mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-24 20:24:09 +00:00
Merge pull request #70551 from liztio/fix-renew-overflow
Fix overflow issue on renewal
This commit is contained in:
commit
ee94a56214
@ -89,14 +89,20 @@ func getRenewSubCommands() []*cobra.Command {
|
|||||||
kubeadmutil.CheckErr(err)
|
kubeadmutil.CheckErr(err)
|
||||||
|
|
||||||
cmdList := []*cobra.Command{}
|
cmdList := []*cobra.Command{}
|
||||||
allCmds := []func() error{}
|
funcList := []func(){}
|
||||||
|
|
||||||
for caCert, certs := range certTree {
|
for caCert, certs := range certTree {
|
||||||
// Don't offer to renew CAs; would cause serious consequences
|
// Don't offer to renew CAs; would cause serious consequences
|
||||||
for _, cert := range certs {
|
for _, cert := range certs {
|
||||||
cmd := makeCommandForRenew(cert, caCert, cfg)
|
// get the cobra.Command skeleton for this command
|
||||||
|
cmd := generateRenewalCommand(cert, cfg)
|
||||||
|
// get the implementation of renewing this certificate
|
||||||
|
renewalFunc := generateRenewalFunction(cert, caCert, cfg)
|
||||||
|
// install the implementation into the command
|
||||||
|
cmd.Run = func(*cobra.Command, []string) { renewalFunc() }
|
||||||
cmdList = append(cmdList, cmd)
|
cmdList = append(cmdList, cmd)
|
||||||
allCmds = append(allCmds, cmd.Execute)
|
// Collect renewal functions for `renew all`
|
||||||
|
funcList = append(funcList, renewalFunc)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -105,9 +111,8 @@ func getRenewSubCommands() []*cobra.Command {
|
|||||||
Short: "renew all available certificates",
|
Short: "renew all available certificates",
|
||||||
Long: allLongDesc,
|
Long: allLongDesc,
|
||||||
Run: func(*cobra.Command, []string) {
|
Run: func(*cobra.Command, []string) {
|
||||||
for _, cmd := range allCmds {
|
for _, f := range funcList {
|
||||||
err := cmd()
|
f()
|
||||||
kubeadmutil.CheckErr(err)
|
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
@ -124,28 +129,26 @@ func addFlags(cmd *cobra.Command, cfg *renewConfig) {
|
|||||||
cmd.Flags().BoolVar(&cfg.useAPI, "use-api", cfg.useAPI, "Use the Kubernetes certificate API to renew certificates")
|
cmd.Flags().BoolVar(&cfg.useAPI, "use-api", cfg.useAPI, "Use the Kubernetes certificate API to renew certificates")
|
||||||
}
|
}
|
||||||
|
|
||||||
// generateCertCommand takes mostly strings instead of structs to avoid using structs in a for loop
|
func generateRenewalFunction(cert *certsphase.KubeadmCert, caCert *certsphase.KubeadmCert, cfg *renewConfig) func() {
|
||||||
func generateCertCommand(name, longName, baseName, caCertBaseName string, cfg *renewConfig) *cobra.Command {
|
return func() {
|
||||||
return &cobra.Command{
|
internalcfg, err := configutil.ConfigFileAndDefaultsToInternalConfig(cfg.cfgPath, &cfg.cfg)
|
||||||
Use: name,
|
kubeadmutil.CheckErr(err)
|
||||||
Short: fmt.Sprintf("Generates the %s", longName),
|
renewer, err := getRenewer(cfg, caCert.BaseName)
|
||||||
Long: fmt.Sprintf(genericLongDesc, longName, baseName),
|
kubeadmutil.CheckErr(err)
|
||||||
Run: func(cmd *cobra.Command, args []string) {
|
|
||||||
internalcfg, err := configutil.ConfigFileAndDefaultsToInternalConfig(cfg.cfgPath, &cfg.cfg)
|
|
||||||
kubeadmutil.CheckErr(err)
|
|
||||||
renewer, err := getRenewer(cfg, caCertBaseName)
|
|
||||||
kubeadmutil.CheckErr(err)
|
|
||||||
|
|
||||||
err = renewal.RenewExistingCert(internalcfg.CertificatesDir, baseName, renewer)
|
err = renewal.RenewExistingCert(internalcfg.CertificatesDir, cert.BaseName, renewer)
|
||||||
kubeadmutil.CheckErr(err)
|
kubeadmutil.CheckErr(err)
|
||||||
},
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func makeCommandForRenew(cert *certsphase.KubeadmCert, caCert *certsphase.KubeadmCert, cfg *renewConfig) *cobra.Command {
|
func generateRenewalCommand(cert *certsphase.KubeadmCert, cfg *renewConfig) *cobra.Command {
|
||||||
certCmd := generateCertCommand(cert.Name, cert.LongName, cert.BaseName, caCert.BaseName, cfg)
|
cmd := &cobra.Command{
|
||||||
addFlags(certCmd, cfg)
|
Use: cert.Name,
|
||||||
return certCmd
|
Short: fmt.Sprintf("Generates the %s", cert.LongName),
|
||||||
|
Long: fmt.Sprintf(genericLongDesc, cert.LongName, cert.BaseName),
|
||||||
|
}
|
||||||
|
addFlags(cmd, cfg)
|
||||||
|
return cmd
|
||||||
}
|
}
|
||||||
|
|
||||||
func getRenewer(cfg *renewConfig, caCertBaseName string) (renewal.Interface, error) {
|
func getRenewer(cfg *renewConfig, caCertBaseName string) (renewal.Interface, error) {
|
||||||
|
Loading…
Reference in New Issue
Block a user