Merge pull request #80867 from fabriziopandini/fix-certs-generation-for-external-etcd

kubeadm: fix-certs-generation-for-external-etcd
2025-07-23 19:56:01 +00:00 · 2019-08-02 20:28:06 -07:00 · 2019-08-02 20:28:06 -07:00 · 44f3aafc1a
commit 44f3aafc1a
parent 36391966f2 59fb766b42
1 changed files with 12 additions and 12 deletions
--- a/cmd/kubeadm/app/cmd/phases/init/certs.go
+++ b/cmd/kubeadm/app/cmd/phases/init/certs.go
@ -218,6 +218,12 @@ func runCAPhase(ca *certsphase.KubeadmCert) func(c workflow.RunData) error {
 			return errors.New("certs phase invoked with an invalid data struct")
 		}

+		// if using external etcd, skips etcd certificate authority generation
+		if data.Cfg().Etcd.External != nil && ca.Name == "etcd-ca" {
+			fmt.Printf("[certs] External etcd mode: Skipping %s certificate authority generation\n", ca.BaseName)
+			return nil
+		}
+
 		if _, err := pkiutil.TryLoadCertFromDisk(data.CertificateDir(), ca.BaseName); err == nil {
 			if _, err := pkiutil.TryLoadKeyFromDisk(data.CertificateDir(), ca.BaseName); err == nil {
 				fmt.Printf("[certs] Using existing %s certificate authority\n", ca.BaseName)
@ -227,12 +233,6 @@ func runCAPhase(ca *certsphase.KubeadmCert) func(c workflow.RunData) error {
 			return nil
 		}

-		// if using external etcd, skips etcd certificate authority generation
-		if data.Cfg().Etcd.External != nil && ca.Name == "etcd-ca" {
-			fmt.Printf("[certs] External etcd mode: Skipping %s certificate authority generation\n", ca.BaseName)
-			return nil
-		}
-
 		// if dryrunning, write certificates authority to a temporary folder (and defer restore to the path originally specified by the user)
 		cfg := data.Cfg()
 		cfg.CertificatesDir = data.CertificateWriteDir()
@ -250,6 +250,12 @@ func runCertPhase(cert *certsphase.KubeadmCert, caCert *certsphase.KubeadmCert)
 			return errors.New("certs phase invoked with an invalid data struct")
 		}

+		// if using external etcd, skips etcd certificates generation
+		if data.Cfg().Etcd.External != nil && cert.CAName == "etcd-ca" {
+			fmt.Printf("[certs] External etcd mode: Skipping %s certificate generation\n", cert.BaseName)
+			return nil
+		}
+
 		if certData, _, err := pkiutil.TryLoadCertAndKeyFromDisk(data.CertificateDir(), cert.BaseName); err == nil {
 			caCertData, err := pkiutil.TryLoadCertFromDisk(data.CertificateDir(), caCert.BaseName)
 			if err != nil {
@ -273,12 +279,6 @@ func runCertPhase(cert *certsphase.KubeadmCert, caCert *certsphase.KubeadmCert)
 			return certsphase.CreateCSR(cert, data.Cfg(), csrDir)
 		}

-		// if using external etcd, skips etcd certificates generation
-		if data.Cfg().Etcd.External != nil && cert.CAName == "etcd-ca" {
-			fmt.Printf("[certs] External etcd mode: Skipping %s certificate authority generation\n", cert.BaseName)
-			return nil
-		}
-
 		// if dryrunning, write certificates to a temporary folder (and defer restore to the path originally specified by the user)
 		cfg := data.Cfg()
 		cfg.CertificatesDir = data.CertificateWriteDir()