github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
k3s/pkg/genericapiserver
History
Kubernetes Submit Queue 860cae0933 Merge pull request #35488 from dixudx/keystone-ca-cert 
Automatic merge from submit-queue

specify custom ca file to verify the keystone server

<!--  Thanks for sending a pull request!  Here are some tips for you:
1. If this is your first time, read our contributor guidelines https://github.com/kubernetes/kubernetes/blob/master/CONTRIBUTING.md and developer guide https://github.com/kubernetes/kubernetes/blob/master/docs/devel/development.md
2. If you want *faster* PR reviews, read how: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/faster_reviews.md
3. Follow the instructions for writing a release note: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/pull-requests.md#release-notes
-->

**What this PR does / why we need it**:

Sometimes the keystone server's certificate is self-signed, mainly used for internal development, testing and etc.

For this kind of ca, we need a way to verify the keystone server.

Otherwise, below error will occur.

> x509: certificate signed by unknown authority

This patch provide a way to pass in a ca file to verify the keystone server when starting `kube-apiserver`.

**Which issue this PR fixes** : fixes #22695, #24984

**Special notes for your reviewer**:

**Release note**:

<!--  Steps to write your release note:
1. Use the release-note-* labels to set the release note state (if you have access) 
2. Enter your extended release note in the below block; leaving it blank means using the PR title as the release note. If no release note is required, just write `NONE`. 
-->

``` release-note
```
 		2016-11-08 13:13:00 -08:00
..
authorizer Cleanup auth logging, allow starting secured kubelet in local-up-cluster.sh 2016-11-03 16:17:11 -04:00
filters autogenerated 2016-10-21 17:32:32 -07:00
mux autogenerated 2016-10-21 17:32:32 -07:00
openapi - Add GroupVersion as tags to OpenAPI spec 2016-10-25 14:27:48 -07:00
options Merge pull request #35488 from dixudx/keystone-ca-cert 2016-11-08 13:13:00 -08:00
routes promote /metrics to genericapiserver 2016-11-01 14:42:01 -04:00
validation autogenerated 2016-10-21 17:32:32 -07:00
BUILD Update bazel 2016-11-07 06:49:50 +01:00
OWNERS Move blunderbuss assignees into tree 2016-03-02 20:46:32 -05:00
config.go Merge pull request #33568 from justinsb/fix_33563 2016-11-08 05:07:13 -08:00
default_storage_factory_builder.go make --runtime-config=api/all=true|false work 2016-09-13 12:03:25 -07:00
default_storage_factory_builder_test.go make --runtime-config=api/all=true|false work 2016-09-13 12:03:25 -07:00
discovery.go abstract out discovery IP determination 2016-11-03 11:45:51 -04:00
doc.go Use Go canonical import paths 2016-07-16 13:48:21 -04:00
genericapiserver.go remove non-generic options from genericapiserver.Config 2016-11-03 11:48:33 -04:00
genericapiserver_test.go remove non-generic options from genericapiserver.Config 2016-11-03 11:48:33 -04:00
healthz.go add healthz to genericapiserver 2016-11-01 14:39:33 -04:00
hooks.go add healthz to genericapiserver 2016-11-01 14:39:33 -04:00
resource_config.go make addition group registration easier 2016-07-25 08:23:24 -04:00
resource_config_test.go make addition group registration easier 2016-07-25 08:23:24 -04:00
resource_encoding_config.go Remove "All rights reserved" from all the headers. 2016-06-29 17:47:36 -07:00
reststorage_interfaces.go remove non-reuseable bits of MasterServer 2016-10-31 08:50:05 -04:00
serve.go Restore old apiserver cert CN 2016-11-07 06:49:49 +01:00
serve_test.go Add --tls-sni-cert-key to the apiserver for SNI support 2016-11-01 09:50:56 +01:00
server_run_options_test.go Remove DeprecatedStorageVersion 2016-09-06 16:52:12 -07:00
services.go remove non-generic options from genericapiserver.Config 2016-11-03 11:48:33 -04:00
storage_factory.go Storage factory should not hardcode special resources 2016-11-03 10:52:33 -04:00
storage_factory_test.go move new etcd storage into cacher 2016-08-12 18:40:20 -07:00
tunneler.go convert bootstrap controller to posthook to tighten master.go 2016-10-10 08:15:45 -04:00
tunneler_test.go convert bootstrap controller to posthook to tighten master.go 2016-10-10 08:15:45 -04:00