github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-23 11:50:44 +00:00
Code Issues Projects Releases Wiki Activity

Address review comments.

Browse Source
This commit is contained in:
xiangpengzhao 2017-11-21 15:37:12 +08:00
parent b37d6641a7
commit 2b00d36241
2 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
cmd/kubeadm/app/phases/upgrade/postupgrade.go
View File

@ -68,8 +68,9 @@ func PerformPostUpgradeTasks(client clientset.Interface, cfg *kubeadmapi.MasterC
errs = append(errs, err)
}
shouldBackup, err := shouldBackupAPIServerCertAndKey(newK8sVer)
// Don't fail the upgrade phase if failing to determine to backup kube-apiserver cert and key.
if shouldBackup, err := shouldBackupAPIServerCertAndKey(newK8sVer); err != nil {
if err != nil {
fmt.Printf("[postupgrade] WARNING: failed to determine to backup kube-apiserver cert and key: %v", err)
} else if shouldBackup {
// Don't fail the upgrade phase if failing to backup kube-apiserver cert and key.

14
cmd/kubeadm/app/phases/upgrade/postupgrade_v18_19.go
View File

@ -64,29 +64,35 @@ func rollbackFiles(files map[string]string, originalErr error) error {
errs = append(errs, err)
}
}
return fmt.Errorf("couldn't roll back kube-apiserver cert and key! Got errors: %v", errors.NewAggregate(errs))
return fmt.Errorf("couldn't move these files: %v. Got errors: %v", files, errors.NewAggregate(errs))
}
// shouldBackupAPIServerCertAndKey check if the new k8s version is at least 1.9.0
// and kube-apiserver will be expired in 60 days.
func shouldBackupAPIServerCertAndKey(newK8sVer *version.Version) (bool, error) {
if !newK8sVer.AtLeast(v190) {
if !newK8sVer.LessThan(v190) {
return false, nil
}
data, err := ioutil.ReadFile(filepath.Join(kubeadmapiext.DefaultCertificatesDir, constants.APIServerCertName))
apiServerCert := filepath.Join(kubeadmapiext.DefaultCertificatesDir, constants.APIServerCertName)
data, err := ioutil.ReadFile(apiServerCert)
if err != nil {
return false, fmt.Errorf("failed to read kube-apiserver certificate from disk: %v", err)
}
block, _ := pem.Decode(data)
if block == nil {
return false, fmt.Errorf("expected the kube-apiserver certificate to be PEM encoded")
}
certs, err := x509.ParseCertificates(block.Bytes)
if err != nil {
return false, fmt.Errorf("unable to parse certificate data: %v", err)
}
if len(certs) == 0 {
return false, fmt.Errorf("no certificate data found")
}
if certs[0].NotAfter.Sub(time.Now()) < 60*24*time.Hour {
return true, nil
}