New command: gke-certificates-controller

This adds a new stand-alone certificates controller for use on GKE. It
allows calling GKE to sign certificates instead of requiring the CA
private key locally.

It does not aim for 100% feature parity with kube-controller-manager
yet, so for instance, leader election support is omitted.
This commit is contained in:
Jacob Beacham
2017-02-17 14:00:53 -08:00
parent 7a8c467688
commit 0d7a6eb058
12 changed files with 556 additions and 2 deletions

View File

@@ -19,8 +19,6 @@ readonly KUBE_GO_PACKAGE=k8s.io/kubernetes
readonly KUBE_GOPATH="${KUBE_OUTPUT}/go"
# The set of server targets that we are only building for Linux
# Note: if you are adding something here, you might need to add it to
# kube::build::source_targets in build/common.sh as well.
# If you update this list, please also update build/release-tars/BUILD.
kube::golang::server_targets() {
local targets=(
@@ -174,11 +172,15 @@ readonly KUBE_TEST_SERVER_PLATFORMS=("${KUBE_SERVER_PLATFORMS[@]}")
# laptops-versus-not.
readonly KUBE_PARALLEL_BUILD_MEMORY=11
# TODO(pipejakob) gke-certificates-controller is included here to exercise its
# compilation, but it doesn't need to be distributed in any of our tars. Its
# code is only living in this repo temporarily until it finds a new home.
readonly KUBE_ALL_TARGETS=(
"${KUBE_SERVER_TARGETS[@]}"
"${KUBE_CLIENT_TARGETS[@]}"
"${KUBE_TEST_TARGETS[@]}"
"${KUBE_TEST_SERVER_TARGETS[@]}"
cmd/gke-certificates-controller
)
readonly KUBE_ALL_BINARIES=("${KUBE_ALL_TARGETS[@]##*/}")