rancher/rke
1
0
Fork 0
mirror of https://github.com/rancher/rke.git synced 2025-09-09 02:51:15 +00:00
Code Issues Releases Wiki Activity

Revert "Add per node kubelet server certificate"

Browse Source 
This reverts commit b860e634db.
This commit is contained in:
Sebastiaan van Steenis
2019-08-07 17:35:19 +02:00
committed by Denise
parent b860e634db
commit 3f94e86706
12 changed files with 113 additions and 210 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
cluster/certificates.go
View File

@@ -59,7 +59,7 @@ func GetClusterCertsFromKubernetes(ctx context.Context, kubeCluster *Cluster) (m
}
for _, etcdHost := range kubeCluster.EtcdHosts {
etcdName := pki.GetCrtNameForAddress(etcdHost.InternalAddress, pki.EtcdCertName)
etcdName := pki.GetEtcdCrtName(etcdHost.InternalAddress)
certificatesNames = append(certificatesNames, etcdName)
}
@@ -154,13 +154,13 @@ func RotateRKECertificates(ctx context.Context, c *Cluster, flags ExternalFlags,
var (
serviceAccountTokenKey string
)
componentsCertsFuncMap := map[string][]pki.GenFunc{
services.KubeAPIContainerName: []pki.GenFunc{pki.GenerateKubeAPICertificate},
services.KubeControllerContainerName: []pki.GenFunc{pki.GenerateKubeControllerCertificate},
services.SchedulerContainerName: []pki.GenFunc{pki.GenerateKubeSchedulerCertificate},
services.KubeproxyContainerName: []pki.GenFunc{pki.GenerateKubeProxyCertificate},
services.KubeletContainerName: []pki.GenFunc{pki.GenerateKubeNodeCertificate, pki.GenerateKubeletCertificate},
services.EtcdContainerName: []pki.GenFunc{pki.GenerateEtcdCertificates},
componentsCertsFuncMap := map[string]pki.GenFunc{
services.KubeAPIContainerName: pki.GenerateKubeAPICertificate,
services.KubeControllerContainerName: pki.GenerateKubeControllerCertificate,
services.SchedulerContainerName: pki.GenerateKubeSchedulerCertificate,
services.KubeproxyContainerName: pki.GenerateKubeProxyCertificate,
services.KubeletContainerName: pki.GenerateKubeNodeCertificate,
services.EtcdContainerName: pki.GenerateEtcdCertificates,
}
rotateFlags := c.RancherKubernetesEngineConfig.RotateCertificates
if rotateFlags.CACertificates {
@@ -171,12 +171,10 @@ func RotateRKECertificates(ctx context.Context, c *Cluster, flags ExternalFlags,
rotateFlags.Services = nil
}
for _, k8sComponent := range rotateFlags.Services {
genFunctions := componentsCertsFuncMap[k8sComponent]
if genFunctions != nil {
for _, genFunc := range genFunctions {
if err := genFunc(ctx, c.Certificates, c.RancherKubernetesEngineConfig, flags.ClusterFilePath, flags.ConfigDir, true); err != nil {
return err
}
genFunc := componentsCertsFuncMap[k8sComponent]
if genFunc != nil {
if err := genFunc(ctx, c.Certificates, c.RancherKubernetesEngineConfig, flags.ClusterFilePath, flags.ConfigDir, true); err != nil {
return err
}
}
}