github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-04 09:49:50 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #126913 from pacoxu/remove-experimental-cert-rotation

Browse Source 
kubeadm: remove the deprecated sub-phase of 'init kubelet-finilize' called `experimental-cert-rotation`
This commit is contained in:
Kubernetes Prow Robot 2024-08-27 11:33:03 +01:00 committed by GitHub
commit 7436ca32bc
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 0 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
cmd/kubeadm/app/cmd/phases/init/kubeletfinalize.go
View File

@ -39,9 +39,6 @@ var (
# Updates settings relevant to the kubelet after TLS bootstrap" # Updates settings relevant to the kubelet after TLS bootstrap"
kubeadm init phase kubelet-finalize all --config kubeadm init phase kubelet-finalize all --config
`) `)
// TODO: remove with 'experimental-cert-rotation'.
// https://github.com/kubernetes/kubeadm/issues/3046
enableClientCertRotationRun = false
) )
// NewKubeletFinalizePhase creates a kubeadm workflow phase that updates settings // NewKubeletFinalizePhase creates a kubeadm workflow phase that updates settings
@ -65,43 +62,14 @@ func NewKubeletFinalizePhase() workflow.Phase {
InheritFlags: []string{options.CfgPath, options.CertificatesDir, options.DryRun}, InheritFlags: []string{options.CfgPath, options.CertificatesDir, options.DryRun},
Run: runKubeletFinalizeEnableClientCertRotation, Run: runKubeletFinalizeEnableClientCertRotation,
}, },
// TODO: remove this phase in 1.32.
// also remove the "enableClientCertRotationRun" variable.
// https://github.com/kubernetes/kubeadm/issues/3046
{
Name: "experimental-cert-rotation",
Short: "Enable kubelet client certificate rotation (DEPRECATED: use 'enable-client-cert-rotation' instead)",
InheritFlags: []string{options.CfgPath, options.CertificatesDir, options.DryRun},
Run: runKubeletFinalizeEnableClientCertRotationWrapped,
},
}, },
} }
} }
// runKubeletFinalizeEnableClientCertRotationWrapped wraps runKubeletFinalizeEnableClientCertRotation
// and prints a deprecation message when the phase is executed directly. If 'all' is used this
// function should just return nil because 'enable-client-cert-rotation' sets 'enableClientCertRotationRun'.
// TODO: remove in 1.32.
// https://github.com/kubernetes/kubeadm/issues/3046
func runKubeletFinalizeEnableClientCertRotationWrapped(c workflow.RunData) error {
if enableClientCertRotationRun {
return nil
}
klog.Warning("The phase 'experimental-cert-rotation' is deprecated and will be removed in a future release. " +
"Use 'enable-client-cert-rotation' instead")
return runKubeletFinalizeEnableClientCertRotation(c)
}
// runKubeletFinalizeEnableClientCertRotation detects if the kubelet certificate rotation is enabled // runKubeletFinalizeEnableClientCertRotation detects if the kubelet certificate rotation is enabled
// and updates the kubelet.conf file to point to a rotatable certificate and key for the // and updates the kubelet.conf file to point to a rotatable certificate and key for the
// Node user. // Node user.
func runKubeletFinalizeEnableClientCertRotation(c workflow.RunData) error { func runKubeletFinalizeEnableClientCertRotation(c workflow.RunData) error {
// Set 'enableClientCertRotationRun' to make sure that if 'all' is called,
// runKubeletFinalizeEnableClientCertRotationWrapped will return nil early.
// TODO: remove in 1.32.
// https://github.com/kubernetes/kubeadm/issues/3046
enableClientCertRotationRun = true
data, ok := c.(InitData) data, ok := c.(InitData)
if !ok { if !ok {
return errors.New("kubelet-finalize phase invoked with an invalid data struct") return errors.New("kubelet-finalize phase invoked with an invalid data struct")