Merge pull request openshift#18518 from mrogers950/frontproxy-ca-name

Automatic merge from submit-queue (batch tested with PRs 17866, 18518, 18554, 18534, 17759). fix the front proxy CA name frontproxy-ca.crt was being generated with the same name as the OpenShift signer CA. @openshift/sig-security
gnufied · Feb 12, 2018 · 3522daf · 3522daf
2 parents c5bd51f + 4c3698b
commit 3522daf
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 2 deletions.
diff --git a/pkg/cmd/server/admin/create_mastercerts.go b/pkg/cmd/server/admin/create_mastercerts.go
@@ -183,7 +183,10 @@ func (o CreateMasterCertsOptions) CreateMasterCerts() error {
 	if err != nil {
 		return err
 	}
-	getFrontProxySignerCertOptions, err := o.createNewSigner(FrontProxyCAFilePrefix)
+
+	frontProxyOptions := o
+	frontProxyOptions.SignerName = DefaultFrontProxySignerName()
+	getFrontProxySignerCertOptions, err := frontProxyOptions.createNewSigner(FrontProxyCAFilePrefix)
 	if err != nil {
 		return err
 	}
@@ -197,7 +200,7 @@ func (o CreateMasterCertsOptions) CreateMasterCerts() error {
 		func() error { return o.createProxyClientCerts(getSignerCertOptions) },
 		func() error { return o.createServiceAccountKeys() },
 		func() error { return o.createServiceSigningCA(getSignerCertOptions) },
-		func() error { return o.createAggregatorClientCerts(getFrontProxySignerCertOptions) },
+		func() error { return frontProxyOptions.createAggregatorClientCerts(getFrontProxySignerCertOptions) },
 	)
 	return utilerrors.NewAggregate(errs)
 }

diff --git a/pkg/cmd/server/admin/default_certs.go b/pkg/cmd/server/admin/default_certs.go
@@ -52,6 +52,10 @@ func DefaultKubeletClientCerts(certDir string) []ClientCertInfo {
 	}
 }
 
+func DefaultFrontProxySignerName() string {
+	return fmt.Sprintf("%s@%d", "aggregator-proxy-ca", time.Now().Unix())
+}
+
 func DefaultMasterKubeletClientCertInfo(certDir string) ClientCertInfo {
 	return ClientCertInfo{
 		CertLocation: configapi.CertInfo{