controller-manager: add SecureServingOptions

2025-09-15 06:01:50 +00:00 · 2018-02-08 19:28:31 +01:00
parent 4e0114b0dd
commit f4564ea0b8
9 changed files with 60 additions and 3 deletions
--- a/cmd/cloud-controller-manager/app/controllermanager.go
+++ b/cmd/cloud-controller-manager/app/controllermanager.go
@@ -115,6 +115,11 @@ func Run(c *cloudcontrollerconfig.CompletedConfig) error {

 	// Start the controller manager HTTP server
 	stopCh := make(chan struct{})
+	if c.Generic.SecureServing != nil {
+		if err := genericcontrollermanager.Serve(&c.Generic, c.Generic.SecureServing.Serve, stopCh); err != nil {
+			return err
+		}
+	}
 	if c.Generic.InsecureServing != nil {
 		if err := genericcontrollermanager.Serve(&c.Generic, c.Generic.InsecureServing.Serve, stopCh); err != nil {
 			return err
--- a/cmd/cloud-controller-manager/app/options/options.go
+++ b/cmd/cloud-controller-manager/app/options/options.go
@@ -54,6 +54,9 @@ func NewCloudControllerManagerOptions() *CloudControllerManagerOptions {
 	}
 	s.Generic.ComponentConfig.LeaderElection.LeaderElect = true

+	s.Generic.SecureServing.ServerCert.CertDirectory = "/var/run/kubernetes"
+	s.Generic.SecureServing.ServerCert.PairName = "cloud-controller-manager"
+
 	return &s
 }

--- a/cmd/cloud-controller-manager/app/options/options_test.go
+++ b/cmd/cloud-controller-manager/app/options/options_test.go
@@ -26,6 +26,7 @@ import (

 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/diff"
+	apiserveroptions "k8s.io/apiserver/pkg/server/options"
 	cmoptions "k8s.io/kubernetes/cmd/controller-manager/app/options"
 	"k8s.io/kubernetes/pkg/apis/componentconfig"
 )
@@ -63,6 +64,9 @@ func TestAddFlags(t *testing.T) {
 		"--route-reconciliation-period=30s",
 		"--min-resync-period=100m",
 		"--use-service-account-credentials=false",
+		"--cert-dir=/a/b/c",
+		"--bind-address=192.168.4.21",
+		"--secure-port=10001",
 	}
 	f.Parse(args)

@@ -139,6 +143,14 @@ func TestAddFlags(t *testing.T) {
 				CIDRAllocatorType:         "RangeAllocator",
 				Controllers:               []string{"*"},
 			},
+			SecureServing: &apiserveroptions.SecureServingOptions{
+				BindPort:    10001,
+				BindAddress: net.ParseIP("192.168.4.21"),
+				ServerCert: apiserveroptions.GeneratableKeyCert{
+					CertDirectory: "/a/b/c",
+					PairName:      "cloud-controller-manager",
+				},
+			},
 			InsecureServing: &cmoptions.InsecureServingOptions{
 				BindAddress: net.ParseIP("192.168.4.10"),
 				BindPort:    int(10000),