Merge pull request #43070 from mikedanese/downfix

Automatic merge from submit-queue add a compatibility shim for certs to support a cluster downgrade Fixes https://github.com/kubernetes/kubernetes/issues/42660
2025-07-23 19:56:01 +00:00 · 2017-03-15 05:16:27 -07:00 · 2017-03-15 05:16:27 -07:00 · 6e05e1c50a
commit 6e05e1c50a
parent 8993397a1e 361c40cc66
2 changed files with 13 additions and 0 deletions
--- a/cluster/gce/configure-vm.sh
+++ b/cluster/gce/configure-vm.sh
@ -66,6 +66,10 @@ function create-node-pki {
    KUBELET_KEY_PATH="${pki_dir}/kubelet.key"
    echo "${KUBELET_KEY}" | base64 --decode > "${KUBELET_KEY_PATH}"
  fi
+
+  # TODO(mikedanese): remove this when we don't support downgrading to versions
+  # < 1.6.
+  ln -s "${CA_CERT_BUNDLE_PATH}" /etc/kubernetes/ca.crt
 }

 # A hookpoint for setting up local devices
--- a/cluster/gce/gci/configure-helper.sh
+++ b/cluster/gce/gci/configure-helper.sh
@ -216,6 +216,10 @@ function create-node-pki {
    KUBELET_KEY_PATH="${pki_dir}/kubelet.key"
    echo "${KUBELET_KEY}" | base64 --decode > "${KUBELET_KEY_PATH}"
  fi
+
+  # TODO(mikedanese): remove this when we don't support downgrading to versions
+  # < 1.6.
+  ln -s "${CA_CERT_BUNDLE_PATH}" /etc/srv/kubernetes/ca.crt
 }

 function create-master-pki {
@ -265,6 +269,11 @@ function create-master-pki {

  SERVICEACCOUNT_KEY_PATH="${pki_dir}/serviceaccount.key"
  echo "${SERVICEACCOUNT_KEY}" | base64 --decode > "${SERVICEACCOUNT_KEY_PATH}"
+
+  # TODO(mikedanese): remove this when we don't support downgrading to versions
+  # < 1.6.
+  ln -s "${APISERVER_SERVER_CERT_PATH}" /etc/srv/kubernetes/server.key
+  ln -s "${APISERVER_SERVER_CERT_PATH}" /etc/srv/kubernetes/server.cert
 }

 # After the first boot and on upgrade, these files exist on the master-pd