Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow inverted key/cert order in combined PEM file #69536

Merged
merged 1 commit into from Oct 8, 2018
Merged

Allow inverted key/cert order in combined PEM file #69536

merged 1 commit into from Oct 8, 2018

Conversation

awly
Copy link
Contributor

@awly awly commented Oct 8, 2018
edited

What this PR does / why we need it:
certificate.FileStore only handles (cert, key) combined PEM files.
This PR allows (key, cert), which is what openssl req -out foo.pem -keyout foo.pem generates.

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #

Special notes for your reviewer:

Release note:

Kubelet can now parse PEM file containing both TLS certificate and key in arbitrary order. Previously key was always required to be first.

@k8s-ci-robot k8s-ci-robot added release-note-none Denotes a PR that doesn't merit a release note. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. needs-kind Indicates a PR lacks a `kind/foo` label and requires one. needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Oct 8, 2018
@k8s-ci-robot k8s-ci-robot added sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. and removed needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Oct 8, 2018
@awly
Copy link
Contributor Author

awly commented Oct 8, 2018

/assign @smarterclayton
/cc @mikedanese @liggitt

@smarterclayton
Copy link
Contributor

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Oct 8, 2018
@liggitt
Copy link
Member

liggitt commented Oct 8, 2018

/lgtm
probably worth a release note

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Oct 8, 2018
@mikedanese mikedanese added kind/bug Categorizes issue or PR as related to a bug. and removed needs-kind Indicates a PR lacks a `kind/foo` label and requires one. labels Oct 8, 2018
@mikedanese
Copy link
Member

/lgtm

Hold for relnote.
/hold

@k8s-ci-robot k8s-ci-robot added do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. release-note Denotes a PR that will be considered when it comes time to generate release notes. and removed release-note-none Denotes a PR that doesn't merit a release note. labels Oct 8, 2018
@awly
Copy link
Contributor Author

awly commented Oct 8, 2018

Added relnote, PTAL

@liggitt
Copy link
Member

liggitt commented Oct 8, 2018

/approve
needs bazel update

Allow inverted key/cert order in combined PEM file
4b6a6a1 
certificate.FileStore only handles (cert, key) combined PEM files. This
PR allows (key, cert), which is what "openssl req -out foo.pem -keyout
foo.pem" generates.
@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Oct 8, 2018
@awly
Copy link
Contributor Author

awly commented Oct 8, 2018

oops, update BUILD and squashed.
need re-lgtm

@liggitt
Copy link
Member

liggitt commented Oct 8, 2018

/retest
/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Oct 8, 2018
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: awly, liggitt, mikedanese, smarterclayton

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@mikedanese
Copy link
Member

/hold cancel

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Oct 8, 2018
@k8s-ci-robot k8s-ci-robot merged commit f883fd2 into kubernetes:master Oct 8, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mikedanese mikedanese Awaiting requested review from mikedanese

@smarterclayton smarterclayton Awaiting requested review from smarterclayton

@liggitt liggitt Awaiting requested review from liggitt

Assignees

@liggitt liggitt

@smarterclayton smarterclayton

@mikedanese mikedanese

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@awly @smarterclayton @liggitt @mikedanese @k8s-ci-robot