Merge pull request #63806 from detiber/externalEtcdCerts

Automatic merge from submit-queue (batch tested with PRs 63588, 63806). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

kubeadm - do not generate etcd ca/certs for external etcd

**What this PR does / why we need it**:

Currently we generate an etcd CA and certificates even if we are specifying an external etcd cluster when running `kubeadm init`, this PR changes this behavior to skip generating the etcd CA and certificates if configured for an external etcd cluster.

**Which issue(s) this PR fixes** 
Fixes https://github.com/kubernetes/kubeadm/issues/807

**Release note**:
```release-note
kubeadm will no longer generate an unused etcd CA and certificates when configured to use an external etcd cluster.
```
This commit is contained in:
Kubernetes Submit Queue 2018-05-14 11:26:19 -07:00 committed by GitHub
commit 2860bd595d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 27 additions and 3 deletions

View File

@ -39,14 +39,21 @@ func CreatePKIAssets(cfg *kubeadmapi.MasterConfiguration) error {
CreateCACertAndKeyFiles,
CreateAPIServerCertAndKeyFiles,
CreateAPIServerKubeletClientCertAndKeyFiles,
CreateServiceAccountKeyAndPublicKeyFiles,
CreateFrontProxyCACertAndKeyFiles,
CreateFrontProxyClientCertAndKeyFiles,
}
etcdCertActions := []func(cfg *kubeadmapi.MasterConfiguration) error{
CreateEtcdCACertAndKeyFiles,
CreateEtcdServerCertAndKeyFiles,
CreateEtcdPeerCertAndKeyFiles,
CreateEtcdHealthcheckClientCertAndKeyFiles,
CreateAPIServerEtcdClientCertAndKeyFiles,
CreateServiceAccountKeyAndPublicKeyFiles,
CreateFrontProxyCACertAndKeyFiles,
CreateFrontProxyClientCertAndKeyFiles,
}
// Currently this is the only way we have to identify static pod etcd vs external etcd
if len(cfg.Etcd.Endpoints) == 0 {
certActions = append(certActions, etcdCertActions...)
}
for _, action := range certActions {

View File

@ -603,6 +603,7 @@ func TestCreateCertificateFilesMethods(t *testing.T) {
setupFunc func(cfg *kubeadmapi.MasterConfiguration) error
createFunc func(cfg *kubeadmapi.MasterConfiguration) error
expectedFiles []string
externalEtcd bool
}{
{
createFunc: CreatePKIAssets,
@ -620,6 +621,18 @@ func TestCreateCertificateFilesMethods(t *testing.T) {
kubeadmconstants.FrontProxyClientCertName, kubeadmconstants.FrontProxyClientKeyName,
},
},
{
createFunc: CreatePKIAssets,
externalEtcd: true,
expectedFiles: []string{
kubeadmconstants.CACertName, kubeadmconstants.CAKeyName,
kubeadmconstants.APIServerCertName, kubeadmconstants.APIServerKeyName,
kubeadmconstants.APIServerKubeletClientCertName, kubeadmconstants.APIServerKubeletClientKeyName,
kubeadmconstants.ServiceAccountPrivateKeyName, kubeadmconstants.ServiceAccountPublicKeyName,
kubeadmconstants.FrontProxyCACertName, kubeadmconstants.FrontProxyCAKeyName,
kubeadmconstants.FrontProxyClientCertName, kubeadmconstants.FrontProxyClientKeyName,
},
},
{
createFunc: CreateCACertAndKeyFiles,
expectedFiles: []string{kubeadmconstants.CACertName, kubeadmconstants.CAKeyName},
@ -685,6 +698,10 @@ func TestCreateCertificateFilesMethods(t *testing.T) {
CertificatesDir: tmpdir,
}
if test.externalEtcd {
cfg.Etcd.Endpoints = []string{"192.168.1.1:2379"}
}
// executes setup func (if necessary)
if test.setupFunc != nil {
if err := test.setupFunc(cfg); err != nil {