github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-09-16 22:53:22 +00:00
Code Issues Projects Releases Wiki Activity

Fixes using externally managed certs for kubeadm

Browse Source 
Walk the certificate tree, at each step checking for a CACert.
If the CACert is found, try to use it to generate certificates.
Otherwise, generate a new CA cert.
This commit is contained in:
liz
2018-09-05 12:11:16 -04:00
parent be11540775
commit cda8c39f77
5 changed files with 170 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
cmd/kubeadm/app/phases/certs/certs.go
View File

@@ -396,6 +396,11 @@ func validateSignedCert(l certKeyLocation) error {
return fmt.Errorf("failure loading certificate authority for %s: %v", l.uxName, err)
}
return validateSignedCertWithCA(l, caCert)
}
// validateSignedCertWithCA tries to load a certificate and validate it with the given caCert
func validateSignedCertWithCA(l certKeyLocation, caCert *x509.Certificate) error {
// Try to load key and signed certificate
signedCert, _, err := pkiutil.TryLoadCertAndKeyFromDisk(l.pkiDir, l.baseName)
if err != nil {