This commit includes all the changes needed for APIServer. Instead of modifying the existing signatures for the methods which either generate or return stopChannel, we generate a context from the channel and use the generated context to be passed to the controllers which are started in APIServer. This ensures we don't have to touch APIServer dependencies.
Kubernetes-commit: 8b84a793b39fed2a62af0876b2eda461a68008c9
DynamicFileCAContent and DynamicCertKeyPairContent used periodical job
to check whether the file content has changed, leading to 1 minute of
delay in worst case. This patch improves it by leveraging fsnotify
watcher. The content change will be reflected immediately.
Kubernetes-commit: 3cfe3d048ff37c1c6994d131ed8557f3c8bddc8a
Right now, `_, ok := provider.(Notifier); !ok` can mean one of two
things:
1. The provider does not support notification because the provided
content is static.
2. The implementor of the provider hasn't gotten around to implementing
Notifier yet.
These have very different implications. We should not force consumers of
these interfaces to have to figure out the static of Notifier across
sometimes numerous different implementations. Instead, we should force
implementors to implement Notifier, even if it's a noop.
Change-Id: Ie7a26697a9a17790bfaa58d67045663bcc71e3cb
Kubernetes-commit: 9b7d654a08d694d20226609f7075b112fb18639b
Reload SNI certificate cert and key file from disk every minute and notify
the dynamic certificate controller when they change, allowing serving
tls config to be updated.
Kubernetes-commit: d9adf535f35051be1d79d1309c72762939593d7c
Reload certificate cert and key file from disk every minute and notify
the dynamic certificate controller when they change, allowing serving
tls config to be updated.
Kubernetes-commit: 3f5fbfbfac281f40c11de2f57d58cc332affc37b
We create and use a dynamic certificate provider for the SNI serving
certificates. Currently we only use static serving certificate
providers, so the files are not reloaded, but we should be able to move
to a provider that is able to reload later on.
Kubernetes-commit: 84bc6b151d0726db0c737443874577f044e0e9c8
We create and use a dynamic certificate provider for the main apiserver
serving certificates: SNI will be handled separately later. Currently we
only use static serving certificate providers, so the files are not
reloaded, but we should be able to move to a provider that is able to
reload later on.
Kubernetes-commit: 6f89f1027488aeba4af0786988c2fd2ace9a6f1d
Hao Ruan
Paco Xu
HaoJie Liu
Ravi Gudimetla
Antonio Ojea
Quan Tian
sanwishe
Mike Danese
Davanum Srinivas
Monis Khan
Lukasz Szaszkiewicz
David Eads
Jack Kleeman