From 88c58e807417dda26f12b2e61446e6da16be4d4b Mon Sep 17 00:00:00 2001 From: David Eads Date: Wed, 6 May 2020 16:02:31 -0400 Subject: [PATCH] allow setting different certificates for kube-controller-managed CSR signers Kubernetes-commit: e88fecf26bf5a0738cf9ba197a0521c8fa81a39b --- config/v1alpha1/types.go | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/config/v1alpha1/types.go b/config/v1alpha1/types.go index 8ee6d64..a92805d 100644 --- a/config/v1alpha1/types.go +++ b/config/v1alpha1/types.go @@ -246,11 +246,31 @@ type CSRSigningControllerConfiguration struct { // clusterSigningCertFile is the filename containing a PEM-encoded // RSA or ECDSA private key used to issue cluster-scoped certificates ClusterSigningKeyFile string + + // kubeletServingSignerConfiguration holds the certificate and key used to issue certificates for the kubernetes.io/kubelet-serving signer + KubeletServingSignerConfiguration CSRSigningConfiguration + // kubeletClientSignerConfiguration holds the certificate and key used to issue certificates for the kubernetes.io/kube-apiserver-client-kubelet + KubeletClientSignerConfiguration CSRSigningConfiguration + // kubeAPIServerClientSignerConfiguration holds the certificate and key used to issue certificates for the kubernetes.io/kube-apiserver-client + KubeAPIServerClientSignerConfiguration CSRSigningConfiguration + // legacyUnknownSignerConfiguration holds the certificate and key used to issue certificates for the kubernetes.io/legacy-unknown + LegacyUnknownSignerConfiguration CSRSigningConfiguration + // clusterSigningDuration is the length of duration signed certificates // will be given. ClusterSigningDuration metav1.Duration } +// CSRSigningConfiguration holds information about a particular CSR signer +type CSRSigningConfiguration struct { + // certFile is the filename containing a PEM-encoded + // X509 CA certificate used to issue certificates + CertFile string + // keyFile is the filename containing a PEM-encoded + // RSA or ECDSA private key used to issue certificates + KeyFile string +} + // DaemonSetControllerConfiguration contains elements describing DaemonSetController. type DaemonSetControllerConfiguration struct { // concurrentDaemonSetSyncs is the number of daemonset objects that are