rancher/rke
1
0
Fork 0
mirror of https://github.com/rancher/rke.git synced 2025-04-28 03:31:24 +00:00
Code Issues Releases Wiki Activity

fix custom certs csr generation to do deep compairson for etcd and compare for all nodes and not just first

Browse Source
This commit is contained in:
Faisal Chaudhry 2021-06-10 15:58:04 -04:00
parent eccc55a1ab
commit 57a2ba00a0
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
pki/services.go
View File

@ -419,9 +419,12 @@ func GenerateEtcdCSRs(ctx context.Context, certs map[string]CertificatePKI, rkeC
for _, host := range etcdHosts { for _, host := range etcdHosts {
etcdName := GetCrtNameForHost(host, EtcdCertName) etcdName := GetCrtNameForHost(host, EtcdCertName)
etcdCrt := certs[etcdName].Certificate etcdCrt := certs[etcdName].Certificate
etcdCSRPEM := certs[etcdName].CSRPEM etcdCsr := certs[etcdName].CSR
if etcdCSRPEM != "" { if etcdCsr != nil {
return nil if reflect.DeepEqual(etcdAltNames.DNSNames, etcdCsr.DNSNames) &&
DeepEqualIPsAltNames(etcdAltNames.IPs, etcdCsr.IPAddresses) {
continue
}
} }
logrus.Infof("[certificates] Generating etcd-%s csr and key", host.InternalAddress) logrus.Infof("[certificates] Generating etcd-%s csr and key", host.InternalAddress)
etcdCSR, etcdKey, err := GenerateCertSigningRequestAndKey(true, EtcdCertName, etcdAltNames, certs[etcdName].Key, nil) etcdCSR, etcdKey, err := GenerateCertSigningRequestAndKey(true, EtcdCertName, etcdAltNames, certs[etcdName].Key, nil)
@ -532,7 +535,7 @@ func GenerateKubeletCSR(ctx context.Context, certs map[string]CertificatePKI, rk
if oldKubeletCSR != nil && if oldKubeletCSR != nil &&
reflect.DeepEqual(kubeletAltNames.DNSNames, oldKubeletCSR.DNSNames) && reflect.DeepEqual(kubeletAltNames.DNSNames, oldKubeletCSR.DNSNames) &&
DeepEqualIPsAltNames(kubeletAltNames.IPs, oldKubeletCSR.IPAddresses) { DeepEqualIPsAltNames(kubeletAltNames.IPs, oldKubeletCSR.IPAddresses) {
return nil continue
} }
logrus.Infof("[certificates] Generating %s Kubernetes Kubelet csr", kubeletName) logrus.Infof("[certificates] Generating %s Kubernetes Kubelet csr", kubeletName)
kubeletCSR, kubeletKey, err := GenerateCertSigningRequestAndKey(true, kubeletName, kubeletAltNames, certs[kubeletName].Key, nil) kubeletCSR, kubeletKey, err := GenerateCertSigningRequestAndKey(true, kubeletName, kubeletAltNames, certs[kubeletName].Key, nil)