mirrors/ceph-csi
1
0
Fork 0
mirror of https://github.com/ceph/ceph-csi.git synced 2025-06-14 18:53:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

rebase: update k8s.io packages to v0.29.0

Browse Source 
Signed-off-by: Niels de Vos <ndevos@ibm.com>
This commit is contained in:
Niels de Vos
2023-12-20 13:23:59 +01:00
committed by mergify[bot]
parent 328a264202
commit f080b9e0c9
367 changed files with 21340 additions and 11878 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
vendor/k8s.io/apiserver/pkg/server/options/serving.go generated vendored
View File

@ -260,7 +260,39 @@ func (s *SecureServingOptions) ApplyTo(config **server.SecureServingInfo) error
c := *config
serverCertFile, serverKeyFile := s.ServerCert.CertKey.CertFile, s.ServerCert.CertKey.KeyFile
// load main cert
// load main cert *original description until 2023-08-18*
/*
kubernetes mutual (2-way) x509 between client and apiserver:
>1. apiserver sending its apiserver certificate along with its publickey to client
2. client verifies the apiserver certificate sent against its cluster certificate authority data
3. client sending its client certificate along with its public key to the apiserver
4. apiserver verifies the client certificate sent against its cluster certificate authority data
description:
here, with this block,
apiserver certificate and pub key data (along with priv key)get loaded into server.SecureServingInfo
for client to later in the step 2 verify the apiserver certificate during the handshake
when making a request
normal args related to this stage:
--tls-cert-file string File containing the default x509 Certificate for HTTPS.
(CA cert, if any, concatenated after server cert). If HTTPS serving is enabled, and
--tls-cert-file and --tls-private-key-file are not provided, a self-signed certificate
and key are generated for the public address and saved to the directory specified by
--cert-dir
--tls-private-key-file string File containing the default x509 private key matching --tls-cert-file.
(retrievable from "kube-apiserver --help" command)
(suggested by @deads2k)
see also:
- for the step 2, see: staging/src/k8s.io/client-go/transport/transport.go
- for the step 3, see: staging/src/k8s.io/client-go/transport/transport.go
- for the step 4, see: staging/src/k8s.io/apiserver/pkg/authentication/request/x509/x509.go
*/
if len(serverCertFile) != 0 || len(serverKeyFile) != 0 {
var err error
c.Cert, err = dynamiccertificates.NewDynamicServingContentFromFiles("serving-cert", serverCertFile, serverKeyFile)