kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix(apiserver): allow multiple service-account-key-file

This commit is contained in:
hatappi 2019-10-14 10:52:48 +09:00
parent 0c66a304c3
commit 3b1c1f1639
4 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
nodeup/pkg/model/kube_apiserver_test.go
View File

@ -98,6 +98,12 @@ func Test_KubeAPIServer_BuildFlags(t *testing.T) {
}, },
"--insecure-port=0 --secure-port=0 --target-ram-mb=320", "--insecure-port=0 --secure-port=0 --target-ram-mb=320",
}, },
{
kops.KubeAPIServerConfig{
ServiceAccountKeyFile: []string{"/srv/kubernetes/server.key", "/srv/kubernetes/service-account.key"},
},
"--insecure-port=0 --secure-port=0 --service-account-key-file=/srv/kubernetes/server.key --service-account-key-file=/srv/kubernetes/service-account.key",
},
} }
for _, g := range grid { for _, g := range grid {

2
pkg/apis/kops/componentconfig.go
View File

@ -432,7 +432,7 @@ type KubeAPIServerConfig struct {
// File containing PEM-encoded x509 RSA or ECDSA private or public keys, used to verify ServiceAccount tokens. // File containing PEM-encoded x509 RSA or ECDSA private or public keys, used to verify ServiceAccount tokens.
// The specified file can contain multiple keys, and the flag can be specified multiple times with different files. // The specified file can contain multiple keys, and the flag can be specified multiple times with different files.
// If unspecified, --tls-private-key-file is used. // If unspecified, --tls-private-key-file is used.
ServiceAccountKeyFile []string `json:"serviceAccountKeyFile,omitempty" flag:"service-account-key-file"` ServiceAccountKeyFile []string `json:"serviceAccountKeyFile,omitempty" flag:"service-account-key-file,repeat"`
// Path to the file that contains the current private key of the service account token issuer. // Path to the file that contains the current private key of the service account token issuer.
// The issuer will sign issued ID tokens with this private key. (Requires the 'TokenRequest' feature gate.) // The issuer will sign issued ID tokens with this private key. (Requires the 'TokenRequest' feature gate.)

2
pkg/apis/kops/v1alpha1/componentconfig.go
View File

@ -432,7 +432,7 @@ type KubeAPIServerConfig struct {
// File containing PEM-encoded x509 RSA or ECDSA private or public keys, used to verify ServiceAccount tokens. // File containing PEM-encoded x509 RSA or ECDSA private or public keys, used to verify ServiceAccount tokens.
// The specified file can contain multiple keys, and the flag can be specified multiple times with different files. // The specified file can contain multiple keys, and the flag can be specified multiple times with different files.
// If unspecified, --tls-private-key-file is used. // If unspecified, --tls-private-key-file is used.
ServiceAccountKeyFile []string `json:"serviceAccountKeyFile,omitempty" flag:"service-account-key-file"` ServiceAccountKeyFile []string `json:"serviceAccountKeyFile,omitempty" flag:"service-account-key-file,repeat"`
// Path to the file that contains the current private key of the service account token issuer. // Path to the file that contains the current private key of the service account token issuer.
// The issuer will sign issued ID tokens with this private key. (Requires the 'TokenRequest' feature gate.) // The issuer will sign issued ID tokens with this private key. (Requires the 'TokenRequest' feature gate.)

2
pkg/apis/kops/v1alpha2/componentconfig.go
View File

@ -432,7 +432,7 @@ type KubeAPIServerConfig struct {
// File containing PEM-encoded x509 RSA or ECDSA private or public keys, used to verify ServiceAccount tokens. // File containing PEM-encoded x509 RSA or ECDSA private or public keys, used to verify ServiceAccount tokens.
// The specified file can contain multiple keys, and the flag can be specified multiple times with different files. // The specified file can contain multiple keys, and the flag can be specified multiple times with different files.
// If unspecified, --tls-private-key-file is used. // If unspecified, --tls-private-key-file is used.
ServiceAccountKeyFile []string `json:"serviceAccountKeyFile,omitempty" flag:"service-account-key-file"` ServiceAccountKeyFile []string `json:"serviceAccountKeyFile,omitempty" flag:"service-account-key-file,repeat"`
// Path to the file that contains the current private key of the service account token issuer. // Path to the file that contains the current private key of the service account token issuer.
// The issuer will sign issued ID tokens with this private key. (Requires the 'TokenRequest' feature gate.) // The issuer will sign issued ID tokens with this private key. (Requires the 'TokenRequest' feature gate.)