Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
K
k3s
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Jacklull
k3s
Commits
114711f7
Commit
114711f7
authored
Jan 29, 2018
by
David Eads
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
remove --tls-ca-file which had no effect
parent
6def29e0
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
5 additions
and
32 deletions
+5
-32
local-up-cluster.sh
hack/local-up-cluster.sh
+0
-1
config.go
staging/src/k8s.io/apiserver/pkg/server/config.go
+0
-4
serving.go
staging/src/k8s.io/apiserver/pkg/server/options/serving.go
+5
-27
No files found.
hack/local-up-cluster.sh
View file @
114711f7
...
@@ -554,7 +554,6 @@ function start_apiserver {
...
@@ -554,7 +554,6 @@ function start_apiserver {
--secure-port
=
"
${
API_SECURE_PORT
}
"
\
--secure-port
=
"
${
API_SECURE_PORT
}
"
\
--tls-cert-file
=
"
${
CERT_DIR
}
/serving-kube-apiserver.crt"
\
--tls-cert-file
=
"
${
CERT_DIR
}
/serving-kube-apiserver.crt"
\
--tls-private-key-file
=
"
${
CERT_DIR
}
/serving-kube-apiserver.key"
\
--tls-private-key-file
=
"
${
CERT_DIR
}
/serving-kube-apiserver.key"
\
--tls-ca-file
=
"
${
CERT_DIR
}
/server-ca.crt"
\
--insecure-bind-address
=
"
${
API_HOST_IP
}
"
\
--insecure-bind-address
=
"
${
API_HOST_IP
}
"
\
--insecure-port
=
"
${
API_PORT
}
"
\
--insecure-port
=
"
${
API_PORT
}
"
\
--storage-backend
=
${
STORAGE_BACKEND
}
\
--storage-backend
=
${
STORAGE_BACKEND
}
\
...
...
staging/src/k8s.io/apiserver/pkg/server/config.go
View file @
114711f7
...
@@ -216,10 +216,6 @@ type SecureServingInfo struct {
...
@@ -216,10 +216,6 @@ type SecureServingInfo struct {
// allowed to be in SNICerts.
// allowed to be in SNICerts.
Cert
*
tls
.
Certificate
Cert
*
tls
.
Certificate
// CACert is an optional certificate authority used for the loopback connection of the Admission controllers.
// If this is nil, the certificate authority is extracted from Cert or a matching SNI certificate.
CACert
*
tls
.
Certificate
// SNICerts are the TLS certificates by name used for SNI.
// SNICerts are the TLS certificates by name used for SNI.
SNICerts
map
[
string
]
*
tls
.
Certificate
SNICerts
map
[
string
]
*
tls
.
Certificate
...
...
staging/src/k8s.io/apiserver/pkg/server/options/serving.go
View file @
114711f7
...
@@ -18,9 +18,7 @@ package options
...
@@ -18,9 +18,7 @@ package options
import
(
import
(
"crypto/tls"
"crypto/tls"
"encoding/pem"
"fmt"
"fmt"
"io/ioutil"
"net"
"net"
"path"
"path"
"strconv"
"strconv"
...
@@ -69,8 +67,6 @@ type CertKey struct {
...
@@ -69,8 +67,6 @@ type CertKey struct {
type
GeneratableKeyCert
struct
{
type
GeneratableKeyCert
struct
{
CertKey
CertKey
CertKey
CertKey
// CACertFile is an optional file containing the certificate chain for CertKey.CertFile
CACertFile
string
// CertDirectory is a directory that will contain the certificates. If the cert and key aren't specifically set
// CertDirectory is a directory that will contain the certificates. If the cert and key aren't specifically set
// this will be used to derive a match with the "pair-name"
// this will be used to derive a match with the "pair-name"
CertDirectory
string
CertDirectory
string
...
@@ -135,11 +131,6 @@ func (s *SecureServingOptions) AddFlags(fs *pflag.FlagSet) {
...
@@ -135,11 +131,6 @@ func (s *SecureServingOptions) AddFlags(fs *pflag.FlagSet) {
fs
.
StringVar
(
&
s
.
ServerCert
.
CertKey
.
KeyFile
,
"tls-private-key-file"
,
s
.
ServerCert
.
CertKey
.
KeyFile
,
fs
.
StringVar
(
&
s
.
ServerCert
.
CertKey
.
