Allow the CertificateController to use any Signer implementation.

This will allow developers to create CertificateControllers with arbitrary Signers, instead of forcing the use of CFSSLSigner.
jbhou · Feb 10, 2017 · 7682aa5 · 7682aa5
1 parent b88b31c
commit 7682aa5
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 11 deletions.
diff --git a/cmd/kube-controller-manager/app/certificates.go b/cmd/kube-controller-manager/app/certificates.go
@@ -32,11 +32,17 @@ func startCSRController(ctx ControllerContext) (bool, error) {
 		return false, nil
 	}
 	c := ctx.ClientBuilder.ClientOrDie("certificate-controller")
+
+	signer, err := certcontroller.NewCFSSLSigner(ctx.Options.ClusterSigningCertFile, ctx.Options.ClusterSigningKeyFile)
+	if err != nil {
+		glog.Errorf("Failed to start certificate controller: %v", err)
+		return false, nil
+	}
+
 	certController, err := certcontroller.NewCertificateController(
 		c,
 		ctx.NewInformerFactory.Certificates().V1beta1().CertificateSigningRequests(),
-		ctx.Options.ClusterSigningCertFile,
-		ctx.Options.ClusterSigningKeyFile,
+		signer,
 		certcontroller.NewGroupApprover(ctx.Options.ApproveAllKubeletCSRsForGroup),
 	)
 	if err != nil {

diff --git a/pkg/controller/certificates/certificate_controller.go b/pkg/controller/certificates/certificate_controller.go
@@ -63,21 +63,16 @@ type CertificateController struct {
 	queue workqueue.RateLimitingInterface
 }
 
-func NewCertificateController(kubeClient clientset.Interface, csrInformer certificatesinformers.CertificateSigningRequestInformer, caCertFile, caKeyFile string, approver AutoApprover) (*CertificateController, error) {
+func NewCertificateController(kubeClient clientset.Interface, csrInformer certificatesinformers.CertificateSigningRequestInformer, signer Signer, approver AutoApprover) (*CertificateController, error) {
 	// Send events to the apiserver
 	eventBroadcaster := record.NewBroadcaster()
 	eventBroadcaster.StartLogging(glog.Infof)
 	eventBroadcaster.StartRecordingToSink(&v1core.EventSinkImpl{Interface: v1core.New(kubeClient.Core().RESTClient()).Events("")})
 
-	s, err := NewCFSSLSigner(caCertFile, caKeyFile)
-	if err != nil {
-		return nil, err
-	}
-
 	cc := &CertificateController{
 		kubeClient: kubeClient,
 		queue:      workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "certificate"),
-		signer:     s,
+		signer:     signer,
 		approver:   approver,
 	}
 

diff --git a/pkg/controller/certificates/certificate_controller_test.go b/pkg/controller/certificates/certificate_controller_test.go
@@ -58,12 +58,16 @@ func newController(csrs ...runtime.Object) (*testController, error) {
 		return nil, err
 	}
 
+	signer, err := NewCFSSLSigner(certFile, keyFile)
+	if err != nil {
+		return nil, err
+	}
+
 	approver := &fakeAutoApprover{make(chan *certificates.CertificateSigningRequest, 1)}
 	controller, err := NewCertificateController(
 		client,
 		informerFactory.Certificates().V1beta1().CertificateSigningRequests(),
-		certFile,
-		keyFile,
+		signer,
 		approver,
 	)
 	if err != nil {