alt-orchestra/talos
1
0
Fork 0
Code Issues Pull Requests Actions 27 Packages Projects Releases Wiki Activity

fix: distribute PKI from initial master to joining masters (#426)

Browse Source 
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This commit is contained in:
Andrew Rynhard 2019-02-26 23:54:04 -08:00 committed by GitHub
parent b59f632ef4
commit 7528d892c4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
internal/app/init/pkg/system/services/kubeadm.go
View File

@ -43,7 +43,7 @@ func (k *Kubeadm) ID(data *userdata.UserData) string {
// PreFunc implements the Service interface.
func (k *Kubeadm) PreFunc(data *userdata.UserData) (err error) {
if data.IsMaster() {
if data.IsBootstrap() {
if err = writeKubeadmPKIFiles(data.Security.Kubernetes.CA); err != nil {
return err
}
@ -58,7 +58,7 @@ func (k *Kubeadm) PreFunc(data *userdata.UserData) (err error) {
// PostFunc implements the Service interface.
func (k *Kubeadm) PostFunc(data *userdata.UserData) error {
if data.IsWorker() {
if !data.IsBootstrap() {
return nil
}

3
internal/pkg/grpc/gen/gen.go
View File

@ -61,6 +61,9 @@ func (g *Generator) Certificate(in *proto.CertificateRequest) (resp *proto.Certi
// Identity creates a CSR and sends it to trustd for signing.
// A signed certificate is returned.
func (g *Generator) Identity(data *userdata.UserData) (err error) {
if data.Security == nil {
data.Security = &userdata.Security{}
}
data.Security.OS = &userdata.OSSecurity{CA: &x509.PEMEncodedCertificateAndKey{}}
var csr *x509.CertificateSigningRequest
if csr, err = data.NewIdentityCSR(); err != nil {