Merge pull request #38136 from deads2k/auth-11-join-certs

Automatic merge from submit-queue (batch tested with PRs 36990, 37494, 38152, 37561, 38136) join client CA bundles Last commit grabs client CA bundles from disparate parts of the auth config and makes a pool that contains all of them. I suspect a rebase broke this because of ordering. I'll keep these separate to make it easier for me to debug.
2025-09-11 14:11:14 +00:00 · 2016-12-06 14:13:37 -08:00
parent f600c94eab 6ea1d5d53d
commit d40710988f
10 changed files with 136 additions and 54 deletions
--- a/hack/local-up-cluster.sh
+++ b/hack/local-up-cluster.sh
@@ -461,14 +461,12 @@ EOF
 EOF
    create_client_certkey auth-proxy-client-ca auth-proxy system:auth-proxy

-    sudo bash -c "cat '${CERT_DIR}/client-ca.crt' '${CERT_DIR}/auth-proxy-client-ca.crt' > '${CERT_DIR}/client-ca-bundle.crt'"
-
    APISERVER_LOG=/tmp/kube-apiserver.log
    ${CONTROLPLANE_SUDO} "${GO_OUT}/hyperkube" apiserver ${anytoken_arg} ${auth_proxy_arg} ${authorizer_arg} ${priv_arg} ${runtime_config}\
      ${advertise_address} \
      --v=${LOG_LEVEL} \
      --cert-dir="${CERT_DIR}" \
-      --client-ca-file="${CERT_DIR}/client-ca-bundle.crt" \
+      --client-ca-file="${CERT_DIR}/client-ca.crt" \
      --service-account-key-file="${SERVICE_ACCOUNT_KEY}" \
      --service-account-lookup="${SERVICE_ACCOUNT_LOOKUP}" \
      --admission-control="${ADMISSION_CONTROL}" \