Merge pull request #59316 from smarterclayton/terminate_early

Automatic merge from submit-queue (batch tested with PRs 58716, 59977, 59316, 59884, 60117). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Cap how long the kubelet waits when it has no client cert

If we go a certain amount of time without being able to create a client
cert and we have no current client cert from the store, exit. This
prevents a corrupted local copy of the cert from leaving the Kubelet in a
zombie state forever. Exiting allows a config loop outside the Kubelet
to clean up the file or the bootstrap client cert to get another client
cert.

Five minutes is a totally arbitary timeout, judged to give enough time for really slow static pods to boot.

@mikedanese

```release-note
Set an upper bound (5 minutes) on how long the Kubelet will wait before exiting when the client cert from disk is missing or invalid. This prevents the Kubelet from waiting forever without attempting to bootstrap a new client credentials.
```

Kubernetes-commit: 2bbaf430d8a22287ae6a85c6c0b5736a80269e81

Godeps/Godeps.json

@@ -248,331 +248,331 @@
     },
     {
       "ImportPath": "k8s.io/api/admissionregistration/v1alpha1",
-			"Rev": "67b2d3bc751123a303826d59c88c57c3d07f1b50"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/api/admissionregistration/v1beta1",
-			"Rev": "67b2d3bc751123a303826d59c88c57c3d07f1b50"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/api/apps/v1",
-			"Rev": "67b2d3bc751123a303826d59c88c57c3d07f1b50"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/api/apps/v1beta1",
-			"Rev": "67b2d3bc751123a303826d59c88c57c3d07f1b50"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/api/apps/v1beta2",
-			"Rev": "67b2d3bc751123a303826d59c88c57c3d07f1b50"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/api/authentication/v1",
-			"Rev": "67b2d3bc751123a303826d59c88c57c3d07f1b50"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/api/authentication/v1beta1",
-			"Rev": "67b2d3bc751123a303826d59c88c57c3d07f1b50"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/api/authorization/v1",
-			"Rev": "67b2d3bc751123a303826d59c88c57c3d07f1b50"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/api/authorization/v1beta1",
-			"Rev": "67b2d3bc751123a303826d59c88c57c3d07f1b50"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/api/autoscaling/v1",
-			"Rev": "67b2d3bc751123a303826d59c88c57c3d07f1b50"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/api/autoscaling/v2beta1",
-			"Rev": "67b2d3bc751123a303826d59c88c57c3d07f1b50"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/api/batch/v1",
-			"Rev": "67b2d3bc751123a303826d59c88c57c3d07f1b50"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/api/batch/v1beta1",
-			"Rev": "67b2d3bc751123a303826d59c88c57c3d07f1b50"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/api/batch/v2alpha1",
-			"Rev": "67b2d3bc751123a303826d59c88c57c3d07f1b50"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/api/certificates/v1beta1",
-			"Rev": "67b2d3bc751123a303826d59c88c57c3d07f1b50"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/api/core/v1",
-			"Rev": "67b2d3bc751123a303826d59c88c57c3d07f1b50"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/api/events/v1beta1",
-			"Rev": "67b2d3bc751123a303826d59c88c57c3d07f1b50"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/api/extensions/v1beta1",
-			"Rev": "67b2d3bc751123a303826d59c88c57c3d07f1b50"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/api/imagepolicy/v1alpha1",
-			"Rev": "67b2d3bc751123a303826d59c88c57c3d07f1b50"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/api/networking/v1",
-			"Rev": "67b2d3bc751123a303826d59c88c57c3d07f1b50"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/api/policy/v1beta1",
-			"Rev": "67b2d3bc751123a303826d59c88c57c3d07f1b50"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/api/rbac/v1",
-			"Rev": "67b2d3bc751123a303826d59c88c57c3d07f1b50"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/api/rbac/v1alpha1",
