linkerd
/
linkerd2
mirror of https://github.com/linkerd/linkerd2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upgrade: set identity.issuer.crtExpiry correctly with legacy upgrades (#5161) 

With legacy upgrades, we can parse the cert and store the expiry
correctly instead of storing it as the default value which could be a
problem when we use that field. Currently, we do not use this field and
hence it did not cause any problems.

Install on the latest edges, This field is correctly set and works
as expected. Thus, upgrades also have the right value.

Signed-off-by: Tarun Pothulapati <tarunpothulapati@outlook.com>
This commit is contained in:
Tarun Pothulapati 2020-11-03 00:19:18 +05:30 committed by GitHub
parent 262d5e041c
commit 14b8b8c792
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
pkg/issuercerts/issuercerts.go
View File

@ -44,7 +44,12 @@ func FetchIssuerData(ctx context.Context, api kubernetes.Interface, trustAnchors
return nil, fmt.Errorf(keyMissingError, k8s.IdentityIssuerKeyName, "issuer key", k8s.IdentityIssuerSecretName, true) return nil, fmt.Errorf(keyMissingError, k8s.IdentityIssuerKeyName, "issuer key", k8s.IdentityIssuerSecretName, true)
} }
return &IssuerCertData{trustAnchors, string(crt), string(key), nil}, nil cert, err := tls.DecodePEMCrt(string(crt))
if err != nil {
return nil, fmt.Errorf("could not parse issuer certificate: %w", err)
}
return &IssuerCertData{trustAnchors, string(crt), string(key), &cert.Certificate.NotAfter}, nil
} }
// FetchExternalIssuerData fetches the issuer data from the linkerd-identity-issuer secrets (used for kubernetes.io/tls schemed secrets) // FetchExternalIssuerData fetches the issuer data from the linkerd-identity-issuer secrets (used for kubernetes.io/tls schemed secrets)