github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2026-01-04 23:17:50 +00:00
Code Issues Projects Releases Wiki Activity

Move service account key file arg to the service-account controller options

Browse Source
This commit is contained in:
Jordan Liggitt
2018-06-18 09:35:51 -04:00
parent 3abba25160
commit dd5dccc740
7 changed files with 15 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
cmd/kube-controller-manager/app/controllermanager.go
View File

@@ -150,7 +150,7 @@ func Run(c *config.CompletedConfig) error {
}
var clientBuilder controller.ControllerClientBuilder
if c.ComponentConfig.KubeCloudShared.UseServiceAccountCredentials {
if len(c.ComponentConfig.KubeCloudShared.ServiceAccountKeyFile) == 0 {
if len(c.ComponentConfig.SAController.ServiceAccountKeyFile) == 0 {
// It'c possible another controller process is creating the tokens for us.
// If one isn't, we'll timeout and exit when our client builder is unable to create the tokens.
glog.Warningf("--use-service-account-credentials was specified without providing a --service-account-private-key-file")
@@ -484,11 +484,11 @@ func (c serviceAccountTokenControllerStarter) startServiceAccountTokenController
return false, nil
}
if len(ctx.ComponentConfig.KubeCloudShared.ServiceAccountKeyFile) == 0 {
if len(ctx.ComponentConfig.SAController.ServiceAccountKeyFile) == 0 {
glog.Warningf("%q is disabled because there is no private key", saTokenControllerName)
return false, nil
}
privateKey, err := certutil.PrivateKeyFromFile(ctx.ComponentConfig.KubeCloudShared.ServiceAccountKeyFile)
privateKey, err := certutil.PrivateKeyFromFile(ctx.ComponentConfig.SAController.ServiceAccountKeyFile)
if err != nil {
return true, fmt.Errorf("error reading key for service account token controller: %v", err)
}

2
cmd/kube-controller-manager/app/options/options_test.go
View File

@@ -149,7 +149,6 @@ func TestAddFlags(t *testing.T) {
AllocateNodeCIDRs: true,
CIDRAllocatorType: "CloudAllocator",
ConfigureCloudRoutes: false,
ServiceAccountKeyFile: "/service-account-private-key",
},
AttachDetachController: &cmoptions.AttachDetachControllerOptions{
ReconcilerSyncLoopPeriod: metav1.Duration{Duration: 30 * time.Second},
@@ -247,6 +246,7 @@ func TestAddFlags(t *testing.T) {
ConcurrentResourceQuotaSyncs: 10,
},
SAController: &cmoptions.SAControllerOptions{
ServiceAccountKeyFile: "/service-account-private-key",
ConcurrentSATokenSyncs: 10,
},
ServiceController: &cmoptions.ServiceControllerOptions{