Skip to content

Commit 988c0bb

Browse files
smarterclaytonsmarterclayton
committed
Generate a node-bootstrap client cert for ease of setup
1 parent 5cf6a3d commit 988c0bb

File tree

2 files changed

+28
-0
lines changed

2 files changed

+28
-0
lines changed

pkg/cmd/server/admin/create_mastercerts.go

+10
Original file line numberDiff line numberDiff line change
@@ -191,6 +191,7 @@ func (o CreateMasterCertsOptions) CreateMasterCerts() error {
191191
func() error { return o.createAPIClients(&getSignerCertOptions) },
192192
func() error { return o.createEtcdClientCerts(&getSignerCertOptions) },
193193
func() error { return o.createKubeletClientCerts(&getSignerCertOptions) },
194+
func() error { return o.createNodeBootstrapClientCerts(&getSignerCertOptions) },
194195
func() error { return o.createProxyClientCerts(&getSignerCertOptions) },
195196
func() error { return o.createServiceAccountKeys() },
196197
func() error { return o.createServiceSigningCA(&getSignerCertOptions) },
@@ -254,6 +255,15 @@ func (o CreateMasterCertsOptions) createKubeletClientCerts(getSignerCertOptions
254255
return nil
255256
}
256257

258+
func (o CreateMasterCertsOptions) createNodeBootstrapClientCerts(getSignerCertOptions *SignerCertOptions) error {
259+
for _, clientCertInfo := range DefaultNodeBootstrapClientCerts(o.CertDir) {
260+
if err := o.createClientCert(clientCertInfo, getSignerCertOptions); err != nil {
261+
return err
262+
}
263+
}
264+
return nil
265+
}
266+
257267
func (o CreateMasterCertsOptions) createClientCert(clientCertInfo ClientCertInfo, getSignerCertOptions *SignerCertOptions) error {
258268
clientCertOptions := CreateClientCertOptions{
259269
SignerCertOptions: getSignerCertOptions,

pkg/cmd/server/admin/default_certs.go

+18
Original file line numberDiff line numberDiff line change
@@ -81,6 +81,23 @@ func DefaultMasterEtcdClientCertInfo(certDir string) ClientCertInfo {
8181
}
8282
}
8383

84+
func DefaultNodeBootstrapClientCerts(certDir string) []ClientCertInfo {
85+
return []ClientCertInfo{
86+
DefaultNodeBootstrapClientCertInfo(certDir),
87+
}
88+
}
89+
func DefaultNodeBootstrapClientCertInfo(certDir string) ClientCertInfo {
90+
return ClientCertInfo{
91+
CertLocation: configapi.CertInfo{
92+
CertFile: path.Join(certDir, "node-bootstrap.crt"),
93+
KeyFile: path.Join(certDir, "node-bootstrap.key"),
94+
},
95+
UnqualifiedUser: "node-bootstrap",
96+
User: "system:serviceaccount:openshift-infra:node-bootstrap",
97+
Groups: sets.NewString("system:serviceaccounts:openshift-infra"),
98+
}
99+
}
100+
84101
func DefaultProxyClientCerts(certDir string) []ClientCertInfo {
85102
return []ClientCertInfo{
86103
DefaultProxyClientCertInfo(certDir),
@@ -106,6 +123,7 @@ func DefaultAPIClientCerts(certDir string) []ClientCertInfo {
106123
DefaultClusterAdminClientCertInfo(certDir),
107124
DefaultRouterClientCertInfo(certDir),
108125
DefaultRegistryClientCertInfo(certDir),
126+
DefaultNodeBootstrapClientCertInfo(certDir),
109127
}
110128
}
111129

0 commit comments

Comments
 (0)