From 3b1c1f1639cb2439ed6dbca16a1f9ab56c3f8be8 Mon Sep 17 00:00:00 2001 From: hatappi Date: Mon, 14 Oct 2019 10:52:48 +0900 Subject: [PATCH] fix(apiserver): allow multiple service-account-key-file --- nodeup/pkg/model/kube_apiserver_test.go | 6 ++++++ pkg/apis/kops/componentconfig.go | 2 +- pkg/apis/kops/v1alpha1/componentconfig.go | 2 +- pkg/apis/kops/v1alpha2/componentconfig.go | 2 +- 4 files changed, 9 insertions(+), 3 deletions(-) diff --git a/nodeup/pkg/model/kube_apiserver_test.go b/nodeup/pkg/model/kube_apiserver_test.go index c14b7898ac..d7b38d129a 100644 --- a/nodeup/pkg/model/kube_apiserver_test.go +++ b/nodeup/pkg/model/kube_apiserver_test.go @@ -98,6 +98,12 @@ func Test_KubeAPIServer_BuildFlags(t *testing.T) { }, "--insecure-port=0 --secure-port=0 --target-ram-mb=320", }, + { + kops.KubeAPIServerConfig{ + ServiceAccountKeyFile: []string{"/srv/kubernetes/server.key", "/srv/kubernetes/service-account.key"}, + }, + "--insecure-port=0 --secure-port=0 --service-account-key-file=/srv/kubernetes/server.key --service-account-key-file=/srv/kubernetes/service-account.key", + }, } for _, g := range grid { diff --git a/pkg/apis/kops/componentconfig.go b/pkg/apis/kops/componentconfig.go index df54a79f8d..b1037cb08d 100644 --- a/pkg/apis/kops/componentconfig.go +++ b/pkg/apis/kops/componentconfig.go @@ -432,7 +432,7 @@ type KubeAPIServerConfig struct { // File containing PEM-encoded x509 RSA or ECDSA private or public keys, used to verify ServiceAccount tokens. // The specified file can contain multiple keys, and the flag can be specified multiple times with different files. // If unspecified, --tls-private-key-file is used. - ServiceAccountKeyFile []string `json:"serviceAccountKeyFile,omitempty" flag:"service-account-key-file"` + ServiceAccountKeyFile []string `json:"serviceAccountKeyFile,omitempty" flag:"service-account-key-file,repeat"` // Path to the file that contains the current private key of the service account token issuer. // The issuer will sign issued ID tokens with this private key. (Requires the 'TokenRequest' feature gate.) diff --git a/pkg/apis/kops/v1alpha1/componentconfig.go b/pkg/apis/kops/v1alpha1/componentconfig.go index 19b9da1a9b..ece2be21e8 100644 --- a/pkg/apis/kops/v1alpha1/componentconfig.go +++ b/pkg/apis/kops/v1alpha1/componentconfig.go @@ -432,7 +432,7 @@ type KubeAPIServerConfig struct { // File containing PEM-encoded x509 RSA or ECDSA private or public keys, used to verify ServiceAccount tokens. // The specified file can contain multiple keys, and the flag can be specified multiple times with different files. // If unspecified, --tls-private-key-file is used. - ServiceAccountKeyFile []string `json:"serviceAccountKeyFile,omitempty" flag:"service-account-key-file"` + ServiceAccountKeyFile []string `json:"serviceAccountKeyFile,omitempty" flag:"service-account-key-file,repeat"` // Path to the file that contains the current private key of the service account token issuer. // The issuer will sign issued ID tokens with this private key. (Requires the 'TokenRequest' feature gate.) diff --git a/pkg/apis/kops/v1alpha2/componentconfig.go b/pkg/apis/kops/v1alpha2/componentconfig.go index 6b264f7bfc..eaff980d4f 100644 --- a/pkg/apis/kops/v1alpha2/componentconfig.go +++ b/pkg/apis/kops/v1alpha2/componentconfig.go @@ -432,7 +432,7 @@ type KubeAPIServerConfig struct { // File containing PEM-encoded x509 RSA or ECDSA private or public keys, used to verify ServiceAccount tokens. // The specified file can contain multiple keys, and the flag can be specified multiple times with different files. // If unspecified, --tls-private-key-file is used. - ServiceAccountKeyFile []string `json:"serviceAccountKeyFile,omitempty" flag:"service-account-key-file"` + ServiceAccountKeyFile []string `json:"serviceAccountKeyFile,omitempty" flag:"service-account-key-file,repeat"` // Path to the file that contains the current private key of the service account token issuer. // The issuer will sign issued ID tokens with this private key. (Requires the 'TokenRequest' feature gate.)