-
Notifications
You must be signed in to change notification settings - Fork 38.6k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #47094 from cheftako/requestCAFile
Automatic merge from submit-queue (batch tested with PRs 47000, 47188, 47094, 47323, 47124) Set up proxy certs for Aggregator. Working on fixing #43716. This will create the necessary certificates. On GCE is will upload those certificates to Metadata. They are then pulled down on to the kube-apiserver. They are written to the /etc/src/kubernetes/pki directory. Finally they are loaded vi the appropriate command line flags. The requestheader-client-ca-file can be seen by running the following:- kubectl get ConfigMap extension-apiserver-authentication --namespace=kube-system -o yaml **What this PR does / why we need it**: This PR creates a request header CA. It also creates a proxy client cert/key pair. It causes these files to end up on kube-apiserver and set the CLI flags so they are properly loaded. Without it the customer either has to set them up themselves or re-use the master CA which is a security vulnerability. Currently this creates everything on GCE. **Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #43716 **Special notes for your reviewer**:
- Loading branch information
Showing
5 changed files
with
106 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters