Merge pull request kubernetes#44826 from dims/enable-default-signer-i…

…n-local-up-cluster Automatic merge from submit-queue (batch tested with PRs 41287, 41636, 44881, 44826) Enable default signer implementation **What this PR does / why we need it**: The Kubernetes controller manager provides a default implementation of a signer. We should enable it by passing the --cluster-signing-cert-file and --cluster-signing-key-file parameters to the controller manager with paths to your Certificate Authority’s keypair. Hoping this will help pass the "Certificates API [It] should support building a client with a CSR" e2e test when run against k8s started using local-up-cluster.sh **Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes # **Special notes for your reviewer**: **Release note**: ```release-note NONE ```
sytianhe · Apr 26, 2017 · 21f30db · 21f30db
2 parents 2d808b5 + eb9ee75
commit 21f30db
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/hack/local-up-cluster.sh b/hack/local-up-cluster.sh
@@ -212,6 +212,7 @@ ENABLE_CONTROLLER_ATTACH_DETACH=${ENABLE_CONTROLLER_ATTACH_DETACH:-"true"} # cur
 # which should be able to be used as the CA to verify itself
 CERT_DIR=${CERT_DIR:-"/var/run/kubernetes"}
 ROOT_CA_FILE=${CERT_DIR}/server-ca.crt
+ROOT_CA_KEY=${CERT_DIR}/server-ca.key
 
 # name of the cgroup driver, i.e. cgroupfs or systemd
 if [[ ${CONTAINER_RUNTIME} == "docker" ]]; then
@@ -544,6 +545,8 @@ function start_controller_manager {
       --v=${LOG_LEVEL} \
       --service-account-private-key-file="${SERVICE_ACCOUNT_KEY}" \
       --root-ca-file="${ROOT_CA_FILE}" \
+      --cluster-signing-cert-file="${ROOT_CA_FILE}" \
+      --cluster-signing-key-file="${ROOT_CA_KEY}" \
       --enable-hostpath-provisioner="${ENABLE_HOSTPATH_PROVISIONER}" \
       ${node_cidr_args} \
       --pvclaimbinder-sync-period="${CLAIM_BINDER_SYNC_PERIOD}" \