github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-02 00:07:50 +00:00
Code Issues Projects Releases Wiki Activity

kubeadm: Perform TLS Bootstrapping in kubeadm join for v1.7 kubelets but not v1.8 ones

Browse Source
This commit is contained in:
Lucas Käldström 2017-09-08 22:29:11 +03:00
parent 976d5c3438
commit 136d68b4d5
No known key found for this signature in database
GPG Key ID: 3FA3783D77751514
3 changed files with 19 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
cmd/kubeadm/app/cmd/join.go
View File

@ -20,7 +20,9 @@ import (
"fmt" "fmt"
"io" "io"
"io/ioutil" "io/ioutil"
"os/exec"
"path/filepath" "path/filepath"
"strings"
"github.com/renstrom/dedent" "github.com/renstrom/dedent"
"github.com/spf13/cobra" "github.com/spf13/cobra"
@ -204,8 +206,6 @@ func (j *Join) Run(out io.Writer) error {
return err return err
} }
hostname := nodeutil.GetHostname(j.cfg.NodeName)
client, err := kubeconfigutil.KubeConfigToClientSet(cfg) client, err := kubeconfigutil.KubeConfigToClientSet(cfg)
if err != nil { if err != nil {
return err return err
@ -213,11 +213,24 @@ func (j *Join) Run(out io.Writer) error {
if err := kubeadmnode.ValidateAPIServer(client); err != nil { if err := kubeadmnode.ValidateAPIServer(client); err != nil {
return err return err
} }
if err := kubeadmnode.PerformTLSBootstrap(cfg, hostname); err != nil {
return err kubeconfigFile := filepath.Join(kubeadmconstants.KubernetesDir, kubeadmconstants.KubeletBootstrapKubeConfigFileName)
// Depending on the kubelet version, we might perform the TLS bootstrap or not
kubeletVersionBytes, err := exec.Command("sh", "-c", "kubelet --version").Output()
// In case the command executed successfully and returned v1.7-something, we'll perform TLS Bootstrapping
// Otherwise, just assume v1.8
// TODO: In the beginning of the v1.9 cycle, we can remove the logic as we then don't support v1.7 anymore
if err == nil && strings.HasPrefix(string(kubeletVersionBytes), "Kubernetes v1.7") {
hostname := nodeutil.GetHostname(j.cfg.NodeName)
if err := kubeadmnode.PerformTLSBootstrap(cfg, hostname); err != nil {
return err
}
// As we now performed the TLS Bootstrap, change the filepath to be kubelet.conf instead of bootstrap-kubelet.conf
kubeconfigFile = filepath.Join(kubeadmconstants.KubernetesDir, kubeadmconstants.KubeletKubeConfigFileName)
} }
kubeconfigFile := filepath.Join(kubeadmconstants.KubernetesDir, kubeadmconstants.KubeletKubeConfigFileName) // Write the bootstrap kubelet config file or the TLS-Boostrapped kubelet config file down to disk
if err := kubeconfigutil.WriteToDisk(kubeconfigFile, cfg); err != nil { if err := kubeconfigutil.WriteToDisk(kubeconfigFile, cfg); err != nil {
return err return err
} }

1
cmd/kubeadm/app/node/csr.go
View File

@ -26,6 +26,7 @@ import (
"k8s.io/kubernetes/pkg/kubelet/util/csr" "k8s.io/kubernetes/pkg/kubelet/util/csr"
) )
// CSRContextAndUser defines the context to use for the client certs in the kubelet kubeconfig file
const CSRContextAndUser = "kubelet-csr" const CSRContextAndUser = "kubelet-csr"
// PerformTLSBootstrap executes a node certificate signing request. // PerformTLSBootstrap executes a node certificate signing request.

1
hack/.golint_failures
View File

@ -17,7 +17,6 @@ cmd/kubeadm/app/discovery
cmd/kubeadm/app/discovery/file cmd/kubeadm/app/discovery/file
cmd/kubeadm/app/discovery/token cmd/kubeadm/app/discovery/token
cmd/kubeadm/app/images cmd/kubeadm/app/images
cmd/kubeadm/app/node
cmd/kubeadm/app/phases/certs/pkiutil cmd/kubeadm/app/phases/certs/pkiutil
cmd/kubeadm/app/preflight cmd/kubeadm/app/preflight
cmd/kubeadm/app/util cmd/kubeadm/app/util