cmd/machine-config-operator/bootstrap.go

-Original file line number
+Diff line change
@@ Expand Up / @@ -26,6 +26,7 @@ var ( @@
     	bootstrapOpts struct {
     		etcdCAFile          string
     		rootCAFile          string
+    		kubeCAFile          string
     		pullSecretFile      string
     		configFile          string
     		oscontentImage      string
@@ Expand All / @@ -45,6 +46,7 @@ func init() { @@
     	rootCmd.AddCommand(bootstrapCmd)
     	bootstrapCmd.PersistentFlags().StringVar(&bootstrapOpts.etcdCAFile, "etcd-ca", "/etc/ssl/etcd/ca.crt", "path to etcd CA certificate")
     	bootstrapCmd.PersistentFlags().StringVar(&bootstrapOpts.rootCAFile, "root-ca", "/etc/ssl/kubernetes/ca.crt", "path to root CA certificate")
+    	bootstrapCmd.PersistentFlags().StringVar(&bootstrapOpts.kubeCAFile, "kube-ca", "/assets/tls/kube-ca.crt", "path to kube CA certificate")
     	bootstrapCmd.PersistentFlags().StringVar(&bootstrapOpts.pullSecretFile, "pull-secret", "/assets/manifests/pull.json", "path to secret manifest that contains pull secret.")
     	bootstrapCmd.PersistentFlags().StringVar(&bootstrapOpts.destinationDir, "dest-dir", "", "The destination directory where MCO writes the manifests.")
     	bootstrapCmd.MarkFlagRequired("dest-dir")
@@ Expand Down Expand Up / @@ -85,7 +87,7 @@ func runBootstrapCmd(cmd *cobra.Command, args []string) { @@
     	if err := operator.RenderBootstrap(
     		bootstrapOpts.configFile,
     		bootstrapOpts.infraConfigFile, bootstrapOpts.networkConfigFile,
-    		bootstrapOpts.etcdCAFile, bootstrapOpts.rootCAFile, bootstrapOpts.pullSecretFile,
+    		bootstrapOpts.etcdCAFile, bootstrapOpts.rootCAFile, bootstrapOpts.kubeCAFile, bootstrapOpts.pullSecretFile,
     		imgs,
     		bootstrapOpts.destinationDir,
     	); err != nil {
@@ Expand Down @@

pkg/operator/bootstrap.go

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -23,7 +23,7 @@ import (
  
    func RenderBootstrap(

    	clusterConfigConfigMapFile string,

    	infraFile, networkFile string,

    	etcdCAFile, rootCAFile string, pullSecretFile string,

    	etcdCAFile, rootCAFile string, kubeCAFile string, pullSecretFile string,

    	imgs Images,

    	destinationDir string,

    ) error {

    @@ -33,6 +33,9 @@ func RenderBootstrap(
  
    		infraFile, networkFile,

    		rootCAFile, etcdCAFile, pullSecretFile,

    	}

    	if kubeCAFile != "" {

    		files = append(files, kubeCAFile)

    	}

    	for _, file := range files {

    		data, err := ioutil.ReadFile(file)

    		if err != nil {

    @@ -67,8 +70,16 @@ func RenderBootstrap(
  
    	if err != nil {

    		return err

    	}

    	bundle := make([]byte, 0)

    	bundle = append(bundle, filesData[rootCAFile]...)

    	// Append the kube-ca if given.

    	if _, ok := filesData[kubeCAFile]; ok {

    		bundle = append(bundle, filesData[kubeCAFile]...)

    	}

    	spec.EtcdCAData = filesData[etcdCAFile]

    	spec.RootCAData = filesData[rootCAFile]

