diff --git a/cmd/kubeadm/app/phases/upgrade/postupgrade.go b/cmd/kubeadm/app/phases/upgrade/postupgrade.go index 158ff93aea2..fcfab59b0fa 100644 --- a/cmd/kubeadm/app/phases/upgrade/postupgrade.go +++ b/cmd/kubeadm/app/phases/upgrade/postupgrade.go @@ -17,10 +17,7 @@ limitations under the License. package upgrade import ( - "crypto/x509" - "encoding/pem" "fmt" - "io/ioutil" "os" "path/filepath" "time" @@ -29,6 +26,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/errors" clientset "k8s.io/client-go/kubernetes" + certutil "k8s.io/client-go/util/cert" kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm" kubeadmapiext "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1alpha1" kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants" @@ -205,19 +203,9 @@ func rollbackFiles(files map[string]string, originalErr error) error { // shouldBackupAPIServerCertAndKey checks if the cert of kube-apiserver will be expired in 180 days. func shouldBackupAPIServerCertAndKey(certAndKeyDir string) (bool, error) { apiServerCert := filepath.Join(certAndKeyDir, kubeadmconstants.APIServerCertName) - data, err := ioutil.ReadFile(apiServerCert) + certs, err := certutil.CertsFromFile(apiServerCert) if err != nil { - return false, fmt.Errorf("failed to read kube-apiserver certificate from disk: %v", err) - } - - block, _ := pem.Decode(data) - if block == nil { - return false, fmt.Errorf("expected the kube-apiserver certificate to be PEM encoded") - } - - certs, err := x509.ParseCertificates(block.Bytes) - if err != nil { - return false, fmt.Errorf("unable to parse certificate data: %v", err) + return false, fmt.Errorf("couldn't load the certificate file %s: %v", apiServerCert, err) } if len(certs) == 0 { return false, fmt.Errorf("no certificate data found")