Commit 7682aa53 authored by Jacob Beacham's avatar Jacob Beacham

Allow the CertificateController to use any Signer implementation.

This will allow developers to create CertificateControllers with arbitrary Signers, instead of forcing the use of CFSSLSigner.
parent b88b31cf
...@@ -32,11 +32,17 @@ func startCSRController(ctx ControllerContext) (bool, error) { ...@@ -32,11 +32,17 @@ func startCSRController(ctx ControllerContext) (bool, error) {
return false, nil return false, nil
} }
c := ctx.ClientBuilder.ClientOrDie("certificate-controller") c := ctx.ClientBuilder.ClientOrDie("certificate-controller")
signer, err := certcontroller.NewCFSSLSigner(ctx.Options.ClusterSigningCertFile, ctx.Options.ClusterSigningKeyFile)
if err != nil {
glog.Errorf("Failed to start certificate controller: %v", err)
return false, nil
}
certController, err := certcontroller.NewCertificateController( certController, err := certcontroller.NewCertificateController(
c, c,
ctx.NewInformerFactory.Certificates().V1beta1().CertificateSigningRequests(), ctx.NewInformerFactory.Certificates().V1beta1().CertificateSigningRequests(),
ctx.Options.ClusterSigningCertFile, signer,
ctx.Options.ClusterSigningKeyFile,
certcontroller.NewGroupApprover(ctx.Options.ApproveAllKubeletCSRsForGroup), certcontroller.NewGroupApprover(ctx.Options.ApproveAllKubeletCSRsForGroup),
) )
if err != nil { if err != nil {
......
...@@ -63,21 +63,16 @@ type CertificateController struct { ...@@ -63,21 +63,16 @@ type CertificateController struct {
queue workqueue.RateLimitingInterface queue workqueue.RateLimitingInterface
} }
func NewCertificateController(kubeClient clientset.Interface, csrInformer certificatesinformers.CertificateSigningRequestInformer, caCertFile, caKeyFile string, approver AutoApprover) (*CertificateController, error) { func NewCertificateController(kubeClient clientset.Interface, csrInformer certificatesinformers.CertificateSigningRequestInformer, signer Signer, approver AutoApprover) (*CertificateController, error) {
// Send events to the apiserver // Send events to the apiserver
eventBroadcaster := record.NewBroadcaster() eventBroadcaster := record.NewBroadcaster()
eventBroadcaster.StartLogging(glog.Infof) eventBroadcaster.StartLogging(glog.Infof)
eventBroadcaster.StartRecordingToSink(&v1core.EventSinkImpl{Interface: v1core.New(kubeClient.Core().RESTClient()).Events("")}) eventBroadcaster.StartRecordingToSink(&v1core.EventSinkImpl{Interface: v1core.New(kubeClient.Core().RESTClient()).Events("")})
s, err := NewCFSSLSigner(caCertFile, caKeyFile)
if err != nil {
return nil, err
}
cc := &CertificateController{ cc := &CertificateController{
kubeClient: kubeClient, kubeClient: kubeClient,
queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "certificate"), queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "certificate"),
signer: s, signer: signer,
approver: approver, approver: approver,
} }
......
...@@ -58,12 +58,16 @@ func newController(csrs ...runtime.Object) (*testController, error) { ...@@ -58,12 +58,16 @@ func newController(csrs ...runtime.Object) (*testController, error) {
return nil, err return nil, err
} }
signer, err := NewCFSSLSigner(certFile, keyFile)
if err != nil {
return nil, err
}
approver := &fakeAutoApprover{make(chan *certificates.CertificateSigningRequest, 1)} approver := &fakeAutoApprover{make(chan *certificates.CertificateSigningRequest, 1)}
controller, err := NewCertificateController( controller, err := NewCertificateController(
client, client,
informerFactory.Certificates().V1beta1().CertificateSigningRequests(), informerFactory.Certificates().V1beta1().CertificateSigningRequests(),
certFile, signer,
keyFile,
approver, approver,
) )
if err != nil { if err != nil {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment