github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Allow the CertificateController to use any Signer implementation.

Browse Source 
This will allow developers to create CertificateControllers with
arbitrary Signers, instead of forcing the use of CFSSLSigner.
This commit is contained in:
Jacob Beacham
2017-02-10 14:02:58 -08:00
parent b88b31cff4
commit 7682aa53b1
3 changed files with 16 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
cmd/kube-controller-manager/app/certificates.go
View File

@@ -32,11 +32,17 @@ func startCSRController(ctx ControllerContext) (bool, error) {
return false, nil
}
c := ctx.ClientBuilder.ClientOrDie("certificate-controller")
signer, err := certcontroller.NewCFSSLSigner(ctx.Options.ClusterSigningCertFile, ctx.Options.ClusterSigningKeyFile)
if err != nil {
glog.Errorf("Failed to start certificate controller: %v", err)
return false, nil
}
certController, err := certcontroller.NewCertificateController(
c,
ctx.NewInformerFactory.Certificates().V1beta1().CertificateSigningRequests(),
ctx.Options.ClusterSigningCertFile,
ctx.Options.ClusterSigningKeyFile,
signer,
certcontroller.NewGroupApprover(ctx.Options.ApproveAllKubeletCSRsForGroup),
)
if err != nil {