Rohith Jayawardene gambol99

## node_authorization_config.yaml
# KOPS Cluster Spec

# enable the node authorization service
nodeAuthorization:
    nodeAuthorizer: {}

# technically only the above is required as everything else gets defaulted.
# But given how kops works if you specify the sections below, the defaults
# don't get carried through, thus you need to apply these below.

## node_authorizer_systemd_unit.sh
$ systemctl cat node-authorizer | cat
# /etc/systemd/system/node-authorizer.service
[Unit]
Description=Node Authorization Client
Documentation=https://github.com/kubernetes/kops
After=docker.service
Before=kubelet.service
[Service]
Type=oneshot
RemainAfterExit=yes

## node_authorization_struct.go
// NodeAuthorizerSpec defines the configuration for a node authorizer
type NodeAuthorizerSpec struct {
  // Authorizer is the authorizer to use
  Authorizer string `json:"authorizer,omitempty"`
  // Features is a series of authorizer features to enable or disable
  Features *[]string `json:"features,omitempty"`
  // Image is the location of container - alternatively export the NODE_AUTHORIZATION_IMAGE environment varaible
  Image string `json:"image,omitempty"`
  // NodeURL is the node authorization service url.
  NodeURL string `json:"nodeURL,omitempty"`

## keybase.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                gambol99
                / keybase.md
            
            
              Last active
              May 13, 2019 11:00
            
          
    Keybase proof

I hereby claim:

I am gambol99 on github.
I am gambol99 (https://keybase.io/gambol99) on keybase.
I have a public key ASDUz_SKevDhRfY6I-XTevm65QnhHZzpYloZ9csbFT1PiQo

To claim this, I am signing this object:

  
## gist:d55afd69217b8e2dd727be99f0a20e7d

//
// createCertificateAuthority generates a certificate authority request ready to be signed
//
func (r *secretStore) createCertificateAuthority(names pkix.Name, expiration time.Duration, size int) (*caCertificate, error) {
	// step: generate a keypair
	keys, err := rsa.GenerateKey(rand.Reader, size)
	if err != nil {
		return nil, fmt.Errorf("unable to genarate private keys, error: %s", err)
	}
	# KOPS Cluster Spec

	# enable the node authorization service
	nodeAuthorization:
	nodeAuthorizer: {}

	# technically only the above is required as everything else gets defaulted.
	# But given how kops works if you specify the sections below, the defaults
	# don't get carried through, thus you need to apply these below.
	$ systemctl cat node-authorizer \| cat
	# /etc/systemd/system/node-authorizer.service
	[Unit]
	Description=Node Authorization Client
	Documentation=https://github.com/kubernetes/kops
	After=docker.service
	Before=kubelet.service
	[Service]
	Type=oneshot
	RemainAfterExit=yes
	// NodeAuthorizerSpec defines the configuration for a node authorizer
	type NodeAuthorizerSpec struct {
	// Authorizer is the authorizer to use
	Authorizer string `json:"authorizer,omitempty"`
	// Features is a series of authorizer features to enable or disable
	Features *[]string `json:"features,omitempty"`
	// Image is the location of container - alternatively export the NODE_AUTHORIZATION_IMAGE environment varaible
	Image string `json:"image,omitempty"`
	// NodeURL is the node authorization service url.
	NodeURL string `json:"nodeURL,omitempty"`

	//
	// createCertificateAuthority generates a certificate authority request ready to be signed
	//
	func (r secretStore) createCertificateAuthority(names pkix.Name, expiration time.Duration, size int) (caCertificate, error) {
	// step: generate a keypair
	keys, err := rsa.GenerateKey(rand.Reader, size)
	if err != nil {
	return nil, fmt.Errorf("unable to genarate private keys, error: %s", err)
	}