-			"Rev": "67b2d3bc751123a303826d59c88c57c3d07f1b50"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/api/rbac/v1beta1",
-			"Rev": "67b2d3bc751123a303826d59c88c57c3d07f1b50"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/api/scheduling/v1alpha1",
-			"Rev": "67b2d3bc751123a303826d59c88c57c3d07f1b50"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/api/settings/v1alpha1",
-			"Rev": "67b2d3bc751123a303826d59c88c57c3d07f1b50"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/api/storage/v1",
-			"Rev": "67b2d3bc751123a303826d59c88c57c3d07f1b50"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/api/storage/v1alpha1",
-			"Rev": "67b2d3bc751123a303826d59c88c57c3d07f1b50"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/api/storage/v1beta1",
-			"Rev": "67b2d3bc751123a303826d59c88c57c3d07f1b50"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/api/equality",
-			"Rev": "5d3b627f6c0413ebaf4d825444dbb947cf9fcac2"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/api/errors",
-			"Rev": "5d3b627f6c0413ebaf4d825444dbb947cf9fcac2"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/api/meta",
-			"Rev": "5d3b627f6c0413ebaf4d825444dbb947cf9fcac2"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/api/resource",
-			"Rev": "5d3b627f6c0413ebaf4d825444dbb947cf9fcac2"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/api/testing",
-			"Rev": "5d3b627f6c0413ebaf4d825444dbb947cf9fcac2"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/api/testing/fuzzer",
-			"Rev": "5d3b627f6c0413ebaf4d825444dbb947cf9fcac2"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/api/testing/roundtrip",
-			"Rev": "5d3b627f6c0413ebaf4d825444dbb947cf9fcac2"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/apimachinery",
-			"Rev": "5d3b627f6c0413ebaf4d825444dbb947cf9fcac2"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/apimachinery/announced",
-			"Rev": "5d3b627f6c0413ebaf4d825444dbb947cf9fcac2"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/apimachinery/registered",
-			"Rev": "5d3b627f6c0413ebaf4d825444dbb947cf9fcac2"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/apis/meta/fuzzer",
-			"Rev": "5d3b627f6c0413ebaf4d825444dbb947cf9fcac2"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/apis/meta/internalversion",
-			"Rev": "5d3b627f6c0413ebaf4d825444dbb947cf9fcac2"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/apis/meta/v1",
-			"Rev": "5d3b627f6c0413ebaf4d825444dbb947cf9fcac2"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured",
-			"Rev": "5d3b627f6c0413ebaf4d825444dbb947cf9fcac2"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/apis/meta/v1beta1",
-			"Rev": "5d3b627f6c0413ebaf4d825444dbb947cf9fcac2"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/conversion",
-			"Rev": "5d3b627f6c0413ebaf4d825444dbb947cf9fcac2"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/conversion/queryparams",
-			"Rev": "5d3b627f6c0413ebaf4d825444dbb947cf9fcac2"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/fields",
-			"Rev": "5d3b627f6c0413ebaf4d825444dbb947cf9fcac2"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/labels",
-			"Rev": "5d3b627f6c0413ebaf4d825444dbb947cf9fcac2"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/runtime",
-			"Rev": "5d3b627f6c0413ebaf4d825444dbb947cf9fcac2"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/runtime/schema",
-			"Rev": "5d3b627f6c0413ebaf4d825444dbb947cf9fcac2"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer",
-			"Rev": "5d3b627f6c0413ebaf4d825444dbb947cf9fcac2"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer/json",
-			"Rev": "5d3b627f6c0413ebaf4d825444dbb947cf9fcac2"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer/protobuf",
-			"Rev": "5d3b627f6c0413ebaf4d825444dbb947cf9fcac2"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer/recognizer",
-			"Rev": "5d3b627f6c0413ebaf4d825444dbb947cf9fcac2"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer/streaming",
-			"Rev": "5d3b627f6c0413ebaf4d825444dbb947cf9fcac2"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer/versioning",
