fs.StringVar(&f.KubeletConfigFile,"config",f.KubeletConfigFile,"The Kubelet will load its initial configuration from this file. The path may be absolute or relative; relative paths start at the Kubelet's current working directory. Omit this flag to use the built-in default configuration values. Command-line flags override configuration from this file.")
fs.StringVar(&f.KubeConfig,"kubeconfig",f.KubeConfig,"Path to a kubeconfig file, specifying how to connect to the API server. Providing --kubeconfig enables API server mode, omitting --kubeconfig enables standalone mode.")
fs.StringVar(&f.BootstrapKubeconfig,"bootstrap-kubeconfig",f.BootstrapKubeconfig,"Path to a kubeconfig file that will be used to get client certificate for kubelet. "+
"If the file specified by --kubeconfig does not exist, the bootstrap kubeconfig is used to request a client certificate from the API server. "+
"On success, a kubeconfig file referencing the generated client certificate and key is written to the path specified by --kubeconfig. "+
"The client certificate and key file will be stored in the directory pointed by --cert-dir.")
fs.BoolVar(&f.RotateCertificates,"rotate-certificates",f.RotateCertificates,"<Warning: Beta feature> Auto rotate the kubelet client certificates by requesting new certificates from the kube-apiserver when the certificate expiration approaches.")
fs.BoolVar(&f.ReallyCrashForTesting,"really-crash-for-testing",f.ReallyCrashForTesting,"If true, when panics occur crash. Intended for testing.")
fs.Float64Var(&f.ChaosChance,"chaos-chance",f.ChaosChance,"If > 0.0, introduce random client errors and latency. Intended for testing.")
fs.StringVar(&f.BootstrapCheckpointPath,"bootstrap-checkpoint-path",f.BootstrapCheckpointPath,"<Warning: Alpha feature> Path to to the directory where the checkpoints are stored")
// the certificate has been deleted from disk or is otherwise corrupt
ifnow.After(lastCertAvailable.Add(exitAfter)){
ifclientCertificateManager.ServerHealthy(){
glog.Fatalf("It has been %s since a valid client cert was found and the server is responsive, exiting.",exitAfter)
}else{
glog.Errorf("It has been %s since a valid client cert was found, but the server is not responsive. A restart may be necessary to retrieve new initial credentials.",exitAfter)
}
}
}else{
// the certificate is expired
ifnow.After(curr.Leaf.NotAfter){
ifclientCertificateManager.ServerHealthy(){
glog.Fatalf("The currently active client certificate has expired and the server is responsive, exiting.")
}else{
glog.Errorf("The currently active client certificate has expired, but the server is not responsive. A restart may be necessary to retrieve new initial credentials.")
}
}
lastCertAvailable=now
}
}
ifcurr==nil||lastCert==curr{
// Cert hasn't been rotated.
return
}
lastCert=curr
glog.Infof("certificate rotation detected, shutting down client connections to start using new credentials")
// The cert has been rotated. Close all existing connections to force the client
"":"This information is immutable after the request is created. Only the Request and Usages fields can be set on creation, other fields are derived by Kubernetes and cannot be modified by users.",
"request":"Base64-encoded PKCS#10 CSR data",
"usages":"allowedUsages specifies a set of usage contexts the key will be valid for. See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3\n https://tools.ietf.org/html/rfc5280#section-4.2.1.12",
"username":"Information about the requesting user. See user.Info interface for details.",
"uid":"UID information about the requesting user. See user.Info interface for details.",
"groups":"Group information about the requesting user. See user.Info interface for details.",
"extra":"Extra information about the requesting user. See user.Info interface for details.",
// Create takes the representation of a certificateSigningRequest and creates it. Returns the server's representation of the certificateSigningRequest, and an error, if there is any.
// Update takes the representation of a certificateSigningRequest and updates it. Returns the server's representation of the certificateSigningRequest, and an error, if there is any.
// Create takes the representation of a certificateSigningRequest and creates it. Returns the server's representation of the certificateSigningRequest, and an error, if there is any.
// Update takes the representation of a certificateSigningRequest and updates it. Returns the server's representation of the certificateSigningRequest, and an error, if there is any.