diff --git a/cmd/kubeadm/app/cmd/certs.go b/cmd/kubeadm/app/cmd/certs.go index 6f20c9c0271..045af329be2 100644 --- a/cmd/kubeadm/app/cmd/certs.go +++ b/cmd/kubeadm/app/cmd/certs.go @@ -301,8 +301,14 @@ func addRenewFlags(cmd *cobra.Command, flags *renewFlags) { options.AddConfigFlag(cmd.Flags(), &flags.cfgPath) options.AddCertificateDirFlag(cmd.Flags(), &flags.cfg.CertificatesDir) options.AddKubeConfigFlag(cmd.Flags(), &flags.kubeconfigPath) + + // TODO: remove these flags in a future version: + // https://github.com/kubernetes/kubeadm/issues/2163 + const deprecationMessage = "This flag will be removed in a future version. Please use 'kubeadm certs generate-csr' instead." options.AddCSRFlag(cmd.Flags(), &flags.csrOnly) + cmd.Flags().MarkDeprecated(options.CSROnly, deprecationMessage) options.AddCSRDirFlag(cmd.Flags(), &flags.csrPath) + cmd.Flags().MarkDeprecated(options.CSRDir, deprecationMessage) } func renewCert(flags *renewFlags, kdir string, internalcfg *kubeadmapi.InitConfiguration, handler *renewal.CertificateRenewHandler) error { diff --git a/cmd/kubeadm/app/cmd/phases/init/certs.go b/cmd/kubeadm/app/cmd/phases/init/certs.go index ad4137d0a3e..e9890666367 100644 --- a/cmd/kubeadm/app/cmd/phases/init/certs.go +++ b/cmd/kubeadm/app/cmd/phases/init/certs.go @@ -21,7 +21,6 @@ import ( "strings" "github.com/pkg/errors" - "github.com/spf13/pflag" kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm" kubeadmscheme "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/scheme" @@ -48,11 +47,6 @@ var ( ` + cmdutil.AlphaDisclaimer) ) -var ( - csrOnly bool - csrDir string -) - // NewCertsPhase returns the phase for the certs func NewCertsPhase() workflow.Phase { return workflow.Phase{ @@ -64,15 +58,6 @@ func NewCertsPhase() workflow.Phase { } } -func localFlags() *pflag.FlagSet { - set := pflag.NewFlagSet("csr", pflag.ExitOnError) - options.AddCSRFlag(set, &csrOnly) - set.MarkDeprecated(options.CSROnly, "This flag will be removed in a future version. Please use kubeadm alpha certs generate-csr instead.") - options.AddCSRDirFlag(set, &csrDir) - set.MarkDeprecated(options.CSRDir, "This flag will be removed in a future version. Please use kubeadm alpha certs generate-csr instead.") - return set -} - // newCertSubPhases returns sub phases for certs phase func newCertSubPhases() []workflow.Phase { subPhases := []workflow.Phase{} @@ -97,7 +82,6 @@ func newCertSubPhases() []workflow.Phase { lastCACert = cert } else { phase = newCertSubPhase(cert, runCertPhase(cert, lastCACert)) - phase.LocalFlags = localFlags() } subPhases = append(subPhases, phase) } @@ -281,15 +265,6 @@ func runCertPhase(cert *certsphase.KubeadmCert, caCert *certsphase.KubeadmCert) return nil } - if csrOnly { - fmt.Printf("[certs] Generating CSR for %s instead of certificate\n", cert.BaseName) - if csrDir == "" { - csrDir = data.CertificateWriteDir() - } - - return certsphase.CreateCSR(cert, data.Cfg(), csrDir) - } - // if dryrunning, write certificates to a temporary folder (and defer restore to the path originally specified by the user) cfg := data.Cfg() cfg.CertificatesDir = data.CertificateWriteDir() diff --git a/cmd/kubeadm/app/cmd/phases/init/certs_test.go b/cmd/kubeadm/app/cmd/phases/init/certs_test.go index d03f9d270de..9107824f839 100644 --- a/cmd/kubeadm/app/cmd/phases/init/certs_test.go +++ b/cmd/kubeadm/app/cmd/phases/init/certs_test.go @@ -23,9 +23,7 @@ import ( "github.com/spf13/cobra" kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm" "k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/workflow" - "k8s.io/kubernetes/cmd/kubeadm/app/phases/certs" certstestutil "k8s.io/kubernetes/cmd/kubeadm/app/util/certs" - "k8s.io/kubernetes/cmd/kubeadm/app/util/pkiutil" pkiutiltesting "k8s.io/kubernetes/cmd/kubeadm/app/util/pkiutil/testing" testutil "k8s.io/kubernetes/cmd/kubeadm/test" ) @@ -40,52 +38,6 @@ func (t *testCertsData) ExternalCA() bool { return false } func (t *testCertsData) CertificateDir() string { return t.cfg.CertificatesDir } func (t *testCertsData) CertificateWriteDir() string { return t.cfg.CertificatesDir } -func TestCertsWithCSRs(t *testing.T) { - // restore global variables - defer func() { - csrOnly = false - csrDir = "" - }() - - csrDir := testutil.SetupTempDir(t) - defer os.RemoveAll(csrDir) - certDir := testutil.SetupTempDir(t) - defer os.RemoveAll(certDir) - cert := certs.KubeadmCertAPIServer() - - certsData := &testCertsData{ - cfg: testutil.GetDefaultInternalConfig(t), - } - certsData.cfg.CertificatesDir = certDir - - // set global vars for the test - csrOnly = true - csrDir = certDir - - phase := NewCertsPhase() - // find the api cert phase - var apiServerPhase *workflow.Phase - for _, phase := range phase.Phases { - if phase.Name == cert.Name { - apiServerPhase = &phase - break - } - } - - if apiServerPhase == nil { - t.Fatalf("couldn't find apiserver phase") - } - - err := apiServerPhase.Run(certsData) - if err != nil { - t.Fatalf("couldn't run API server phase: %v", err) - } - - if _, _, err := pkiutil.TryLoadCSRAndKeyFromDisk(csrDir, cert.BaseName); err != nil { - t.Fatalf("couldn't load certificate %q: %v", cert.BaseName, err) - } -} - func TestCreateSparseCerts(t *testing.T) { for _, test := range certstestutil.GetSparseCertTestCases(t) { t.Run(test.Name, func(t *testing.T) { diff --git a/cmd/kubeadm/test/cmd/init_test.go b/cmd/kubeadm/test/cmd/init_test.go index 15b291d2c87..04e0cbde8a8 100644 --- a/cmd/kubeadm/test/cmd/init_test.go +++ b/cmd/kubeadm/test/cmd/init_test.go @@ -19,16 +19,10 @@ package kubeadm import ( "fmt" "os" - "os/exec" - "strings" "testing" "github.com/lithammer/dedent" - "github.com/pkg/errors" "k8s.io/kubernetes/cmd/kubeadm/app/constants" - "k8s.io/kubernetes/cmd/kubeadm/app/phases/certs" - "k8s.io/kubernetes/cmd/kubeadm/app/util/pkiutil" - testutil "k8s.io/kubernetes/cmd/kubeadm/test" ) func runKubeadmInit(args ...string) (string, string, int, error) { @@ -194,66 +188,6 @@ func TestCmdInitConfig(t *testing.T) { } } -func TestCmdInitCertPhaseCSR(t *testing.T) { - tests := []struct { - name string - baseName string - expectedError string - }{ - { - name: "generate CSR", - baseName: certs.KubeadmCertKubeletClient().BaseName, - }, - { - name: "fails on CSR", - baseName: certs.KubeadmCertRootCA().BaseName, - expectedError: "unknown flag: --csr-only", - }, - { - name: "fails on all", - baseName: "all", - expectedError: "unknown flag: --csr-only", - }, - } - - for _, test := range tests { - t.Run(test.name, func(t *testing.T) { - csrDir := testutil.SetupTempDir(t) - cert := certs.KubeadmCertKubeletClient() - kubeadmPath := getKubeadmPath() - _, stderr, _, err := RunCmd(kubeadmPath, - "init", - "phase", - "certs", - test.baseName, - "--csr-only", - "--csr-dir="+csrDir, - ) - - if test.expectedError != "" { - cause := errors.Cause(err) - _, ok := cause.(*exec.ExitError) - if !ok { - t.Fatalf("expected exitErr: got %T (%v)", cause, err) - } - - if !strings.Contains(stderr, test.expectedError) { - t.Errorf("expected %q to contain %q", stderr, test.expectedError) - } - return - } - - if err != nil { - t.Fatalf("couldn't run kubeadm: %v", err) - } - - if _, _, err := pkiutil.TryLoadCSRAndKeyFromDisk(csrDir, cert.BaseName); err != nil { - t.Fatalf("couldn't load certificate %q: %v", cert.BaseName, err) - } - }) - } -} - func TestCmdInitAPIPort(t *testing.T) { initTest := []struct { name string