Address review comments.

This commit is contained in:
xiangpengzhao 2017-11-21 15:37:12 +08:00
parent b37d6641a7
commit 2b00d36241
2 changed files with 12 additions and 5 deletions

View File

@ -68,8 +68,9 @@ func PerformPostUpgradeTasks(client clientset.Interface, cfg *kubeadmapi.MasterC
errs = append(errs, err) errs = append(errs, err)
} }
shouldBackup, err := shouldBackupAPIServerCertAndKey(newK8sVer)
// Don't fail the upgrade phase if failing to determine to backup kube-apiserver cert and key. // Don't fail the upgrade phase if failing to determine to backup kube-apiserver cert and key.
if shouldBackup, err := shouldBackupAPIServerCertAndKey(newK8sVer); err != nil { if err != nil {
fmt.Printf("[postupgrade] WARNING: failed to determine to backup kube-apiserver cert and key: %v", err) fmt.Printf("[postupgrade] WARNING: failed to determine to backup kube-apiserver cert and key: %v", err)
} else if shouldBackup { } else if shouldBackup {
// Don't fail the upgrade phase if failing to backup kube-apiserver cert and key. // Don't fail the upgrade phase if failing to backup kube-apiserver cert and key.

View File

@ -64,29 +64,35 @@ func rollbackFiles(files map[string]string, originalErr error) error {
errs = append(errs, err) errs = append(errs, err)
} }
} }
return fmt.Errorf("couldn't roll back kube-apiserver cert and key! Got errors: %v", errors.NewAggregate(errs)) return fmt.Errorf("couldn't move these files: %v. Got errors: %v", files, errors.NewAggregate(errs))
} }
// shouldBackupAPIServerCertAndKey check if the new k8s version is at least 1.9.0 // shouldBackupAPIServerCertAndKey check if the new k8s version is at least 1.9.0
// and kube-apiserver will be expired in 60 days. // and kube-apiserver will be expired in 60 days.
func shouldBackupAPIServerCertAndKey(newK8sVer *version.Version) (bool, error) { func shouldBackupAPIServerCertAndKey(newK8sVer *version.Version) (bool, error) {
if !newK8sVer.AtLeast(v190) { if !newK8sVer.LessThan(v190) {
return false, nil return false, nil
} }
data, err := ioutil.ReadFile(filepath.Join(kubeadmapiext.DefaultCertificatesDir, constants.APIServerCertName)) apiServerCert := filepath.Join(kubeadmapiext.DefaultCertificatesDir, constants.APIServerCertName)
data, err := ioutil.ReadFile(apiServerCert)
if err != nil { if err != nil {
return false, fmt.Errorf("failed to read kube-apiserver certificate from disk: %v", err) return false, fmt.Errorf("failed to read kube-apiserver certificate from disk: %v", err)
} }
block, _ := pem.Decode(data) block, _ := pem.Decode(data)
if block == nil { if block == nil {
return false, fmt.Errorf("expected the kube-apiserver certificate to be PEM encoded") return false, fmt.Errorf("expected the kube-apiserver certificate to be PEM encoded")
} }
certs, err := x509.ParseCertificates(block.Bytes) certs, err := x509.ParseCertificates(block.Bytes)
if err != nil { if err != nil {
return false, fmt.Errorf("unable to parse certificate data: %v", err) return false, fmt.Errorf("unable to parse certificate data: %v", err)
} }
if len(certs) == 0 {
return false, fmt.Errorf("no certificate data found")
}
if certs[0].NotAfter.Sub(time.Now()) < 60*24*time.Hour { if certs[0].NotAfter.Sub(time.Now()) < 60*24*time.Hour {
return true, nil return true, nil
} }