rancher/rke
1
0
Fork 0
mirror of https://github.com/rancher/rke.git synced 2025-09-04 08:24:28 +00:00
Code Issues Releases Wiki Activity

key rotation as part of ClusterUp, more robust secrets rewrite, improved logging

Browse Source
This commit is contained in:
Ryan Sanna
2020-09-24 11:53:10 -07:00
parent 816d4cd130
commit e42ff49fec
8 changed files with 345 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
cmd/up.go
View File

@@ -85,10 +85,9 @@ func ClusterUp(ctx context.Context, dialersOptions hosts.DialersOptions, flags c
if err != nil {
return APIURL, caCrt, clientCert, clientKey, nil, err
}
// We generate the first encryption config in ClusterInit, to store it ASAP. It's written
// to the DesiredState
stateEncryptionConfig := clusterState.DesiredState.EncryptionConfig
// We generate the first encryption config in ClusterInit, to store it ASAP. It's written to the DesiredState
stateEncryptionConfig := clusterState.DesiredState.EncryptionConfig
// if CurrentState has EncryptionConfig, it means this is NOT the first time we enable encryption, we should use the _latest_ applied value from the current cluster
if clusterState.CurrentState.EncryptionConfig != "" {
stateEncryptionConfig = clusterState.CurrentState.EncryptionConfig
@@ -103,6 +102,10 @@ func ClusterUp(ctx context.Context, dialersOptions hosts.DialersOptions, flags c
if kubeCluster.RancherKubernetesEngineConfig.RotateCertificates != nil {
return rebuildClusterWithRotatedCertificates(ctx, dialersOptions, flags, svcOptionsData)
}
// if we need to rotate the encryption key, do so and then return
if kubeCluster.RancherKubernetesEngineConfig.RotateEncryptionKey {
return RotateEncryptionKey(ctx, clusterState.CurrentState.RancherKubernetesEngineConfig.DeepCopy(), dialersOptions, flags)
}
log.Infof(ctx, "Building Kubernetes cluster")
err = kubeCluster.SetupDialers(ctx, dialersOptions)