github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-25 04:33:26 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #41309 from kars7e/add-cafile-openstack

Browse Source 
Automatic merge from submit-queue (batch tested with PRs 40932, 41896, 41815, 41309, 41628)

Add custom CA file to openstack cloud provider config

**What this PR does / why we need it**: Adds ability to specify custom CA bundle file to verify OpenStack endpoint against. Useful in tests and PoC deployments. Similar to what https://github.com/kubernetes/kubernetes/pull/35488 did for authentication.  


**Which issue this PR fixes**: None

**Special notes for your reviewer**: Based on https://github.com/kubernetes/kubernetes/pull/35488 which added support for custom CA file for authentication.

**Release note**:
This commit is contained in:
Kubernetes Submit Queue 2017-02-26 08:10:00 -08:00 committed by GitHub
commit 9a218d406b
2 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/cloudprovider/providers/openstack/BUILD
View File

@ -54,6 +54,8 @@ go_library(
"//vendor:gopkg.in/gcfg.v1", "//vendor:gopkg.in/gcfg.v1",
"//vendor:k8s.io/apimachinery/pkg/api/resource", "//vendor:k8s.io/apimachinery/pkg/api/resource",
"//vendor:k8s.io/apimachinery/pkg/types", "//vendor:k8s.io/apimachinery/pkg/types",
"//vendor:k8s.io/apimachinery/pkg/util/net",
"//vendor:k8s.io/client-go/util/cert",
], ],
) )

14
pkg/cloudprovider/providers/openstack/openstack.go
View File

@ -17,6 +17,7 @@ limitations under the License.
package openstack package openstack
import ( import (
"crypto/tls"
"errors" "errors"
"fmt" "fmt"
"io" "io"
@ -37,6 +38,8 @@ import (
"github.com/golang/glog" "github.com/golang/glog"
"k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/types"
netutil "k8s.io/apimachinery/pkg/util/net"
certutil "k8s.io/client-go/util/cert"
"k8s.io/kubernetes/pkg/api/v1" "k8s.io/kubernetes/pkg/api/v1"
"k8s.io/kubernetes/pkg/cloudprovider" "k8s.io/kubernetes/pkg/cloudprovider"
) )
@ -116,6 +119,7 @@ type Config struct {
DomainId string `gcfg:"domain-id"` DomainId string `gcfg:"domain-id"`
DomainName string `gcfg:"domain-name"` DomainName string `gcfg:"domain-name"`
Region string Region string
CAFile string `gcfg:"ca-file"`
} }
LoadBalancer LoadBalancerOpts LoadBalancer LoadBalancerOpts
BlockStorage BlockStorageOpts BlockStorage BlockStorageOpts
@ -214,6 +218,16 @@ func newOpenStack(cfg Config) (*OpenStack, error) {
if err != nil { if err != nil {
return nil, err return nil, err
} }
if cfg.Global.CAFile != "" {
roots, err := certutil.NewPool(cfg.Global.CAFile)
if err != nil {
return nil, err
}
config := &tls.Config{}
config.RootCAs = roots
provider.HTTPClient.Transport = netutil.SetOldTransportDefaults(&http.Transport{TLSClientConfig: config})
}
if cfg.Global.TrustId != "" { if cfg.Global.TrustId != "" {
opts := cfg.toAuth3Options() opts := cfg.toAuth3Options()
authOptsExt := trusts.AuthOptsExt{ authOptsExt := trusts.AuthOptsExt{