github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-27 13:37:30 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #88763 from p0lyn0mial/dynamiccertificates-cleanup

Browse Source 
cleans up dynamiccertificates package
This commit is contained in:
Kubernetes Prow Robot 2020-03-05 07:19:04 -08:00 committed by GitHub
commit ab7c75ff3e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 3 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
staging/src/k8s.io/apiserver/pkg/server/dynamiccertificates/configmap_cafile_content.go
View File

@ -97,10 +97,7 @@ func NewDynamicCAFromConfigMapController(purpose, namespace, name, key string, k
queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), fmt.Sprintf("DynamicConfigMapCABundle-%s", purpose)), queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), fmt.Sprintf("DynamicConfigMapCABundle-%s", purpose)),
preRunCaches: []cache.InformerSynced{uncastConfigmapInformer.HasSynced}, preRunCaches: []cache.InformerSynced{uncastConfigmapInformer.HasSynced},
} }
if err := c.loadCABundle(); err != nil {
// don't fail, but do print out a message
klog.Warningf("unable to load initial CA bundle for: %q due to: %s", c.name, err)
}
uncastConfigmapInformer.AddEventHandler(cache.FilteringResourceEventHandler{ uncastConfigmapInformer.AddEventHandler(cache.FilteringResourceEventHandler{
FilterFunc: func(obj interface{}) bool { FilterFunc: func(obj interface{}) bool {
if cast, ok := obj.(*corev1.ConfigMap); ok { if cast, ok := obj.(*corev1.ConfigMap); ok {

1
staging/src/k8s.io/apiserver/pkg/server/dynamiccertificates/dynamic_cafile_content.go
View File

@ -126,6 +126,7 @@ func (c *DynamicFileCAContent) loadCABundle() error {
return err return err
} }
c.caBundle.Store(caBundleAndVerifier) c.caBundle.Store(caBundleAndVerifier)
klog.V(2).Infof("Loaded a new CA Bundle and Verifier for %q", c.Name())
for _, listener := range c.listeners { for _, listener := range c.listeners {
listener.Enqueue() listener.Enqueue()

1
staging/src/k8s.io/apiserver/pkg/server/dynamiccertificates/dynamic_serving_content.go
View File

@ -108,6 +108,7 @@ func (c *DynamicCertKeyPairContent) loadCertKeyPair() error {
} }
c.certKeyPair.Store(newCertKey) c.certKeyPair.Store(newCertKey)
klog.V(2).Infof("Loaded a new cert/key pair for %q", c.Name())
for _, listener := range c.listeners { for _, listener := range c.listeners {
listener.Enqueue() listener.Enqueue()

57
staging/src/k8s.io/apiserver/pkg/server/dynamiccertificates/static_content.go
View File

@ -19,8 +19,6 @@ package dynamiccertificates
import ( import (
"crypto/tls" "crypto/tls"
"crypto/x509" "crypto/x509"
"fmt"
"io/ioutil"
) )
type staticCAContent struct { type staticCAContent struct {
@ -30,19 +28,6 @@ type staticCAContent struct {
var _ CAContentProvider = &staticCAContent{} var _ CAContentProvider = &staticCAContent{}
// NewStaticCAContentFromFile returns a CAContentProvider based on a filename
func NewStaticCAContentFromFile(filename string) (CAContentProvider, error) {
if len(filename) == 0 {
return nil, fmt.Errorf("missing filename for ca bundle")
}
caBundle, err := ioutil.ReadFile(filename)
if err != nil {
return nil, err
}
return NewStaticCAContent(filename, caBundle)
}
// NewStaticCAContent returns a CAContentProvider that always returns the same value // NewStaticCAContent returns a CAContentProvider that always returns the same value
func NewStaticCAContent(name string, caBundle []byte) (CAContentProvider, error) { func NewStaticCAContent(name string, caBundle []byte) (CAContentProvider, error) {
caBundleAndVerifier, err := newCABundleAndVerifier(name, caBundle) caBundleAndVerifier, err := newCABundleAndVerifier(name, caBundle)
@ -81,48 +66,6 @@ type staticSNICertKeyContent struct {
sniNames []string sniNames []string
} }
// NewStaticCertKeyContentFromFiles returns a CertKeyContentProvider based on a filename
func NewStaticCertKeyContentFromFiles(certFile, keyFile string) (CertKeyContentProvider, error) {
if len(certFile) == 0 {
return nil, fmt.Errorf("missing filename for certificate")
}
if len(keyFile) == 0 {
return nil, fmt.Errorf("missing filename for key")
}
certPEMBlock, err := ioutil.ReadFile(certFile)
if err != nil {
return nil, err
}
keyPEMBlock, err := ioutil.ReadFile(keyFile)
if err != nil {
return nil, err
}
return NewStaticCertKeyContent(fmt.Sprintf("cert: %s, key: %s", certFile, keyFile), certPEMBlock, keyPEMBlock)
}
// NewStaticSNICertKeyContentFromFiles returns a SNICertKeyContentProvider based on a filename
func NewStaticSNICertKeyContentFromFiles(certFile, keyFile string, sniNames ...string) (SNICertKeyContentProvider, error) {
if len(certFile) == 0 {
return nil, fmt.Errorf("missing filename for certificate")
}
if len(keyFile) == 0 {
return nil, fmt.Errorf("missing filename for key")
}
certPEMBlock, err := ioutil.ReadFile(certFile)
if err != nil {
return nil, err
}
keyPEMBlock, err := ioutil.ReadFile(keyFile)
if err != nil {
return nil, err
}
return NewStaticSNICertKeyContent(fmt.Sprintf("cert: %s, key: %s", certFile, keyFile), certPEMBlock, keyPEMBlock, sniNames...)
}
// NewStaticCertKeyContent returns a CertKeyContentProvider that always returns the same value // NewStaticCertKeyContent returns a CertKeyContentProvider that always returns the same value
func NewStaticCertKeyContent(name string, cert, key []byte) (CertKeyContentProvider, error) { func NewStaticCertKeyContent(name string, cert, key []byte) (CertKeyContentProvider, error) {
// Ensure that the key matches the cert and both are valid // Ensure that the key matches the cert and both are valid