kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Include multiple certs in aws-iam-authenticator trust bundle

This commit is contained in:
John Gardiner Myers 2021-06-20 17:15:50 -07:00
parent e64c9c2c45
commit fc94505a76
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
nodeup/pkg/model/kube_apiserver.go
View File

@ -201,7 +201,7 @@ func (b *KubeAPIServerBuilder) writeAuthenticationConfig(c *fi.ModelBuilderConte
b.Cluster.Spec.KubeAPIServer.AuthenticationTokenWebhookConfigFile = fi.String(PathAuthnConfig)
{
caCertificate, err := b.NodeupModelContext.KeyStore.FindCert(fi.CertificateIDCA)
caCertificate, _, err := b.NodeupModelContext.KeyStore.FindPrimaryKeypair(fi.CertificateIDCA)
if err != nil {
return fmt.Errorf("error fetching AWS IAM Authentication CA certificate from keystore: %v", err)
}
@ -217,6 +217,7 @@ func (b *KubeAPIServerBuilder) writeAuthenticationConfig(c *fi.ModelBuilderConte
User: "kube-apiserver",
}
// Since we're talking to localhost, we don't need the entire certificate bundle.
cluster.CertificateAuthorityData, err = caCertificate.AsBytes()
if err != nil {
return fmt.Errorf("error encoding AWS IAM Authentication CA certificate: %v", err)