diff --git a/cmd/kubeadm/app/phases/selfhosting/podspec_mutation.go b/cmd/kubeadm/app/phases/selfhosting/podspec_mutation.go index 25142b1ad5b..3512b0b47a5 100644 --- a/cmd/kubeadm/app/phases/selfhosting/podspec_mutation.go +++ b/cmd/kubeadm/app/phases/selfhosting/podspec_mutation.go @@ -159,7 +159,14 @@ func setSelfHostedVolumesForControllerManager(podSpec *v1.PodSpec) { // This is not a problem with hostPath mounts as hostPath supports mounting one file only, instead of always a full directory. Secrets and Projected Volumes // don't support that. podSpec.Containers[0].Command = kubeadmutil.ReplaceArgument(podSpec.Containers[0].Command, func(argMap map[string]string) map[string]string { - argMap["kubeconfig"] = filepath.Join(selfHostedKubeConfigDir, kubeadmconstants.ControllerManagerKubeConfigFileName) + controllerManagerKubeConfigPath := filepath.Join(selfHostedKubeConfigDir, kubeadmconstants.ControllerManagerKubeConfigFileName) + argMap["kubeconfig"] = controllerManagerKubeConfigPath + if _, ok := argMap["authentication-kubeconfig"]; ok { + argMap["authentication-kubeconfig"] = controllerManagerKubeConfigPath + } + if _, ok := argMap["authorization-kubeconfig"]; ok { + argMap["authorization-kubeconfig"] = controllerManagerKubeConfigPath + } return argMap }) } diff --git a/cmd/kubeadm/app/phases/selfhosting/podspec_mutation_test.go b/cmd/kubeadm/app/phases/selfhosting/podspec_mutation_test.go index 1e8fbff899b..b37263d92b6 100644 --- a/cmd/kubeadm/app/phases/selfhosting/podspec_mutation_test.go +++ b/cmd/kubeadm/app/phases/selfhosting/podspec_mutation_test.go @@ -414,6 +414,8 @@ func TestSetSelfHostedVolumesForControllerManager(t *testing.T) { }, Command: []string{ "--kubeconfig=/etc/kubernetes/controller-manager.conf", + "--authentication-kubeconfig=/etc/kubernetes/controller-manager.conf", + "--authorization-kubeconfig=/etc/kubernetes/controller-manager.conf", "--foo=bar", }, }, @@ -467,6 +469,8 @@ func TestSetSelfHostedVolumesForControllerManager(t *testing.T) { }, Command: []string{ "--kubeconfig=/etc/kubernetes/kubeconfig/controller-manager.conf", + "--authentication-kubeconfig=/etc/kubernetes/kubeconfig/controller-manager.conf", + "--authorization-kubeconfig=/etc/kubernetes/kubeconfig/controller-manager.conf", "--foo=bar", }, },