Resolve uncompatibility from update: etcd CAFile -> TrustedCAFIle

Kubernetes-commit: 9ead9373f350c7ad438257a9e8b8977a67b900eb
2019-10-23 11:15:43 -07:00 · 2019-10-23 11:15:43 -07:00 · e518fe04f6
parent 41da2ced4c
commit e518fe04f6
9 changed files with 46 additions and 45 deletions
--- a/pkg/server/options/etcd.go
+++ b/pkg/server/options/etcd.go
@ -161,7 +161,7 @@ func (s *EtcdOptions) AddFlags(fs *pflag.FlagSet) {
 	fs.StringVar(&s.StorageConfig.Transport.CertFile, "etcd-certfile", s.StorageConfig.Transport.CertFile,
 		"SSL certification file used to secure etcd communication.")
-	fs.StringVar(&s.StorageConfig.Transport.CAFile, "etcd-cafile", s.StorageConfig.Transport.CAFile,
+	fs.StringVar(&s.StorageConfig.Transport.TrustedCAFile, "etcd-cafile", s.StorageConfig.Transport.TrustedCAFile,
 		"SSL Certificate Authority file used to secure etcd communication.")
 	fs.StringVar(&s.EncryptionProviderConfigFilepath, "experimental-encryption-provider-config", s.EncryptionProviderConfigFilepath,
--- a/pkg/server/options/etcd_test.go
+++ b/pkg/server/options/etcd_test.go
@ -42,7 +42,7 @@ func TestEtcdOptionsValidate(t *testing.T) {
 					Transport: storagebackend.TransportConfig{
 						ServerList:    nil,
 						KeyFile:       "/var/run/kubernetes/etcd.key",
-						CAFile:     "/var/run/kubernetes/etcdca.crt",
+						TrustedCAFile: "/var/run/kubernetes/etcdca.crt",
 						CertFile:      "/var/run/kubernetes/etcdce.crt",
 					},
 					CompactionInterval:    storagebackend.DefaultCompactInterval,
@ -66,7 +66,7 @@ func TestEtcdOptionsValidate(t *testing.T) {
 					Transport: storagebackend.TransportConfig{
 						ServerList:    []string{"http://127.0.0.1"},
 						KeyFile:       "/var/run/kubernetes/etcd.key",
-						CAFile:     "/var/run/kubernetes/etcdca.crt",
+						TrustedCAFile: "/var/run/kubernetes/etcdca.crt",
 						CertFile:      "/var/run/kubernetes/etcdce.crt",
 					},
 					CompactionInterval:    storagebackend.DefaultCompactInterval,
@ -89,7 +89,7 @@ func TestEtcdOptionsValidate(t *testing.T) {
 					Transport: storagebackend.TransportConfig{
 						ServerList:    []string{"http://127.0.0.1"},
 						KeyFile:       "/var/run/kubernetes/etcd.key",
-						CAFile:     "/var/run/kubernetes/etcdca.crt",
+						TrustedCAFile: "/var/run/kubernetes/etcdca.crt",
 						CertFile:      "/var/run/kubernetes/etcdce.crt",
 					},
 					Prefix:                "/registry",
@ -114,7 +114,7 @@ func TestEtcdOptionsValidate(t *testing.T) {
 					Transport: storagebackend.TransportConfig{
 						ServerList:    []string{"http://127.0.0.1"},
 						KeyFile:       "/var/run/kubernetes/etcd.key",
-						CAFile:     "/var/run/kubernetes/etcdca.crt",
+						TrustedCAFile: "/var/run/kubernetes/etcdca.crt",
 						CertFile:      "/var/run/kubernetes/etcdce.crt",
 					},
 					CompactionInterval:    storagebackend.DefaultCompactInterval,
--- a/pkg/server/storage/storage_factory.go
+++ b/pkg/server/storage/storage_factory.go
@ -307,8 +307,8 @@ func (s *DefaultStorageFactory) Backends() []Backend {
 			tlsConfig.Certificates = []tls.Certificate{cert}
 		}
 	}
-	if len(s.StorageConfig.Transport.CAFile) > 0 {
+	if len(s.StorageConfig.Transport.TrustedCAFile) > 0 {
-		if caCert, err := ioutil.ReadFile(s.StorageConfig.Transport.CAFile); err != nil {
+		if caCert, err := ioutil.ReadFile(s.StorageConfig.Transport.TrustedCAFile); err != nil {
 			klog.Errorf("failed to read ca file while getting backends: %s", err)
 		} else {
 			caPool := x509.NewCertPool()
--- a/pkg/storage/etcd3/event_test.go
+++ b/pkg/storage/etcd3/event_test.go
@ -17,10 +17,10 @@ limitations under the License.
