github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-21 02:41:25 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #113005 from chendave/dry-run-prepare

Browse Source 
kubeadm: Enable `dry-run` mode for phase of `control-plane-prepare certs`
This commit is contained in:
Kubernetes Prow Robot 2022-10-17 06:59:07 -07:00 committed by GitHub
commit 3b8cfefaee
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 14 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
cmd/kubeadm/app/cmd/phases/join/controlplaneprepare.go
View File

@ -108,6 +108,7 @@ func getControlPlanePreparePhaseFlags(name string) []string {
options.TokenDiscoverySkipCAHash,
options.TLSBootstrapToken,
options.TokenStr,
options.DryRun,
}
case "kubeconfig":
flags = []string{
@ -230,10 +231,10 @@ func runControlPlanePrepareDownloadCertsPhaseLocal(c workflow.RunData) error {
return err
}
// If we're dry-running, download certs to tmp dir
if data.DryRun() {
cfg.CertificatesDir = data.CertificateWriteDir()
}
// If we're dry-running, download certs to tmp dir, and defer to restore to the path originally specified by the user
certsDir := cfg.CertificatesDir
cfg.CertificatesDir = data.CertificateWriteDir()
defer func() { cfg.CertificatesDir = certsDir }()
client, err := bootstrapClient(data)
if err != nil {
@ -264,6 +265,10 @@ func runControlPlanePrepareCertsPhaseLocal(c workflow.RunData) error {
fmt.Printf("[certs] Using certificateDir folder %q\n", cfg.CertificatesDir)
// if dryrunning, write certificates files to a temporary folder (and defer restore to the path originally specified by the user)
certsDir := cfg.CertificatesDir
cfg.CertificatesDir = data.CertificateWriteDir()
defer func() { cfg.CertificatesDir = certsDir }()
// Generate missing certificates (if any)
return certsphase.CreatePKIAssets(cfg)
}

3
cmd/kubeadm/app/phases/certs/certlist.go
View File

@ -21,10 +21,12 @@ import (
"crypto/x509"
"fmt"
"io"
"path/filepath"
"github.com/pkg/errors"
certutil "k8s.io/client-go/util/cert"
"k8s.io/klog/v2"
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants"
@ -151,6 +153,7 @@ func (t CertificateTree) CreateTree(ic *kubeadmapi.InitConfiguration) error {
continue
}
// CA key exists; just use that to create new certificates.
klog.V(1).Infof("[certs] Using the existing CA certificate %q and key %q\n", filepath.Join(ic.CertificatesDir, fmt.Sprintf("%s.crt", ca.BaseName)), filepath.Join(ic.CertificatesDir, fmt.Sprintf("%s.key", ca.BaseName)))
} else {
// CACert doesn't already exist, create a new cert and key.
caCert, caKey, err = pkiutil.NewCertificateAuthority(cfg)

2
cmd/kubeadm/app/phases/copycerts/copycerts.go
View File

@ -234,6 +234,8 @@ func DownloadCerts(client clientset.Interface, cfg *kubeadmapi.InitConfiguration
return errors.Wrap(err, "error decoding secret data with provided key")
}
fmt.Printf("[download-certs] Saving the certificates to the folder: %q\n", cfg.CertificatesDir)
for certOrKeyName, certOrKeyPath := range certsToTransfer(cfg) {
certOrKeyData, found := secretData[certOrKeyNameToSecretName(certOrKeyName)]
if !found {