rancher/rke
1
0
Fork 0
mirror of https://github.com/rancher/rke.git synced 2025-04-28 03:31:24 +00:00
Code Issues Releases Wiki Activity

Merge pull request #48 from moelsayed/fix_37

Browse Source 
Generate new KubeAPI certificate for new nodes using the same key
This commit is contained in:
Hussein Galal 2017-11-27 00:48:10 +02:00 committed by GitHub
commit b204a2d2ed
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
cluster/certificates.go
View File

@ -37,7 +37,8 @@ func regenerateAPICertificate(c *Cluster, certificates map[string]pki.Certificat
kubeAPIAltNames := pki.GetAltNames(c.ControlPlaneHosts, c.ClusterDomain, c.KubernetesServiceIP)
caCrt := certificates[pki.CACertName].Certificate
caKey := certificates[pki.CACertName].Key
kubeAPICert, kubeAPIKey, err := pki.GenerateKubeAPICertAndKey(caCrt, caKey, kubeAPIAltNames)
kubeAPIKey := certificates[pki.KubeAPICertName].Key
kubeAPICert, err := pki.GenerateCertWithKey(pki.KubeAPICertName, kubeAPIKey, caCrt, caKey, kubeAPIAltNames)
if err != nil {
return nil, err
}

14
pki/pki.go
View File

@ -216,6 +216,20 @@ func GenerateKubeAPICertAndKey(caCrt *x509.Certificate, caKey *rsa.PrivateKey, a
return kubeCACert, rootKey, nil
}
func GenerateCertWithKey(commonName string, key *rsa.PrivateKey, caCrt *x509.Certificate, caKey *rsa.PrivateKey, altNames *cert.AltNames) (*x509.Certificate, error) {
caConfig := cert.Config{
CommonName: commonName,
Usages: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth,
x509.ExtKeyUsageServerAuth},
AltNames: *altNames,
}
cert, err := cert.NewSignedCert(caConfig, key, caCrt, caKey)
if err != nil {
return nil, fmt.Errorf("Failed to generate certificate with existing key: %v", err)
}
return cert, nil
}
func generateCACertAndKey() (*x509.Certificate, *rsa.PrivateKey, error) {
rootKey, err := cert.NewPrivateKey()
if err != nil {