github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
k3s/pkg/apiserver
History
Kubernetes Submit Queue 860cae0933 Merge pull request #35488 from dixudx/keystone-ca-cert 
Automatic merge from submit-queue

specify custom ca file to verify the keystone server

<!--  Thanks for sending a pull request!  Here are some tips for you:
1. If this is your first time, read our contributor guidelines https://github.com/kubernetes/kubernetes/blob/master/CONTRIBUTING.md and developer guide https://github.com/kubernetes/kubernetes/blob/master/docs/devel/development.md
2. If you want *faster* PR reviews, read how: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/faster_reviews.md
3. Follow the instructions for writing a release note: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/pull-requests.md#release-notes
-->

**What this PR does / why we need it**:

Sometimes the keystone server's certificate is self-signed, mainly used for internal development, testing and etc.

For this kind of ca, we need a way to verify the keystone server.

Otherwise, below error will occur.

> x509: certificate signed by unknown authority

This patch provide a way to pass in a ca file to verify the keystone server when starting `kube-apiserver`.

**Which issue this PR fixes** : fixes #22695, #24984

**Special notes for your reviewer**:

**Release note**:

<!--  Steps to write your release note:
1. Use the release-note-* labels to set the release note state (if you have access) 
2. Enter your extended release note in the below block; leaving it blank means using the PR title as the release note. If no release note is required, just write `NONE`. 
-->

``` release-note
```
 		2016-11-08 13:13:00 -08:00
..
authenticator specify custom ca file to verify the keystone server 2016-11-04 15:11:41 +08:00
filters autogenerated 2016-10-21 17:32:32 -07:00
metrics autogenerated 2016-10-21 17:32:32 -07:00
openapi - Add GroupVersion as tags to OpenAPI spec 2016-10-25 14:27:48 -07:00
request Recognize watch operations via ?watch param 2016-11-02 12:00:42 -04:00
testing autogenerated 2016-10-21 17:32:32 -07:00
BUILD Merge pull request #35840 from caesarxuchao/hide-new-versions 2016-11-02 04:49:56 -07:00
OWNERS Move blunderbuss assignees into tree 2016-03-02 20:46:32 -05:00
api_installer.go Merge pull request #36207 from smarterclayton/optimize_self_link 2016-11-06 06:42:49 -08:00
api_installer_test.go SetSelfLink is inefficient 2016-11-03 23:37:36 -04:00
apiserver.go Merge pull request #35840 from caesarxuchao/hide-new-versions 2016-11-02 04:49:56 -07:00
apiserver_test.go Made changes to DELETE API to let v1.DeleteOptions be passed in as a QueryParameter 2016-11-03 15:53:04 -07:00
doc.go Use Go canonical import paths 2016-07-16 13:48:21 -04:00
errors.go Store RequestInfo in Context 2016-09-28 18:51:34 +02:00
errors_test.go Remove "All rights reserved" from all the headers. 2016-06-29 17:47:36 -07:00
negotiate.go Replace negotiation with a new method that can extract info 2016-10-28 11:30:11 -04:00
negotiate_test.go Replace negotiation with a new method that can extract info 2016-10-28 11:30:11 -04:00
proxy.go Decouple NewRequestInfoResolver from GenericApiServer instance 2016-09-28 18:51:34 +02:00
proxy_test.go Store RequestInfo in Context 2016-09-28 18:51:34 +02:00
resthandler.go Merge pull request #36207 from smarterclayton/optimize_self_link 2016-11-06 06:42:49 -08:00
resthandler_test.go SetSelfLink is inefficient 2016-11-03 23:37:36 -04:00
serviceerror.go Separate apiserver handler filters 2016-09-27 09:57:59 +02:00
validator.go Add +optional tag to all fields with omitempty json tag 2016-10-17 08:52:13 -07:00
validator_test.go Run goimports 2016-08-02 15:12:39 +03:00
watch.go Replace negotiation with a new method that can extract info 2016-10-28 11:30:11 -04:00
watch_test.go Replace negotiation with a new method that can extract info 2016-10-28 11:30:11 -04:00