Merge pull request #120546 from SaumyaBhushan/issue

added documentation about the format of certificateKey

cmd/kubeadm/app/apis/kubeadm/types.go

@@ -60,6 +60,7 @@ type InitConfiguration struct {
 
 	// CertificateKey sets the key with which certificates and keys are encrypted prior to being uploaded in
 	// a secret in the cluster during the uploadcerts init phase.
+	// The certificate key is a hex encoded string that is an AES key of size 32 bytes.
 	CertificateKey string
 
 	// SkipPhases is a list of phases to skip during command execution.
@@ -337,6 +338,7 @@ type JoinControlPlane struct {
 
 	// CertificateKey is the key that is used for decryption of certificates after they are downloaded from the secret
 	// upon joining a new control plane node. The corresponding encryption key is in the InitConfiguration.
+	// The certificate key is a hex encoded string that is an AES key of size 32 bytes.
 	CertificateKey string
 }
 

cmd/kubeadm/app/apis/kubeadm/v1beta3/types.go

@@ -54,6 +54,7 @@ type InitConfiguration struct {
 
 	// CertificateKey sets the key with which certificates and keys are encrypted prior to being uploaded in
 	// a secret in the cluster during the uploadcerts init phase.
+	// The certificate key is a hex encoded string that is an AES key of size 32 bytes.
 	// +optional
 	CertificateKey string `json:"certificateKey,omitempty"`
 
@@ -354,6 +355,7 @@ type JoinControlPlane struct {
 
 	// CertificateKey is the key that is used for decryption of certificates after they are downloaded from the secret
 	// upon joining a new control plane node. The corresponding encryption key is in the InitConfiguration.
+	// The certificate key is a hex encoded string that is an AES key of size 32 bytes.
 	// +optional
 	CertificateKey string `json:"certificateKey,omitempty"`
 }

cmd/kubeadm/app/apis/kubeadm/v1beta4/types.go

@@ -58,6 +58,7 @@ type InitConfiguration struct {
 
 	// CertificateKey sets the key with which certificates and keys are encrypted prior to being uploaded in
 	// a secret in the cluster during the uploadcerts init phase.
+	// The certificate key is a hex encoded string that is an AES key of size 32 bytes.
 	// +optional
 	CertificateKey string `json:"certificateKey,omitempty"`
 
@@ -372,6 +373,7 @@ type JoinControlPlane struct {
 
 	// CertificateKey is the key that is used for decryption of certificates after they are downloaded from the secret
 	// upon joining a new control plane node. The corresponding encryption key is in the InitConfiguration.
+	// The certificate key is a hex encoded string that is an AES key of size 32 bytes.
 	// +optional
 	CertificateKey string `json:"certificateKey,omitempty"`
 }

cmd/kubeadm/app/cmd/init.go

@@ -188,7 +188,7 @@ func AddInitConfigFlags(flagSet *flag.FlagSet, cfg *kubeadmapiv1.InitConfigurati
 	)
 	flagSet.StringVar(
 		&cfg.CertificateKey, options.CertificateKey, "",
-		"Key used to encrypt the control-plane certificates in the kubeadm-certs Secret.",
+		"Key used to encrypt the control-plane certificates in the kubeadm-certs Secret. The certificate key is a hex encoded string that is an AES key of size 32 bytes.",
 	)
 	cmdutil.AddCRISocketFlag(flagSet, &cfg.NodeRegistration.CRISocket)
 }

cmd/kubeadm/app/cmd/join.go

@@ -251,7 +251,7 @@ func addJoinConfigFlags(flagSet *flag.FlagSet, cfg *kubeadmapiv1.JoinConfigurati
 	)
 	flagSet.StringVar(
 		&cfg.ControlPlane.CertificateKey, options.CertificateKey, cfg.ControlPlane.CertificateKey,
-		"Use this key to decrypt the certificate secrets uploaded by init.",
+		"Use this key to decrypt the certificate secrets uploaded by init. The certificate key is a hex encoded string that is an AES key of size 32 bytes.",
 	)
 	// add control plane endpoint flags to the specified flagset
 	flagSet.StringVar(