New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow inverted key/cert order in combined PEM file #69536

Merged
merged 1 commit into from Oct 8, 2018

Conversation

@awly
Contributor

awly commented Oct 8, 2018

What this PR does / why we need it:
certificate.FileStore only handles (cert, key) combined PEM files.
This PR allows (key, cert), which is what openssl req -out foo.pem -keyout foo.pem generates.

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #

Special notes for your reviewer:

Release note:

Kubelet can now parse PEM file containing both TLS certificate and key in arbitrary order. Previously key was always required to be first.
@awly

This comment has been minimized.

Show comment
Hide comment
@awly
Contributor

awly commented Oct 8, 2018

@smarterclayton

This comment has been minimized.

Show comment
Hide comment
@smarterclayton

smarterclayton Oct 8, 2018

Contributor

/lgtm

Contributor

smarterclayton commented Oct 8, 2018

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm label Oct 8, 2018

@liggitt

This comment has been minimized.

Show comment
Hide comment
@liggitt

liggitt Oct 8, 2018

Member

/lgtm
probably worth a release note

Member

liggitt commented Oct 8, 2018

/lgtm
probably worth a release note

@mikedanese

This comment has been minimized.

Show comment
Hide comment
@mikedanese

mikedanese Oct 8, 2018

Member

/lgtm

Hold for relnote.
/hold

Member

mikedanese commented Oct 8, 2018

/lgtm

Hold for relnote.
/hold

@awly

This comment has been minimized.

Show comment
Hide comment
@awly

awly Oct 8, 2018

Contributor

Added relnote, PTAL

Contributor

awly commented Oct 8, 2018

Added relnote, PTAL

@liggitt

This comment has been minimized.

Show comment
Hide comment
@liggitt

liggitt Oct 8, 2018

Member

/approve
needs bazel update

Member

liggitt commented Oct 8, 2018

/approve
needs bazel update

Allow inverted key/cert order in combined PEM file
certificate.FileStore only handles (cert, key) combined PEM files. This
PR allows (key, cert), which is what "openssl req -out foo.pem -keyout
foo.pem" generates.

@k8s-ci-robot k8s-ci-robot removed the lgtm label Oct 8, 2018

@awly

This comment has been minimized.

Show comment
Hide comment
@awly

awly Oct 8, 2018

Contributor

oops, update BUILD and squashed.
need re-lgtm

Contributor

awly commented Oct 8, 2018

oops, update BUILD and squashed.
need re-lgtm

@liggitt

This comment has been minimized.

Show comment
Hide comment
@liggitt

liggitt Oct 8, 2018

Member

/retest
/lgtm

Member

liggitt commented Oct 8, 2018

/retest
/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm label Oct 8, 2018

@k8s-ci-robot

This comment has been minimized.

Show comment
Hide comment
@k8s-ci-robot

k8s-ci-robot Oct 8, 2018

Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: awly, liggitt, mikedanese, smarterclayton

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

Contributor

k8s-ci-robot commented Oct 8, 2018

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: awly, liggitt, mikedanese, smarterclayton

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@mikedanese

This comment has been minimized.

Show comment
Hide comment
@mikedanese

mikedanese Oct 8, 2018

Member

/hold cancel

Member

mikedanese commented Oct 8, 2018

/hold cancel

@k8s-ci-robot k8s-ci-robot merged commit f883fd2 into kubernetes:master Oct 8, 2018

18 checks passed

cla/linuxfoundation awly authorized
Details
pull-kubernetes-bazel-build Job succeeded.
Details
pull-kubernetes-bazel-test Job succeeded.
Details
pull-kubernetes-cross Skipped
pull-kubernetes-e2e-gce Job succeeded.
Details
pull-kubernetes-e2e-gce-100-performance Job succeeded.
Details
pull-kubernetes-e2e-gce-device-plugin-gpu Job succeeded.
Details
pull-kubernetes-e2e-gke Skipped
pull-kubernetes-e2e-kops-aws Job succeeded.
Details
pull-kubernetes-e2e-kubeadm-gce Skipped
pull-kubernetes-integration Job succeeded.
Details
pull-kubernetes-kubemark-e2e-gce-big Job succeeded.
Details
pull-kubernetes-local-e2e Skipped
pull-kubernetes-local-e2e-containerized Skipped
pull-kubernetes-node-e2e Job succeeded.
Details
pull-kubernetes-typecheck Job succeeded.
Details
pull-kubernetes-verify Job succeeded.
Details
tide In merge pool.
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment