github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-09-08 20:50:24 +00:00
Code Issues Projects Releases Wiki Activity

kubeadm-ha-phases

Browse Source
This commit is contained in:
fabriziopandini
2018-07-12 16:45:12 +02:00
parent bc98f7a5f2
commit f9000a3f8a
6 changed files with 162 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
cmd/kubeadm/app/phases/certs/certs.go
View File

@@ -621,6 +621,25 @@ type certKeyLocation struct {
uxName string
}
// SharedCertificateExists verifies if the shared certificates - the certificates that must be
// equal across masters: ca.key, ca.crt, sa.key, sa.pub
func SharedCertificateExists(cfg *kubeadmapi.InitConfiguration) (bool, error) {
if err := validateCACertAndKey(certKeyLocation{cfg.CertificatesDir, kubeadmconstants.CACertAndKeyBaseName, "", "CA"}); err != nil {
return false, err
}
if err := validatePrivatePublicKey(certKeyLocation{cfg.CertificatesDir, "", kubeadmconstants.ServiceAccountKeyBaseName, "service account"}); err != nil {
return false, err
}
if err := validateCACertAndKey(certKeyLocation{cfg.CertificatesDir, kubeadmconstants.FrontProxyCACertAndKeyBaseName, "", "front-proxy CA"}); err != nil {
return false, err
}
return true, nil
}
// UsingExternalCA determines whether the user is relying on an external CA. We currently implicitly determine this is the case
// when both the CA Cert and the front proxy CA Cert are present but the CA Key and front proxy CA Key are not.
// This allows us to, e.g., skip generating certs or not start the csr signing controller.