternateDNS, "kubernetes.default.svc.CLUSTER.DNS.NAME")
if err := crypto.GenerateSelfSignedCert(s.ClusterIP.String(), options.TLSCertFile, options.TLSPrivateKeyFile, alternateIPs, alternateDNS); err != nil { if shouldGenSelfSignedCerts(options.TLSCertFile, options.TLSPrivateKeyFile) {
glog.Errorf("Unable to generate self signed cert: %v", err) if err := crypto.GenerateSelfSignedCert(s.ClusterIP.String(), options.TLSCertFile, options.TLSPrivateKeyFile, alternateIPs, alternateDNS); err != nil {
} else { glog.Errorf("Unable to generate self signed cert: %v", err)
glog.Infof("Using self-signed cert (%v, %v)", options.TLSCertFile, options.TLSPrivateKeyFile) } else {
glog.Infof("Using self-signed cert (%options, %options)", options.TLSCertFile, options.TLSPrivateKeyFile)
}
} }
} }
@@ -743,6 +746,28 @@ func (s *GenericAPIServer) Run(options *ServerRunOptions) {
glog.Fatal(http.ListenAndServe()) glog.Fatal(http.ListenAndServe())
} }
// If the file represented by path exists and
// readable, return true otherwise return false.
func canReadFile(path string) bool {
f, err := os.Open(path)
if err != nil {
return false
}
defer f.Close()
return true
}
func shouldGenSelfSignedCerts(certPath, keyPath string) bool {
if canReadFile(certPath) || canReadFile(keyPath) {
glog.Infof("using existing apiserver.crt and apiserver.key files")
return false
}
return true
}
func (s *GenericAPIServer) installAPIGroup(apiGroupInfo *APIGroupInfo) error { func (s *GenericAPIServer) installAPIGroup(apiGroupInfo *APIGroupInfo) error {
apiPrefix := s.APIGroupPrefix apiPrefix := s.APIGroupPrefix
if apiGroupInfo.IsLegacyGroup { if apiGroupInfo.IsLegacyGroup {