allow setting different certificates for kube-controller-managed CSR signers

Kubernetes-commit: e88fecf26bf5a0738cf9ba197a0521c8fa81a39b

config/v1alpha1/types.go

@@ -246,11 +246,31 @@ type CSRSigningControllerConfiguration struct {
 	// clusterSigningCertFile is the filename containing a PEM-encoded
 	// RSA or ECDSA private key used to issue cluster-scoped certificates
 	ClusterSigningKeyFile string
+
+	// kubeletServingSignerConfiguration holds the certificate and key used to issue certificates for the kubernetes.io/kubelet-serving signer
+	KubeletServingSignerConfiguration CSRSigningConfiguration
+	// kubeletClientSignerConfiguration holds the certificate and key used to issue certificates for the kubernetes.io/kube-apiserver-client-kubelet
+	KubeletClientSignerConfiguration CSRSigningConfiguration
+	// kubeAPIServerClientSignerConfiguration holds the certificate and key used to issue certificates for the kubernetes.io/kube-apiserver-client
+	KubeAPIServerClientSignerConfiguration CSRSigningConfiguration
+	// legacyUnknownSignerConfiguration holds the certificate and key used to issue certificates for the kubernetes.io/legacy-unknown
+	LegacyUnknownSignerConfiguration CSRSigningConfiguration
+
 	// clusterSigningDuration is the length of duration signed certificates
 	// will be given.
 	ClusterSigningDuration metav1.Duration
 }
 
+// CSRSigningConfiguration holds information about a particular CSR signer
+type CSRSigningConfiguration struct {
+	// certFile is the filename containing a PEM-encoded
+	// X509 CA certificate used to issue certificates
+	CertFile string
+	// keyFile is the filename containing a PEM-encoded
+	// RSA or ECDSA private key used to issue certificates
+	KeyFile string
+}
+
 // DaemonSetControllerConfiguration contains elements describing DaemonSetController.
 type DaemonSetControllerConfiguration struct {
 	// concurrentDaemonSetSyncs is the number of daemonset objects that are