KeyFile
,
"tls-private-key-file"
,
s
.
ServerCert
.
CertKey
.
KeyFile
,
"File containing the default x509 private key matching --tls-cert-file."
)
"File containing the default x509 private key matching --tls-cert-file."
)
fs
.
StringVar
(
&
s
.
ServerCert
.
CACertFile
,
"tls-ca-file"
,
s
.
ServerCert
.
CACertFile
,
"If set, this "
+
"certificate authority will used for secure access from Admission "
+
"Controllers. This must be a valid PEM-encoded CA bundle. Altneratively, the certificate authority "
+
"can be appended to the certificate provided by --tls-cert-file."
)
fs
.
StringSliceVar
(
&
s
.
CipherSuites
,
"tls-cipher-suites"
,
s
.
CipherSuites
,
fs
.
StringSliceVar
(
&
s
.
CipherSuites
,
"tls-cipher-suites"
,
s
.
CipherSuites
,
"Comma-separated list of cipher suites for the server. "
+
"Comma-separated list of cipher suites for the server. "
+
"Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants). "
+
"Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants). "
+
...
@@ -157,6 +148,11 @@ func (s *SecureServingOptions) AddFlags(fs *pflag.FlagSet) {
...
@@ -157,6 +148,11 @@ func (s *SecureServingOptions) AddFlags(fs *pflag.FlagSet) {
"trump over extracted names. For multiple key/certificate pairs, use the "
+
"trump over extracted names. For multiple key/certificate pairs, use the "
+
"--tls-sni-cert-key multiple times. "
+
"--tls-sni-cert-key multiple times. "
+
"Examples:
\"
example.crt,example.key
\"
or
\"
foo.crt,foo.key:*.foo.com,foo.com
\"
."
)
"Examples:
\"
example.crt,example.key
\"
or
\"
foo.crt,foo.key:*.foo.com,foo.com
\"
."
)
// TODO remove this flag in 1.11. The flag had no effect before this will prevent scripts from immediately failing on upgrade.
fs
.
String
(
"tls-ca-file"
,
""
,
"This flag has no effect."
)
fs
.
MarkDeprecated
(
"tls-ca-file"
,
"This flag has no effect."
)
}
}
func
(
s
*
SecureServingOptions
)
AddDeprecatedFlags
(
fs
*
pflag
.
FlagSet
)
{
func
(
s
*
SecureServingOptions
)
AddDeprecatedFlags
(
fs
*
pflag
.
FlagSet
)
{
...
@@ -230,24 +226,6 @@ func (s *SecureServingOptions) applyServingInfoTo(c *server.Config) error {
...
@@ -230,24 +226,6 @@ func (s *SecureServingOptions) applyServingInfoTo(c *server.Config) error {
secureServingInfo
.
Cert
=
&
tlsCert
secureServingInfo
.
Cert
=
&
tlsCert
}
}
// optionally load CA cert
if
len
(
s
.
ServerCert
.
CACertFile
)
!=
0
{
pemData
,
err
:=
ioutil
.
ReadFile
(
s
.
ServerCert
.
CACertFile
)
if
err
!=
nil
{
return
fmt
.
Errorf
(
"failed to read certificate authority from %q: %v"
,
s
.
ServerCert
.
CACertFile
,
err
)
}
block
,
pemData
:=
pem
.
Decode
(
pemData
)
if
block
==
nil
{
return
fmt
.
Errorf
(
"no certificate found in certificate authority file %q"
,
s
.
ServerCert
.
CACertFile
)
}
if
block
.
Type
!=
"CERTIFICATE"
{
return
fmt
.
Errorf
(
"expected CERTIFICATE block in certiticate authority file %q, found: %s"
,
s
.
ServerCert
.
CACertFile
,
block
.
Type
)
}
secureServingInfo
.
CACert
=
&
tls
.
Certificate
{
Certificate
:
[][]
byte
{
block
.
Bytes
},
}
}
if
len
(
s
.
CipherSuites
)
!=
0
{
if
len
(
s
.
CipherSuites
)
!=
0
{
cipherSuites
,
err
:=
utilflag
.
TLSCipherSuites
(
s
.
CipherSuites
)
cipherSuites
,
err
:=
utilflag
.
TLSCipherSuites
(
s
.
CipherSuites
)
if
err
!=
nil
{
if
err
!=
nil
{
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment