github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
b47508700cad0ee4aa600dfa9e827d4c6a855ee7
kubernetes/cmd/kube-apiserver/app
History
Kubernetes Submit Queue 860cae0933 Merge pull request #35488 from dixudx/keystone-ca-cert 
Automatic merge from submit-queue

specify custom ca file to verify the keystone server

<!--  Thanks for sending a pull request!  Here are some tips for you:
1. If this is your first time, read our contributor guidelines https://github.com/kubernetes/kubernetes/blob/master/CONTRIBUTING.md and developer guide https://github.com/kubernetes/kubernetes/blob/master/docs/devel/development.md
2. If you want *faster* PR reviews, read how: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/faster_reviews.md
3. Follow the instructions for writing a release note: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/pull-requests.md#release-notes
-->

**What this PR does / why we need it**:

Sometimes the keystone server's certificate is self-signed, mainly used for internal development, testing and etc.

For this kind of ca, we need a way to verify the keystone server.

Otherwise, below error will occur.

> x509: certificate signed by unknown authority

This patch provide a way to pass in a ca file to verify the keystone server when starting `kube-apiserver`.

**Which issue this PR fixes** : fixes #22695, #24984

**Special notes for your reviewer**:

**Release note**:

<!--  Steps to write your release note:
1. Use the release-note-* labels to set the release note state (if you have access) 
2. Enter your extended release note in the below block; leaving it blank means using the PR title as the release note. If no release note is required, just write `NONE`. 
-->

``` release-note
```
2016-11-08 13:13:00 -08:00
..
options
Allow apiserver to choose preferred kubelet address type
2016-10-31 16:02:38 -04:00
BUILD
Update bazel
2016-10-22 14:31:56 +02:00
plugins.go
add ownerref permission checks
2016-10-17 09:38:05 -04:00
server_test.go
Make master+federation ServerRunOptions embeddings explicit
2016-10-31 11:04:58 +01:00
server.go
Merge pull request #35488 from dixudx/keystone-ca-cert
2016-11-08 13:13:00 -08:00