Merge pull request #62766 from mikedanese/alpha4

Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. self sign certs when ServerTLSBootstrap is disabled kc.ServerTLSBootstrap can't be true unless the feature gate is enabled. If the feature gate is enabled and kc.ServerTLSBootstrap is false, we should generate self signed certs. Fixes https://github.com/kubernetes/kubernetes/issues/62700 ```release-note NONE ```
2025-09-16 14:45:28 +00:00 · 2018-04-18 10:15:49 -07:00
parent b37564d9f2 cca8e1ce64
commit 214ce6572d
1 changed files with 1 additions and 1 deletions
--- a/cmd/kubelet/app/server.go
+++ b/cmd/kubelet/app/server.go
@@ -736,7 +736,7 @@ func getNodeName(cloud cloudprovider.Interface, hostname string) (types.NodeName
 // InitializeTLS checks for a configured TLSCertFile and TLSPrivateKeyFile: if unspecified a new self-signed
 // certificate and key file are generated. Returns a configured server.TLSOptions object.
 func InitializeTLS(kf *options.KubeletFlags, kc *kubeletconfiginternal.KubeletConfiguration) (*server.TLSOptions, error) {
-	if !utilfeature.DefaultFeatureGate.Enabled(features.RotateKubeletServerCertificate) && kc.TLSCertFile == "" && kc.TLSPrivateKeyFile == "" {
+	if !kc.ServerTLSBootstrap && kc.TLSCertFile == "" && kc.TLSPrivateKeyFile == "" {
 		kc.TLSCertFile = path.Join(kf.CertDirectory, "kubelet.crt")
 		kc.TLSPrivateKeyFile = path.Join(kf.CertDirectory, "kubelet.key")