-			"Rev": "5d3b627f6c0413ebaf4d825444dbb947cf9fcac2"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/selection",
-			"Rev": "5d3b627f6c0413ebaf4d825444dbb947cf9fcac2"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/types",
-			"Rev": "5d3b627f6c0413ebaf4d825444dbb947cf9fcac2"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/util/cache",
-			"Rev": "5d3b627f6c0413ebaf4d825444dbb947cf9fcac2"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/util/clock",
-			"Rev": "5d3b627f6c0413ebaf4d825444dbb947cf9fcac2"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/util/diff",
-			"Rev": "5d3b627f6c0413ebaf4d825444dbb947cf9fcac2"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/util/errors",
-			"Rev": "5d3b627f6c0413ebaf4d825444dbb947cf9fcac2"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/util/framer",
-			"Rev": "5d3b627f6c0413ebaf4d825444dbb947cf9fcac2"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/util/httpstream",
-			"Rev": "5d3b627f6c0413ebaf4d825444dbb947cf9fcac2"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/util/httpstream/spdy",
-			"Rev": "5d3b627f6c0413ebaf4d825444dbb947cf9fcac2"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/util/intstr",
-			"Rev": "5d3b627f6c0413ebaf4d825444dbb947cf9fcac2"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/util/json",
-			"Rev": "5d3b627f6c0413ebaf4d825444dbb947cf9fcac2"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/util/mergepatch",
-			"Rev": "5d3b627f6c0413ebaf4d825444dbb947cf9fcac2"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/util/net",
-			"Rev": "5d3b627f6c0413ebaf4d825444dbb947cf9fcac2"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/util/remotecommand",
-			"Rev": "5d3b627f6c0413ebaf4d825444dbb947cf9fcac2"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/util/runtime",
-			"Rev": "5d3b627f6c0413ebaf4d825444dbb947cf9fcac2"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/util/sets",
-			"Rev": "5d3b627f6c0413ebaf4d825444dbb947cf9fcac2"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/util/strategicpatch",
-			"Rev": "5d3b627f6c0413ebaf4d825444dbb947cf9fcac2"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/util/validation",
-			"Rev": "5d3b627f6c0413ebaf4d825444dbb947cf9fcac2"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/util/validation/field",
-			"Rev": "5d3b627f6c0413ebaf4d825444dbb947cf9fcac2"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/util/wait",
-			"Rev": "5d3b627f6c0413ebaf4d825444dbb947cf9fcac2"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/util/yaml",
-			"Rev": "5d3b627f6c0413ebaf4d825444dbb947cf9fcac2"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/version",
-			"Rev": "5d3b627f6c0413ebaf4d825444dbb947cf9fcac2"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/apimachinery/pkg/watch",
-			"Rev": "5d3b627f6c0413ebaf4d825444dbb947cf9fcac2"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/apimachinery/third_party/forked/golang/json",
-			"Rev": "5d3b627f6c0413ebaf4d825444dbb947cf9fcac2"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/apimachinery/third_party/forked/golang/netutil",
-			"Rev": "5d3b627f6c0413ebaf4d825444dbb947cf9fcac2"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/apimachinery/third_party/forked/golang/reflect",
-			"Rev": "5d3b627f6c0413ebaf4d825444dbb947cf9fcac2"
+      "Rev": "6462c8022c0af7f4718f111566bd037fe0fd4c3a"
     },
     {
       "ImportPath": "k8s.io/kube-openapi/pkg/util/proto",

util/certificate/certificate_manager.go

@@ -268,6 +268,13 @@ func getCurrentCertificateOrBootstrap(
 		return nil, false, fmt.Errorf("unable to parse certificate data: %v", err)
 	}
 	bootstrapCert.Leaf = certs[0]
+
+	if _, err := store.Update(bootstrapCertificatePEM, bootstrapKeyPEM); err != nil {
+		utilruntime.HandleError(fmt.Errorf("Unable to set the cert/key pair to the bootstrap certificate: %v", err))
+	} else {
+		glog.V(4).Infof("Updated the store to contain the initial bootstrap certificate")
+	}
+
 	return &bootstrapCert, true, nil
 }