github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
48,411 Commits 1 Branch 31 Tags
da85262f70b51da64e82a8ca560a1364e97d26c1
Commit Graph

6 Commits

Author SHA1 Message Date
Jacob Simpson
de23d3fd00 Allow certificate manager to be initialized with client. 
Add test coverage to the certificate manager covering the initialization
scenario where it is initialized with no Certificate Request Signing
client, then the client is added later. This matches how it will be used
when the Certificate Request Signing client is also the consumer of the
certificate manager.
 2017-05-12 13:53:37 -07:00
Jacob Simpson
a926c1f258 Allow certificate manager to be initialized with no certs. 
Adds support to the certificate manager so it can be initialized with no
certs and only a connection to the certificate request signing API. This
specifically covers the scenario for the kubelet server certificate,
where there is a request signing client but on first boot there is no
bootstrapping or local certs.
 2017-05-01 17:36:33 -07:00
Jacob Simpson
ac171f69f7 Restructure unit tests for more cert/keys. 2017-04-28 17:13:48 -07:00
Jacob Simpson
e992eaec8f Add bootstrap support to certificate manager. 2017-04-20 16:27:32 -07:00
Jacob Simpson
e7666648bf Fix the certificate rotation threshold and add jitter. 2017-04-11 09:20:16 -07:00
Jacob Simpson
855627e5cb Rotate the kubelet certificate when about to expire. 
Changes the kubelet so it doesn't use the cert/key files directly for
starting the TLS server. Instead the TLS server reads the cert/key from
the new CertificateManager component, which is responsible for
requesting new certificates from the Certificate Signing Request API on
the API Server.
 2017-02-17 17:42:35 -08:00