From 20b37d6c5a8ce4bb95c5095bceeac096e5041ced Mon Sep 17 00:00:00 2001 From: Samuel Davidson Date: Mon, 18 May 2020 16:39:44 -0700 Subject: [PATCH] Add IP rotation flags and env-vars to configure-*.sh --- cluster/gce/gci/configure-helper.sh | 7 +++++++ cluster/gce/gci/configure-kubeapiserver.sh | 7 +++++++ 2 files changed, 14 insertions(+) diff --git a/cluster/gce/gci/configure-helper.sh b/cluster/gce/gci/configure-helper.sh index 31beef02235..9471d0ee8c2 100644 --- a/cluster/gce/gci/configure-helper.sh +++ b/cluster/gce/gci/configure-helper.sh @@ -564,6 +564,13 @@ function create-master-pki { SERVICEACCOUNT_KEY="${MASTER_KEY}" fi + if [[ -n "${OLD_MASTER_CERT:-}" && -n "${OLD_MASTER_KEY:-}" ]]; then + OLD_MASTER_CERT_PATH="${pki_dir}/oldapiserver.crt" + echo "${OLD_MASTER_CERT}" | base64 --decode > "${OLD_MASTER_CERT_PATH}" + OLD_MASTER_KEY_PATH="${pki_dir}/oldapiserver.key" + echo "${OLD_MASTER_KEY}" | base64 --decode > "${OLD_MASTER_KEY_PATH}" + fi + SERVICEACCOUNT_CERT_PATH="${pki_dir}/serviceaccount.crt" write-pki-data "${SERVICEACCOUNT_CERT}" "${SERVICEACCOUNT_CERT_PATH}" diff --git a/cluster/gce/gci/configure-kubeapiserver.sh b/cluster/gce/gci/configure-kubeapiserver.sh index 3f96028aa7e..0a6aa5c3ab7 100644 --- a/cluster/gce/gci/configure-kubeapiserver.sh +++ b/cluster/gce/gci/configure-kubeapiserver.sh @@ -82,6 +82,13 @@ function start-kube-apiserver { fi params+=" --tls-cert-file=${APISERVER_SERVER_CERT_PATH}" params+=" --tls-private-key-file=${APISERVER_SERVER_KEY_PATH}" + if [[ -n "${OLD_MASTER_IP:-}" ]]; then + local old_ips="${OLD_MASTER_IP}" + if [[ -n "${OLD_LOAD_BALANCER_IP}" ]]; then + old_ips+=",${OLD_LOAD_BALANCER_IP}" + fi + params+=" --tls-sni-cert-key=${OLD_MASTER_CERT_PATH},${OLD_MASTER_KEY_PATH}:${old_ips}" + fi params+=" --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname" if [[ -s "${REQUESTHEADER_CA_CERT_PATH:-}" ]]; then params+=" --requestheader-client-ca-file=${REQUESTHEADER_CA_CERT_PATH}"