rancher/rke
1
0
Fork 0
mirror of https://github.com/rancher/rke.git synced 2025-09-17 23:49:06 +00:00
Code Issues Releases Wiki Activity

Add support for API aggregation layer

Browse Source 
Add API server parameters
`requestheader-client-ca-file`,
`requestheader-allowed-names`,
`proxy-client-key-file` and
`proxy-client-cert-file`.
After we added this parameters into API server, the API aggregation
server will be supported when it is deployed in rke cluster.
This commit is contained in:
orangedeng
2018-06-22 11:00:12 +08:00
committed by Alena Prokharchyk
parent 241f7857d6
commit 9f7a37845e
5 changed files with 45 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
pki/util.go
View File

@@ -51,13 +51,13 @@ func GenerateSignedCertAndKey(
return clientCert, rootKey, nil
}
func generateCACertAndKey() (*x509.Certificate, *rsa.PrivateKey, error) {
func generateCACertAndKey(commonName string) (*x509.Certificate, *rsa.PrivateKey, error) {
rootKey, err := cert.NewPrivateKey()
if err != nil {
return nil, nil, fmt.Errorf("Failed to generate private key for CA certificate: %v", err)
}
caConfig := cert.Config{
CommonName: CACertName,
CommonName: commonName,
}
kubeCACert, err := cert.NewSelfSignedCACert(caConfig, rootKey)
if err != nil {
@@ -233,6 +233,8 @@ func getControlCertKeys() []string {
KubeNodeCertName,
EtcdClientCertName,
EtcdClientCACertName,
RequestHeaderCACertName,
APIProxyClientCertName,
}
}