New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow components to generate certificates in-memory #69884

Merged
merged 1 commit into from Oct 30, 2018

Conversation

@liggitt
Member

liggitt commented Oct 16, 2018

What this PR does / why we need it:
Allows components to generate self-signed certificates in-memory if no certificate directory is specified. Defaults kube-controller-manager and cloud-controller manager to doing so.

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #68973

Special notes for your reviewer:

Release note:

kube-controller-manager and cloud-controller-manager now hold generated serving certificates in-memory unless a writeable location is specified with --cert-dir

/assign @sttts

@liggitt

This comment has been minimized.

Member

liggitt commented Oct 16, 2018

/kind bug

@k8s-ci-robot k8s-ci-robot added kind/bug and removed needs-kind labels Oct 16, 2018

@sttts

This comment has been minimized.

Contributor

sttts commented Oct 17, 2018

Looks good overall. One question.

@liggitt

This comment has been minimized.

Member

liggitt commented Oct 17, 2018

/retest

@liggitt

This comment has been minimized.

Member

liggitt commented Oct 17, 2018

@sttts comments addressed

@@ -282,15 +301,21 @@ func (s *SecureServingOptions) MaybeDefaultWithSelfSignedCerts(publicAddress str
if cert, key, err := certutil.GenerateSelfSignedCertKeyWithFixtures(publicAddress, alternateIPs, alternateDNS, s.ServerCert.FixtureDirectory); err != nil {
return fmt.Errorf("unable to generate self signed cert: %v", err)
} else {
} else if len(keyCert.CertFile) > 0 && len(keyCert.KeyFile) > 0 {

This comment has been minimized.

@sttts

sttts Oct 23, 2018

Contributor

can one be set and not the other?

This comment has been minimized.

@liggitt

liggitt Oct 23, 2018

Member

no, line 263 keeps us from getting here in that case.

@sttts

This comment has been minimized.

Contributor

sttts commented Oct 23, 2018

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm label Oct 23, 2018

@liggitt liggitt added this to the v1.13 milestone Oct 23, 2018

@liggitt

This comment has been minimized.

Member

liggitt commented Oct 24, 2018

/assign @mikedanese @luxas
for controller manager approvals

@mikedanese

This comment has been minimized.

Member

mikedanese commented Oct 30, 2018

/approve

@k8s-ci-robot

This comment has been minimized.

Contributor

k8s-ci-robot commented Oct 30, 2018

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: liggitt, mikedanese, sttts

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot merged commit d196d63 into kubernetes:master Oct 30, 2018

18 checks passed

cla/linuxfoundation liggitt authorized
Details
pull-kubernetes-bazel-build Job succeeded.
Details
pull-kubernetes-bazel-test Job succeeded.
Details
pull-kubernetes-cross Skipped
pull-kubernetes-e2e-gce Job succeeded.
Details
pull-kubernetes-e2e-gce-100-performance Job succeeded.
Details
pull-kubernetes-e2e-gce-device-plugin-gpu Job succeeded.
Details
pull-kubernetes-e2e-gke Skipped
pull-kubernetes-e2e-kops-aws Job succeeded.
Details
pull-kubernetes-e2e-kubeadm-gce Skipped
pull-kubernetes-integration Job succeeded.
Details
pull-kubernetes-kubemark-e2e-gce-big Job succeeded.
Details
pull-kubernetes-local-e2e Skipped
pull-kubernetes-local-e2e-containerized Skipped
pull-kubernetes-node-e2e Job succeeded.
Details
pull-kubernetes-typecheck Job succeeded.
Details
pull-kubernetes-verify Job succeeded.
Details
tide In merge pool.
Details

@liggitt liggitt deleted the liggitt:self-sign-in-memory branch Nov 1, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment