From eb9ee75c28d9e87456f3f331e512a4c2dd877a85 Mon Sep 17 00:00:00 2001
From: Davanum Srinivas <davanum@gmail.com>
Date: Sun, 23 Apr 2017 20:16:04 -0400
Subject: [PATCH] Enable default signer implementation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The Kubernetes controller manager provides a default implementation
of a signer. We should enable it by passing the --cluster-signing-cert-file
and --cluster-signing-key-file parameters to the controller manager
with paths to your Certificate Authority’s keypair. Hoping this will
help pass the "Certificates API [It] should support building a client with a CSR"
e2e test when run against k8s started using local-up-cluster.sh
---
 hack/local-up-cluster.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/hack/local-up-cluster.sh b/hack/local-up-cluster.sh
index 7ad21a1cd55a7..1e37fa0c354d7 100755
--- a/hack/local-up-cluster.sh
+++ b/hack/local-up-cluster.sh
@@ -212,6 +212,7 @@ ENABLE_CONTROLLER_ATTACH_DETACH=${ENABLE_CONTROLLER_ATTACH_DETACH:-"true"} # cur
 # which should be able to be used as the CA to verify itself
 CERT_DIR=${CERT_DIR:-"/var/run/kubernetes"}
 ROOT_CA_FILE=${CERT_DIR}/server-ca.crt
+ROOT_CA_KEY=${CERT_DIR}/server-ca.key
 
 # name of the cgroup driver, i.e. cgroupfs or systemd
 if [[ ${CONTAINER_RUNTIME} == "docker" ]]; then
@@ -544,6 +545,8 @@ function start_controller_manager {
       --v=${LOG_LEVEL} \
       --service-account-private-key-file="${SERVICE_ACCOUNT_KEY}" \
       --root-ca-file="${ROOT_CA_FILE}" \
+      --cluster-signing-cert-file="${ROOT_CA_FILE}" \
+      --cluster-signing-key-file="${ROOT_CA_KEY}" \
       --enable-hostpath-provisioner="${ENABLE_HOSTPATH_PROVISIONER}" \
       ${node_cidr_args} \
       --pvclaimbinder-sync-period="${CLAIM_BINDER_SYNC_PERIOD}" \