Merge pull request #103187 from Haleygo/fix-dry-run-when-using-externalCA

Kubeadm init --dry-run should work when using an external ca
2025-07-24 20:24:09 +00:00 · 2021-07-02 07:58:25 -07:00 · 2021-07-02 07:58:25 -07:00 · 1345a802de
commit 1345a802de
parent ce3bf862ee 6d6d200c3a
3 changed files with 31 additions and 3 deletions
--- a/cmd/kubeadm/app/cmd/init.go
+++ b/cmd/kubeadm/app/cmd/init.go
@ -386,9 +386,6 @@ func newInitData(cmd *cobra.Command, args []string, options *initOptions, out io
 		// Validate that also the required kubeconfig files exists and are invalid, because
 		// kubeadm can't regenerate them without the CA Key
 		kubeconfigDir := options.kubeconfigDir
-		if options.dryRun {
-			kubeconfigDir = dryRunDir
-		}
 		if err := kubeconfigphase.ValidateKubeconfigsForExternalCA(kubeconfigDir, cfg); err != nil {
 			return nil, err
 		}
--- a/cmd/kubeadm/app/cmd/phases/init/certs.go
+++ b/cmd/kubeadm/app/cmd/phases/init/certs.go
@ -18,6 +18,8 @@ package phases

 import (
 	"fmt"
+	"os"
+	"path/filepath"
 	"strings"

 	"github.com/pkg/errors"
@ -195,6 +197,20 @@ func runCerts(c workflow.RunData) error {
 	}

 	fmt.Printf("[certs] Using certificateDir folder %q\n", data.CertificateWriteDir())
+
+	// If using an external CA while dryrun, copy CA cert to dryrun dir for later use
+	if data.ExternalCA() && data.DryRun() {
+		externalCAFile := filepath.Join(data.Cfg().CertificatesDir, kubeadmconstants.CACertName)
+		fileInfo, _ := os.Stat(externalCAFile)
+		contents, err := os.ReadFile(externalCAFile)
+		if err != nil {
+			return err
+		}
+		err = os.WriteFile(filepath.Join(data.CertificateWriteDir(), kubeadmconstants.CACertName), contents, fileInfo.Mode())
+		if err != nil {
+			return err
+		}
+	}
 	return nil
 }

--- a/cmd/kubeadm/app/cmd/phases/init/kubeconfig.go
+++ b/cmd/kubeadm/app/cmd/phases/init/kubeconfig.go
@ -18,6 +18,8 @@ package phases

 import (
 	"fmt"
+	"os"
+	"path/filepath"

 	"github.com/pkg/errors"
 	"k8s.io/kubernetes/cmd/kubeadm/app/cmd/options"
@ -132,6 +134,19 @@ func runKubeConfigFile(kubeConfigFileName string) func(workflow.RunData) error {
 		// if external CA mode, skip certificate authority generation
 		if data.ExternalCA() {
 			fmt.Printf("[kubeconfig] External CA mode: Using user provided %s\n", kubeConfigFileName)
+			// If using an external CA while dryrun, copy kubeconfig files to dryrun dir for later use
+			if data.DryRun() {
+				externalCAFile := filepath.Join(kubeadmconstants.KubernetesDir, kubeConfigFileName)
+				fileInfo, _ := os.Stat(externalCAFile)
+				contents, err := os.ReadFile(externalCAFile)
+				if err != nil {
+					return err
+				}
+				err = os.WriteFile(filepath.Join(data.KubeConfigDir(), kubeConfigFileName), contents, fileInfo.Mode())
+				if err != nil {
+					return err
+				}
+			}
 			return nil
 		}