Merge pull request #98230 from SataQiu/fix-kubelet-cert-message-20210120

kubelet: improve error message about expired certificates
This commit is contained in:
Kubernetes Prow Robot 2021-01-25 12:39:19 -08:00 committed by GitHub
commit 77bedd891d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -237,32 +237,32 @@ func isClientConfigStillValid(kubeconfigPath string) (bool, error) {
} }
bootstrapClientConfig, err := loadRESTClientConfig(kubeconfigPath) bootstrapClientConfig, err := loadRESTClientConfig(kubeconfigPath)
if err != nil { if err != nil {
utilruntime.HandleError(fmt.Errorf("unable to read existing bootstrap client config: %v", err)) utilruntime.HandleError(fmt.Errorf("unable to read existing bootstrap client config from %s: %v", kubeconfigPath, err))
return false, nil return false, nil
} }
transportConfig, err := bootstrapClientConfig.TransportConfig() transportConfig, err := bootstrapClientConfig.TransportConfig()
if err != nil { if err != nil {
utilruntime.HandleError(fmt.Errorf("unable to load transport configuration from existing bootstrap client config: %v", err)) utilruntime.HandleError(fmt.Errorf("unable to load transport configuration from existing bootstrap client config read from %s: %v", kubeconfigPath, err))
return false, nil return false, nil
} }
// has side effect of populating transport config data fields // has side effect of populating transport config data fields
if _, err := transport.TLSConfigFor(transportConfig); err != nil { if _, err := transport.TLSConfigFor(transportConfig); err != nil {
utilruntime.HandleError(fmt.Errorf("unable to load TLS configuration from existing bootstrap client config: %v", err)) utilruntime.HandleError(fmt.Errorf("unable to load TLS configuration from existing bootstrap client config read from %s: %v", kubeconfigPath, err))
return false, nil return false, nil
} }
certs, err := certutil.ParseCertsPEM(transportConfig.TLS.CertData) certs, err := certutil.ParseCertsPEM(transportConfig.TLS.CertData)
if err != nil { if err != nil {
utilruntime.HandleError(fmt.Errorf("unable to load TLS certificates from existing bootstrap client config: %v", err)) utilruntime.HandleError(fmt.Errorf("unable to load TLS certificates from existing bootstrap client config read from %s: %v", kubeconfigPath, err))
return false, nil return false, nil
} }
if len(certs) == 0 { if len(certs) == 0 {
utilruntime.HandleError(fmt.Errorf("unable to read TLS certificates from existing bootstrap client config: %v", err)) utilruntime.HandleError(fmt.Errorf("unable to read TLS certificates from existing bootstrap client config read from %s: %v", kubeconfigPath, err))
return false, nil return false, nil
} }
now := time.Now() now := time.Now()
for _, cert := range certs { for _, cert := range certs {
if now.After(cert.NotAfter) { if now.After(cert.NotAfter) {
utilruntime.HandleError(fmt.Errorf("part of the existing bootstrap client certificate is expired: %s", cert.NotAfter)) utilruntime.HandleError(fmt.Errorf("part of the existing bootstrap client certificate in %s is expired: %v", kubeconfigPath, cert.NotAfter))
return false, nil return false, nil
} }
} }