mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-11-28 03:47:34 +00:00
55f887e9fb
Automatic merge from submit-queue (batch tested with PRs 47000, 47188, 47094, 47323, 47124) Set up proxy certs for Aggregator. Working on fixing https://github.com/kubernetes/kubernetes/issues/43716. This will create the necessary certificates. On GCE is will upload those certificates to Metadata. They are then pulled down on to the kube-apiserver. They are written to the /etc/src/kubernetes/pki directory. Finally they are loaded vi the appropriate command line flags. The requestheader-client-ca-file can be seen by running the following:- kubectl get ConfigMap extension-apiserver-authentication --namespace=kube-system -o yaml **What this PR does / why we need it**: This PR creates a request header CA. It also creates a proxy client cert/key pair. It causes these files to end up on kube-apiserver and set the CLI flags so they are properly loaded. Without it the customer either has to set them up themselves or re-use the master CA which is a security vulnerability. Currently this creates everything on GCE. **Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #43716 **Special notes for your reviewer**: