github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-01 15:58:37 +00:00
Code Issues Projects Releases Wiki Activity
115,151 Commits 42 Branches 7,905 Tags 1.3 GiB
master
Commit Graph

13 Commits

Author SHA1 Message Date
SataQiu
25d845c3b5 kubeadm: fix the bug that kubeadm only uses the first hash in caCertHashes to verify the root CA 2021-05-13 19:38:39 +08:00
Benjamin Elder
56e092e382 hack/update-bazel.sh 2021-02-28 15:17:29 -08:00
Lubomir I. Ivanov
429b7e2272 kubeadm: improve the error messages when validating discovery CA hash 
The error messages when the user feeds an invalid discovery token CA
hash are vague. Make sure to:
- Print the list of supported hash formats (currently only "sha256").
- Wrap the error from pubKeyPins.Allow() with a descriptive message.
 2020-12-14 20:13:36 +02:00
RA489
ad9d2d71c0 remove bash examples/comments from the v1beta1 and v1beta2 APIs 2020-02-07 11:27:02 +05:30
Dmitry Rozhkov
7f8fc5d189 kubeadm: check all available CA certs against pinned certs 
Currently kubeadm produces an error upon parsing multiple
certificates stored in the cluster-info configmap. Yet it
should check all available certificates in a scenario like
CA key rotation.

Check all available CA certs against pinned certificate hashes.

Fixes https://github.com/kubernetes/kubeadm/issues/1399
 2019-04-15 15:08:06 +03:00
yuexiao-wang
c0a9b4d04d add BUILD 
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>
 2018-10-30 16:23:52 +08:00
yuexiao-wang
cc303c8774 [kubeadm/app/]switch to github.com/pkg/errors 
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>
 2018-10-30 16:23:24 +08:00
Jeff Grafton
ef56a8d6bb Autogenerated: hack/update-bazel.sh 2018-02-16 13:43:01 -08:00
Jeff Grafton
efee0704c6 Autogenerate BUILD files 2017-12-23 13:12:11 -08:00
Jeff Grafton
aee5f457db update BUILD files 2017-10-15 18:18:13 -07:00
Jeff Grafton
a7f49c906d Use buildozer to delete licenses() rules except under third_party/ 2017-08-11 09:32:39 -07:00
Jeff Grafton
33276f06be Use buildozer to remove deprecated automanaged tags 2017-08-11 09:31:50 -07:00
Matt Moyer
2dd359ba19 kubeadm: add pubkeypin package (public key pinning hash implementation). 
This change adds a `k8s.io/kubernetes/cmd/kubeadm/app/util/pubkeypin` package which implements x509 public key pinning in the style of RFC7469. This is the public key hash format used by the new `kubeadm join --discovery-token-ca-cert-hash` flag.

Hashes are namespaced with a short type, with "sha256" being the only currently-supported format. Type "sha256" is a hex-encoded SHA-256 hash over the Subject Public Key Info (SPKI) object in DER-encoded ASN.1.
 2017-08-10 11:37:07 -05:00