    	spec.RootCAData = bundle

    	spec.PullSecret = nil

    	spec.SSHKey = ic.SSHKey

    	spec.OSImageURL = imgs.MachineOSContent

pkg/operator/operator.go

-Original file line number
+Diff line change
@@ Expand Up / @@ -288,6 +288,13 @@ func (optr *Operator) sync(key string) error { @@
     	if err != nil {
     		return err
     	}
+    	kubeCA, err := optr.getCAsFromConfigMap("openshift-config", "initial-client-ca", "ca-bundle.crt")
+    	if err != nil {
+    		return err
+    	}
+    	bundle := make([]byte, 0)
+    	bundle = append(bundle, rootCA...)
+    	bundle = append(bundle, kubeCA...)
     	// sync up os image url
     	// TODO: this should probably be part of the imgs
@@ Expand All / @@ -311,7 +318,7 @@ func (optr *Operator) sync(key string) error { @@
     		return err
     	}
     	spec.EtcdCAData = etcdCA
-    	spec.RootCAData = rootCA
+    	spec.RootCAData = bundle
     	spec.PullSecret = &v1.ObjectReference{Namespace: "kube-system", Name: "coreos-pull-secret"}
     	spec.SSHKey = ic.SSHKey
     	spec.OSImageURL = imgs.MachineOSContent
@@ Expand Down @@

append kube-ca to root-ca for mco config #420

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged

openshift-merge-robot merged 1 commit into openshift:master from mrogers950:kube_ca

Feb 15, 2019

-Original file line number
+Diff line change
@@ Expand Up / @@ -26,6 +26,7 @@ var ( @@
     	bootstrapOpts struct {
     		etcdCAFile          string
     		rootCAFile          string
+    		kubeCAFile          string
     		pullSecretFile      string
     		configFile          string
     		oscontentImage      string
@@ Expand All / @@ -45,6 +46,7 @@ func init() { @@
     	rootCmd.AddCommand(bootstrapCmd)
     	bootstrapCmd.PersistentFlags().StringVar(&bootstrapOpts.etcdCAFile, "etcd-ca", "/etc/ssl/etcd/ca.crt", "path to etcd CA certificate")
     	bootstrapCmd.PersistentFlags().StringVar(&bootstrapOpts.rootCAFile, "root-ca", "/etc/ssl/kubernetes/ca.crt", "path to root CA certificate")
+    	bootstrapCmd.PersistentFlags().StringVar(&bootstrapOpts.kubeCAFile, "kube-ca", "/assets/tls/kube-ca.crt", "path to kube CA certificate")
     	bootstrapCmd.PersistentFlags().StringVar(&bootstrapOpts.pullSecretFile, "pull-secret", "/assets/manifests/pull.json", "path to secret manifest that contains pull secret.")
     	bootstrapCmd.PersistentFlags().StringVar(&bootstrapOpts.destinationDir, "dest-dir", "", "The destination directory where MCO writes the manifests.")
     	bootstrapCmd.MarkFlagRequired("dest-dir")
@@ Expand Down Expand Up / @@ -85,7 +87,7 @@ func runBootstrapCmd(cmd *cobra.Command, args []string) { @@
     	if err := operator.RenderBootstrap(
     		bootstrapOpts.configFile,
     		bootstrapOpts.infraConfigFile, bootstrapOpts.networkConfigFile,
-    		bootstrapOpts.etcdCAFile, bootstrapOpts.rootCAFile, bootstrapOpts.pullSecretFile,
+    		bootstrapOpts.etcdCAFile, bootstrapOpts.rootCAFile, bootstrapOpts.kubeCAFile, bootstrapOpts.pullSecretFile,
     		imgs,
     		bootstrapOpts.destinationDir,
     	); err != nil {
@@ Expand Down @@

-Original file line number
+Diff line change
@@ Expand Up / @@ -288,6 +288,13 @@ func (optr *Operator) sync(key string) error { @@
     	if err != nil {
     		return err
     	}
+    	kubeCA, err := optr.getCAsFromConfigMap("openshift-config", "initial-client-ca", "ca-bundle.crt")
+    	if err != nil {
+    		return err
+    	}
+    	bundle := make([]byte, 0)
+    	bundle = append(bundle, rootCA...)
+    	bundle = append(bundle, kubeCA...)
     	// sync up os image url
     	// TODO: this should probably be part of the imgs
@@ Expand All / @@ -311,7 +318,7 @@ func (optr *Operator) sync(key string) error { @@
     		return err
     	}
     	spec.EtcdCAData = etcdCA
-    	spec.RootCAData = rootCA
+    	spec.RootCAData = bundle
     	spec.PullSecret = &v1.ObjectReference{Namespace: "kube-system", Name: "coreos-pull-secret"}
     	spec.SSHKey = ic.SSHKey
     	spec.OSImageURL = imgs.MachineOSContent
@@ Expand Down @@

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

append kube-ca to root-ca for mco config #420

Uh oh!

Diff view

Diff view

There are no files selected for viewing