 package etcd3
 import (
 	"go.etcd.io/etcd/clientv3"
 	"go.etcd.io/etcd/mvcc/mvccpb"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"go.etcd.io/etcd/clientv3"
 	"go.etcd.io/etcd/mvcc/mvccpb"
 	"testing"
 )
--- a/pkg/storage/etcd3/store_test.go
+++ b/pkg/storage/etcd3/store_test.go
@ -29,9 +29,9 @@ import (
 	"sync"
 	"testing"
 	"github.com/coreos/pkg/capnslog"
 	"go.etcd.io/etcd/clientv3"
 	"go.etcd.io/etcd/integration"
 	"github.com/coreos/pkg/capnslog"
 	apitesting "k8s.io/apimachinery/pkg/api/apitesting"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
--- a/pkg/storage/etcd3/testing/test_server.go
+++ b/pkg/storage/etcd3/testing/test_server.go
@ -42,6 +42,7 @@ import (
 	"go.etcd.io/etcd/pkg/testutil"
 	"go.etcd.io/etcd/pkg/transport"
 	"go.etcd.io/etcd/pkg/types"
 	"go.uber.org/zap"
 	"k8s.io/klog"
 )
@ -87,7 +88,7 @@ func newSecuredLocalListener(t *testing.T, certFile, keyFile, caFile string) net
 	tlsInfo := transport.TLSInfo{
 		CertFile:      certFile,
 		KeyFile:       keyFile,
-		CAFile:   caFile,
+		TrustedCAFile: caFile,
 	}
 	tlscfg, err := tlsInfo.ServerConfig()
 	if err != nil {
@ -105,7 +106,7 @@ func newHTTPTransport(t *testing.T, certFile, keyFile, caFile string) etcd.Cance
 	tlsInfo := transport.TLSInfo{
 		CertFile:      certFile,
 		KeyFile:       keyFile,
-		CAFile:   caFile,
+		TrustedCAFile: caFile,
 	}
 	tr, err := transport.NewTransport(tlsInfo, time.Second)
 	if err != nil {
@ -194,7 +195,7 @@ func (m *EtcdTestServer) launch(t *testing.T) error {
 	}
 	m.s.SyncTicker = time.NewTicker(500 * time.Millisecond)
 	m.s.Start()
-	m.raftHandler = &testutil.PauseableHandler{Next: etcdhttp.NewPeerHandler(m.s)}
+	m.raftHandler = &testutil.PauseableHandler{Next: etcdhttp.NewPeerHandler(zap.NewExample(), m.s)}
 	for _, ln := range m.PeerListeners {
 		hs := &httptest.Server{
 			Listener: ln,
@ -206,7 +207,7 @@ func (m *EtcdTestServer) launch(t *testing.T) error {
 	for _, ln := range m.ClientListeners {
 		hs := &httptest.Server{
 			Listener: ln,
-			Config:   &http.Server{Handler: v2http.NewClientHandler(m.s, m.ServerConfig.ReqTimeout())},
+			Config:   &http.Server{Handler: v2http.NewClientHandler(zap.NewExample(), m.s, m.ServerConfig.ReqTimeout())},
 		}
 		hs.Start()
 		m.hss = append(m.hss, hs)
--- a/pkg/storage/storagebackend/config.go
+++ b/pkg/storage/storagebackend/config.go
@ -38,7 +38,7 @@ type TransportConfig struct {
 	// TLS credentials
 	KeyFile       string
 	CertFile      string
-	CAFile   string
+	TrustedCAFile string
 	// function to determine the egress dialer. (i.e. konnectivity server dialer)
 	EgressLookup egressselector.Lookup
 }
--- a/pkg/storage/storagebackend/factory/etcd3.go
+++ b/pkg/storage/storagebackend/factory/etcd3.go
@ -26,9 +26,9 @@ import (
 	"sync/atomic"
 	"time"
 	grpcprom "github.com/grpc-ecosystem/go-grpc-prometheus"
 	"go.etcd.io/etcd/clientv3"
 	"go.etcd.io/etcd/pkg/transport"
 	grpcprom "github.com/grpc-ecosystem/go-grpc-prometheus"
 	"google.golang.org/grpc"
 	utilnet "k8s.io/apimachinery/pkg/util/net"
@ -99,7 +99,7 @@ func newETCD3Client(c storagebackend.TransportConfig) (*clientv3.Client, error)
 	tlsInfo := transport.TLSInfo{
 		CertFile:      c.CertFile,
 		KeyFile:       c.KeyFile,
-		CAFile:   c.CAFile,
+		TrustedCAFile: c.TrustedCAFile,
 	}
 	tlsConfig, err := tlsInfo.ClientConfig()
 	if err != nil {
@ -107,7 +107,7 @@ func newETCD3Client(c storagebackend.TransportConfig) (*clientv3.Client, error)
 	}
 	// NOTE: Client relies on nil tlsConfig
 	// for non-secure connections, update the implicit variable
-	if len(c.CertFile) == 0 && len(c.KeyFile) == 0 && len(c.CAFile) == 0 {
+	if len(c.CertFile) == 0 && len(c.KeyFile) == 0 && len(c.TrustedCAFile) == 0 {
 		tlsConfig = nil
 	}
 	networkContext := egressselector.Etcd.AsNetworkContext()
--- a/pkg/storage/storagebackend/factory/tls_test.go
+++ b/pkg/storage/storagebackend/factory/tls_test.go
@ -56,7 +56,7 @@ func TestTLSConnection(t *testing.T) {
 	tlsInfo := &transport.TLSInfo{
 		CertFile:      certFile,
 		KeyFile:       keyFile,
-		CAFile:   caFile,
+		TrustedCAFile: caFile,
 	}
 	cluster := integration.NewClusterV3(t, &integration.ClusterConfig{
@ -71,7 +71,7 @@ func TestTLSConnection(t *testing.T) {
 			ServerList:    []string{cluster.Members[0].GRPCAddr()},
 			CertFile:      certFile,
 			KeyFile:       keyFile,
-			CAFile:     caFile,
+			TrustedCAFile: caFile,
 		},
 		Codec: codec,
 	}