Home Explore Help
Register Sign In
shixiong
/
okd
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Merge pull request #7904 from vrutkovs/verify-kubelet-proxy-certs

Cert verification: add more certs to verify
OpenShift Merge Robot 7 years ago
parent
90ad524b31 bfae5cf487
commit
e54c3457b7
1 changed files with 5 additions and 0 deletions
Split View Show Diff Stats
  1. 5 0
      roles/lib_utils/library/openshift_cert_expiry.py

+ 5 - 0
roles/lib_utils/library/openshift_cert_expiry.py
View File 

@@ -506,6 +506,11 @@ an OpenShift Container Platform cluster
 
             cfg_path = os.path.dirname(fp.name)
 
             cert_meta['certFile'] = os.path.join(cfg_path, cfg['servingInfo']['certFile'])
 
             cert_meta['clientCA'] = os.path.join(cfg_path, cfg['servingInfo']['clientCA'])
 
+            cert_meta['serviceSigner'] = os.path.join(cfg_path, cfg['controllerConfig']['serviceServingCert']['signer']['certFile'])
 
+            cert_meta['etcdClientCA'] = os.path.join(cfg_path, cfg['etcdClientInfo']['ca'])
 
+            cert_meta['etcdClientCert'] = os.path.join(cfg_path, cfg['etcdClientInfo']['certFile'])
 
+            cert_meta['kubeletCert'] = os.path.join(cfg_path, cfg['kubeletClientInfo']['certFile'])
 
+            cert_meta['proxyClient'] = os.path.join(cfg_path, cfg['kubernetesMasterConfig']['proxyClientInfo']['certFile'])
 
 
         ######################################################################
 
         # Load the certificate and the CA, parse their expiration dates into