From 29667f317b20034d4bb78145a2f9f1a75c90aefa Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Fri, 29 Mar 2024 20:29:14 +0000 Subject: [PATCH] Add supervisor cert/key to rotate list Signed-off-by: Brad Davidson (cherry picked from commit 60248c42de646a341f3ec0f59e9c1e4dc998458c) --- pkg/cli/cmds/certs.go | 2 +- pkg/util/services/services.go | 11 +++++++++-- pkg/util/services/services_test.go | 8 ++++++++ tests/e2e/validatecluster/validatecluster_test.go | 1 - 4 files changed, 18 insertions(+), 4 deletions(-) diff --git a/pkg/cli/cmds/certs.go b/pkg/cli/cmds/certs.go index 51e133940c..50834e69fc 100644 --- a/pkg/cli/cmds/certs.go +++ b/pkg/cli/cmds/certs.go @@ -23,7 +23,7 @@ var ( DataDirFlag, &cli.StringSliceFlag{ Name: "service,s", - Usage: "List of services to manage certificates for. Options include (admin, api-server, controller-manager, scheduler, " + version.Program + "-controller, " + version.Program + "-server, cloud-controller, etcd, auth-proxy, kubelet, kube-proxy)", + Usage: "List of services to manage certificates for. Options include (admin, api-server, controller-manager, scheduler, supervisor, " + version.Program + "-controller, " + version.Program + "-server, cloud-controller, etcd, auth-proxy, kubelet, kube-proxy)", Value: &ServicesList, }, } diff --git a/pkg/util/services/services.go b/pkg/util/services/services.go index 6704c6a106..bdfc468e3e 100644 --- a/pkg/util/services/services.go +++ b/pkg/util/services/services.go @@ -12,6 +12,7 @@ const ( APIServer = "api-server" Admin = "admin" AuthProxy = "auth-proxy" + CertificateAuthority = "certificate-authority" CloudController = "cloud-controller" ControllerManager = "controller-manager" ETCD = "etcd" @@ -20,7 +21,7 @@ const ( ProgramController = "-controller" ProgramServer = "-server" Scheduler = "scheduler" - CertificateAuthority = "certificate-authority" + Supervisor = "supervisor" ) var Agent = []string{ @@ -30,13 +31,14 @@ var Agent = []string{ } var Server = []string{ - Admin, APIServer, + Admin, AuthProxy, CloudController, ControllerManager, ETCD, Scheduler, + Supervisor, version.Program + ProgramServer, } @@ -96,6 +98,11 @@ func FilesForServices(controlConfig config.Control, services []string) (map[stri filepath.Join(agentDataDir, "client-"+version.Program+"-controller.crt"), filepath.Join(agentDataDir, "client-"+version.Program+"-controller.key"), } + case Supervisor: + fileMap[service] = []string{ + controlConfig.Runtime.ClientSupervisorCert, + controlConfig.Runtime.ClientSupervisorKey, + } case AuthProxy: fileMap[service] = []string{ controlConfig.Runtime.ClientAuthProxyCert, diff --git a/pkg/util/services/services_test.go b/pkg/util/services/services_test.go index 3bc9b91abc..3df66b4035 100644 --- a/pkg/util/services/services_test.go +++ b/pkg/util/services/services_test.go @@ -88,6 +88,10 @@ func Test_UnitFilesForServices(t *testing.T) { "/var/lib/rancher/k3s/server/tls/client-scheduler.crt", "/var/lib/rancher/k3s/server/tls/client-scheduler.key", }, + "supervisor": []string{ + "/var/lib/rancher/k3s/server/tls/client-supervisor.crt", + "/var/lib/rancher/k3s/server/tls/client-supervisor.key", + }, }, }, { @@ -138,6 +142,10 @@ func Test_UnitFilesForServices(t *testing.T) { "/var/lib/rancher/k3s/server/tls/client-scheduler.crt", "/var/lib/rancher/k3s/server/tls/client-scheduler.key", }, + "supervisor": []string{ + "/var/lib/rancher/k3s/server/tls/client-supervisor.crt", + "/var/lib/rancher/k3s/server/tls/client-supervisor.key", + }, }, }, { diff --git a/tests/e2e/validatecluster/validatecluster_test.go b/tests/e2e/validatecluster/validatecluster_test.go index c9817990ce..8853e9f425 100644 --- a/tests/e2e/validatecluster/validatecluster_test.go +++ b/tests/e2e/validatecluster/validatecluster_test.go @@ -345,7 +345,6 @@ var _ = Describe("Verify Create", Ordered, func() { // Everything else should be changed. var expectResult = []string{ "client-ca.crt", "client-ca.key", "client-ca.nochain.crt", - "client-supervisor.crt", "client-supervisor.key", "peer-ca.crt", "peer-ca.key", "server-ca.crt", "server-ca.key", "request-header-ca.crt", "request-header-ca.key",