github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

controller-manager: add SecureServingOptions

Browse Source
This commit is contained in:
Dr. Stefan Schimanski
2018-02-08 19:28:31 +01:00
parent 4e0114b0dd
commit f4564ea0b8
9 changed files with 60 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
cmd/kube-controller-manager/app/controllermanager.go
View File

@@ -123,6 +123,11 @@ func Run(c *config.CompletedConfig) error {
// Start the controller manager HTTP server
stopCh := make(chan struct{})
if c.Generic.SecureServing != nil {
if err := genericcontrollerconfig.Serve(&c.Generic, c.Generic.SecureServing.Serve, stopCh); err != nil {
return err
}
}
if c.Generic.InsecureServing != nil {
if err := genericcontrollerconfig.Serve(&c.Generic, c.Generic.InsecureServing.Serve, stopCh); err != nil {
return err

3
cmd/kube-controller-manager/app/options/options.go
View File

@@ -52,6 +52,9 @@ func NewKubeControllerManagerOptions() *KubeControllerManagerOptions {
Generic: cmoptions.NewGenericControllerManagerOptions(componentConfig),
}
s.Generic.SecureServing.ServerCert.CertDirectory = "/var/run/kubernetes"
s.Generic.SecureServing.ServerCert.PairName = "kube-controller-manager"
gcIgnoredResources := make([]componentconfig.GroupResource, 0, len(garbagecollector.DefaultIgnoredResources()))
for r := range garbagecollector.DefaultIgnoredResources() {
gcIgnoredResources = append(gcIgnoredResources, componentconfig.GroupResource{Group: r.Group, Resource: r.Resource})

12
cmd/kube-controller-manager/app/options/options_test.go
View File

@@ -27,6 +27,7 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/util/diff"
apiserveroptions "k8s.io/apiserver/pkg/server/options"
cmoptions "k8s.io/kubernetes/cmd/controller-manager/app/options"
"k8s.io/kubernetes/pkg/apis/componentconfig"
)
@@ -104,6 +105,9 @@ func TestAddFlags(t *testing.T) {
"--terminated-pod-gc-threshold=12000",
"--unhealthy-zone-threshold=0.6",
"--use-service-account-credentials=true",
"--cert-dir=/a/b/c",
"--bind-address=192.168.4.21",
"--secure-port=10001",
}
f.Parse(args)
// Sort GCIgnoredResources because it's built from a map, which means the
@@ -205,6 +209,14 @@ func TestAddFlags(t *testing.T) {
HorizontalPodAutoscalerUseRESTClients: true,
UseServiceAccountCredentials: true,
},
SecureServing: &apiserveroptions.SecureServingOptions{
BindPort: 10001,
BindAddress: net.ParseIP("192.168.4.21"),
ServerCert: apiserveroptions.GeneratableKeyCert{
CertDirectory: "/a/b/c",
PairName: "kube-controller-manager",
},
},
InsecureServing: &cmoptions.InsecureServingOptions{
BindAddress: net.ParseIP("192.168.4.10"),
BindPort: int(10000),