rancher/rke
1
0
Fork 0
mirror of https://github.com/rancher/rke.git synced 2025-08-08 02:14:30 +00:00
Code Issues Releases Wiki Activity

Check for etcd cert DNS or IPs change

Browse Source
This commit is contained in:
Erik Wilson 2019-05-23 10:57:35 -07:00 committed by Alena Prokharchyk
parent e2f7f865ed
commit 8ccb192aaa
1 changed files with 29 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
pki/services.go
View File

@ -5,6 +5,7 @@ import (
"crypto/rsa" "crypto/rsa"
"fmt" "fmt"
"reflect" "reflect"
"sort"
"github.com/rancher/rke/hosts" "github.com/rancher/rke/hosts"
"github.com/rancher/rke/log" "github.com/rancher/rke/log"
@ -359,11 +360,38 @@ func GenerateEtcdCertificates(ctx context.Context, certs map[string]CertificateP
clusterDomain := rkeConfig.Services.Kubelet.ClusterDomain clusterDomain := rkeConfig.Services.Kubelet.ClusterDomain
etcdHosts := hosts.NodesToHosts(rkeConfig.Nodes, etcdRole) etcdHosts := hosts.NodesToHosts(rkeConfig.Nodes, etcdRole)
etcdAltNames := GetAltNames(etcdHosts, clusterDomain, kubernetesServiceIP, []string{}) etcdAltNames := GetAltNames(etcdHosts, clusterDomain, kubernetesServiceIP, []string{})
var (
dnsNames = make([]string, len(etcdAltNames.DNSNames))
ips = make([]string, len(etcdAltNames.IPs))
)
copy(dnsNames, etcdAltNames.DNSNames)
sort.Strings(dnsNames)
for _, ip := range etcdAltNames.IPs {
ips = append(ips, ip.String())
}
sort.Strings(ips)
for _, host := range etcdHosts { for _, host := range etcdHosts {
etcdName := GetEtcdCrtName(host.InternalAddress) etcdName := GetEtcdCrtName(host.InternalAddress)
if _, ok := certs[etcdName]; ok && certs[etcdName].CertificatePEM != "" && !rotate { if _, ok := certs[etcdName]; ok && certs[etcdName].CertificatePEM != "" && !rotate {
cert := certs[etcdName].Certificate
if cert != nil && len(dnsNames) == len(cert.DNSNames) && len(ips) == len(cert.IPAddresses) {
var (
certDNSNames = make([]string, len(cert.DNSNames))
certIPs = make([]string, len(cert.IPAddresses))
)
copy(certDNSNames, cert.DNSNames)
sort.Strings(certDNSNames)
for _, ip := range cert.IPAddresses {
certIPs = append(certIPs, ip.String())
}
sort.Strings(certIPs)
if reflect.DeepEqual(dnsNames, certDNSNames) && reflect.DeepEqual(ips, certIPs) {
continue continue
} }
}
}
var serviceKey *rsa.PrivateKey var serviceKey *rsa.PrivateKey
if !rotate { if !rotate {
serviceKey = certs[etcdName].Key serviceKey = certs[etcdName].Key