github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Graceful upgrade token to server CA

pull/359/head
Erik Wilson 2019-06-21 10:45:31 -07:00
parent 1e035820bf
commit 93f6690f26
1 changed files with 18 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
pkg/daemons/control/server.go
View File

@ -524,8 +524,25 @@ func genClientCerts(config *config.Control, runtime *config.ControlRuntime) erro
return nil
}
func createServerSigningCertKey(config *config.Control, runtime *config.ControlRuntime) (bool, error) {
TokenCA := path.Join(config.DataDir, "tls", "token-ca.crt")
TokenCAKey := path.Join(config.DataDir, "tls", "token-ca.key")
if exists(TokenCA, TokenCAKey) && !exists(runtime.ServerCA) && !exists(runtime.ServerCAKey) {
logrus.Infof("Upgrading token-ca files to server-ca")
if err := os.Link(TokenCA, runtime.ServerCA); err != nil {
return false, err
}
if err := os.Link(TokenCAKey, runtime.ServerCAKey); err != nil {
return false, err
}
return true, nil
}
return createSigningCertKey("k3s-server", runtime.ServerCA, runtime.ServerCAKey)
}
func genServerCerts(config *config.Control, runtime *config.ControlRuntime) error {
regen, err := createSigningCertKey("k3s-server", runtime.ServerCA, runtime.ServerCAKey)
regen, err := createServerSigningCertKey(config, runtime)
if err != nil {
return err
}