From 224d4aa846fcea3406f7f601e8d606b2ef361616 Mon Sep 17 00:00:00 2001 From: "Dr. Stefan Schimanski" Date: Thu, 1 Dec 2016 17:21:49 +0100 Subject: [PATCH] Stratify certificate loading and self-sign cert generation This removes all dependencies on Config during cert generation, only operating on ServerRunOptions. This way we get rid of the repeated call of Config.Complete and cleanly stratify the GenericApiServer bootstrapping. --- apiserver/apiserver.go | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/apiserver/apiserver.go b/apiserver/apiserver.go index cc4e4618..76044259 100644 --- a/apiserver/apiserver.go +++ b/apiserver/apiserver.go @@ -36,6 +36,8 @@ import ( // Install the testgroup API _ "k8s.io/kubernetes/cmd/libs/go2idl/client-gen/test_apis/testgroup/install" + + "github.com/golang/glog" ) const ( @@ -93,20 +95,21 @@ func (serverOptions *ServerRunOptions) Run(stopCh <-chan struct{}) error { if errs := serverOptions.InsecureServing.Validate("insecure-port"); len(errs) > 0 { return utilerrors.NewAggregate(errs) } + if err := serverOptions.SecureServing.MaybeDefaultWithSelfSignedCerts(serverOptions.GenericServerRunOptions.AdvertiseAddress.String()); err != nil { + glog.Fatalf("Error creating self-signed certificates: %v", err) + } - config := genericapiserver.NewConfig(). + config, err := genericapiserver.NewConfig(). ApplyOptions(serverOptions.GenericServerRunOptions). - ApplySecureServingOptions(serverOptions.SecureServing). ApplyInsecureServingOptions(serverOptions.InsecureServing). ApplyAuthenticationOptions(serverOptions.Authentication). - Complete() - if err := config.MaybeGenerateServingCerts(); err != nil { - // this wasn't treated as fatal for this process before - fmt.Printf("Error creating cert: %v", err) + ApplySecureServingOptions(serverOptions.SecureServing) + if err != nil { + return fmt.Errorf("failed to configure https: %s", err) } config.Authorizer = authorizer.NewAlwaysAllowAuthorizer() - s, err := config.New() + s, err := config.Complete().New() if err != nil { return fmt.Errorf("Error in bringing up the server: %v", err) }