rancher/rke
1
0
Fork 0
mirror of https://github.com/rancher/rke.git synced 2025-07-06 12:06:15 +00:00
Code Issues Releases Wiki Activity

Regenerate requestheader ca for legacy clusters

Browse Source
This commit is contained in:
galal-hussein 2019-03-06 03:02:46 +02:00 committed by Alena Prokharchyk
parent edf9d3bf9b
commit 2aac0e475f
2 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
cluster/state.go
View File

@ -174,8 +174,13 @@ func RebuildState(ctx context.Context, rkeConfig *v3.RancherKubernetesEngineConf
} }
newState.DesiredState.CertificatesBundle = certBundle newState.DesiredState.CertificatesBundle = certBundle
} else { } else {
// Regenerating etcd certificates for any new etcd nodes
pkiCertBundle := oldState.DesiredState.CertificatesBundle pkiCertBundle := oldState.DesiredState.CertificatesBundle
// check for legacy clusters prior to requestheaderca
if pkiCertBundle[pki.RequestHeaderCACertName].Certificate == nil {
if err := pki.GenerateRKERequestHeaderCACert(ctx, pkiCertBundle, flags.ClusterFilePath, flags.ConfigDir); err != nil {
return nil, err
}
}
if err := pki.GenerateRKEServicesCerts(ctx, pkiCertBundle, *rkeConfig, flags.ClusterFilePath, flags.ConfigDir, false); err != nil { if err := pki.GenerateRKEServicesCerts(ctx, pkiCertBundle, *rkeConfig, flags.ClusterFilePath, flags.ConfigDir, false); err != nil {
return nil, err return nil, err
} }

10
pki/services.go
View File

@ -400,6 +400,13 @@ func GenerateServiceTokenKey(ctx context.Context, certs map[string]CertificatePK
} }
func GenerateRKECACerts(ctx context.Context, certs map[string]CertificatePKI, configPath, configDir string) error { func GenerateRKECACerts(ctx context.Context, certs map[string]CertificatePKI, configPath, configDir string) error {
if err := GenerateRKEMasterCACert(ctx, certs, configPath, configDir); err != nil {
return err
}
return GenerateRKERequestHeaderCACert(ctx, certs, configPath, configDir)
}
func GenerateRKEMasterCACert(ctx context.Context, certs map[string]CertificatePKI, configPath, configDir string) error {
// generate kubernetes CA certificate and key // generate kubernetes CA certificate and key
log.Infof(ctx, "[certificates] Generating CA kubernetes certificates") log.Infof(ctx, "[certificates] Generating CA kubernetes certificates")
@ -408,7 +415,10 @@ func GenerateRKECACerts(ctx context.Context, certs map[string]CertificatePKI, co
return err return err
} }
certs[CACertName] = ToCertObject(CACertName, "", "", caCrt, caKey, nil) certs[CACertName] = ToCertObject(CACertName, "", "", caCrt, caKey, nil)
return nil
}
func GenerateRKERequestHeaderCACert(ctx context.Context, certs map[string]CertificatePKI, configPath, configDir string) error {
// generate request header client CA certificate and key // generate request header client CA certificate and key
log.Infof(ctx, "[certificates] Generating Kubernetes API server aggregation layer requestheader client CA certificates") log.Infof(ctx, "[certificates] Generating Kubernetes API server aggregation layer requestheader client CA certificates")
requestHeaderCACrt, requestHeaderCAKey, err := GenerateCACertAndKey(RequestHeaderCACertName, nil) requestHeaderCACrt, requestHeaderCAKey, err := GenerateCACertAndKey(RequestHeaderCACertName, nil)