github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-21 02:41:25 +00:00
Code Issues Projects Releases Wiki Activity

Cache loopback cert in the certs dir if set

Browse Source
This commit is contained in:
Darren Shepherd 2019-02-07 20:54:22 -07:00 committed by Rafael Breno
parent cf8033cb13
commit 971ee49018
1 changed files with 2 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
staging/src/k8s.io/apiserver/pkg/server/options/serving_with_loopback.go
View File

@ -18,7 +18,6 @@ package options
import ( import (
"fmt" "fmt"
"time"
"github.com/google/uuid" "github.com/google/uuid"
@ -54,14 +53,11 @@ func (s *SecureServingOptionsWithLoopback) ApplyTo(secureServingInfo **server.Se
// to avoid kube-apiserver disruptions due to certificate expiration. // to avoid kube-apiserver disruptions due to certificate expiration.
// When this certificate expires, restarting kube-apiserver will automatically // When this certificate expires, restarting kube-apiserver will automatically
// regenerate a new certificate with fresh validity dates. // regenerate a new certificate with fresh validity dates.
maxAge := (3*365 + 1) * 24 * time.Hour // maxAge := (3*365 + 1) * 24 * time.Hour
// create self-signed cert+key with the fake server.LoopbackClientServerNameOverride and // create self-signed cert+key with the fake server.LoopbackClientServerNameOverride and
// let the server return it when the loopback client connects. // let the server return it when the loopback client connects.
certPem, keyPem, err := certutil.GenerateSelfSignedCertKeyWithOptions(certutil.SelfSignedCertKeyOptions{ certPem, keyPem, err := certutil.GenerateSelfSignedCertKeyWithFixtures(server.LoopbackClientServerNameOverride, nil, nil, s.SecureServingOptions.ServerCert.CertDirectory)
Host: server.LoopbackClientServerNameOverride,
MaxAge: maxAge,
})
if err != nil { if err != nil {
return fmt.Errorf("failed to generate self-signed certificate for loopback connection: %v", err) return fmt.Errorf("failed to generate self-signed certificate for loopback connection: %v", err)
} }