mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-20 02:11:09 +00:00
Merge pull request #102108 from neolit123/1.22-kubeadm-remove-csr-flags
kubeadm: remove deprecated "--csr*" flags in "init phase certs"
This commit is contained in:
Kubernetes Prow Robot
GitHub
commit
7f47a3aabb
@ -301,8 +301,14 @@ func addRenewFlags(cmd *cobra.Command, flags *renewFlags) {
|
|||||||
options.AddConfigFlag(cmd.Flags(), &flags.cfgPath)
|
options.AddConfigFlag(cmd.Flags(), &flags.cfgPath)
|
||||||
options.AddCertificateDirFlag(cmd.Flags(), &flags.cfg.CertificatesDir)
|
options.AddCertificateDirFlag(cmd.Flags(), &flags.cfg.CertificatesDir)
|
||||||
options.AddKubeConfigFlag(cmd.Flags(), &flags.kubeconfigPath)
|
options.AddKubeConfigFlag(cmd.Flags(), &flags.kubeconfigPath)
|
||||||
|
|
||||||
|
// TODO: remove these flags in a future version:
|
||||||
|
// https://github.com/kubernetes/kubeadm/issues/2163
|
||||||
|
const deprecationMessage = "This flag will be removed in a future version. Please use 'kubeadm certs generate-csr' instead."
|
||||||
options.AddCSRFlag(cmd.Flags(), &flags.csrOnly)
|
options.AddCSRFlag(cmd.Flags(), &flags.csrOnly)
|
||||||
|
cmd.Flags().MarkDeprecated(options.CSROnly, deprecationMessage)
|
||||||
options.AddCSRDirFlag(cmd.Flags(), &flags.csrPath)
|
options.AddCSRDirFlag(cmd.Flags(), &flags.csrPath)
|
||||||
|
cmd.Flags().MarkDeprecated(options.CSRDir, deprecationMessage)
|
||||||
}
|
}
|
||||||
|
|
||||||
func renewCert(flags *renewFlags, kdir string, internalcfg *kubeadmapi.InitConfiguration, handler *renewal.CertificateRenewHandler) error {
|
func renewCert(flags *renewFlags, kdir string, internalcfg *kubeadmapi.InitConfiguration, handler *renewal.CertificateRenewHandler) error {
|
||||||
|
|||||||
@ -21,7 +21,6 @@ import (
|
|||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
"github.com/spf13/pflag"
|
|
||||||
|
|
||||||
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
|
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
|
||||||
kubeadmscheme "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/scheme"
|
kubeadmscheme "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/scheme"
|
||||||
@ -48,11 +47,6 @@ var (
|
|||||||
` + cmdutil.AlphaDisclaimer)
|
` + cmdutil.AlphaDisclaimer)
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
|
||||||
csrOnly bool
|
|
||||||
csrDir string
|
|
||||||
)
|
|
||||||
|
|
||||||
// NewCertsPhase returns the phase for the certs
|
// NewCertsPhase returns the phase for the certs
|
||||||
func NewCertsPhase() workflow.Phase {
|
func NewCertsPhase() workflow.Phase {
|
||||||
return workflow.Phase{
|
return workflow.Phase{
|
||||||
@ -64,15 +58,6 @@ func NewCertsPhase() workflow.Phase {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func localFlags() *pflag.FlagSet {
|
|
||||||
set := pflag.NewFlagSet("csr", pflag.ExitOnError)
|
|
||||||
options.AddCSRFlag(set, &csrOnly)
|
|
||||||
set.MarkDeprecated(options.CSROnly, "This flag will be removed in a future version. Please use kubeadm alpha certs generate-csr instead.")
|
|
||||||
options.AddCSRDirFlag(set, &csrDir)
|
|
||||||
set.MarkDeprecated(options.CSRDir, "This flag will be removed in a future version. Please use kubeadm alpha certs generate-csr instead.")
|
|
||||||
return set
|
|
||||||
}
|
|
||||||
|
|
||||||
// newCertSubPhases returns sub phases for certs phase
|
// newCertSubPhases returns sub phases for certs phase
|
||||||
func newCertSubPhases() []workflow.Phase {
|
func newCertSubPhases() []workflow.Phase {
|
||||||
subPhases := []workflow.Phase{}
|
subPhases := []workflow.Phase{}
|
||||||
@ -97,7 +82,6 @@ func newCertSubPhases() []workflow.Phase {
|
|||||||
lastCACert = cert
|
lastCACert = cert
|
||||||
} else {
|
} else {
|
||||||
phase = newCertSubPhase(cert, runCertPhase(cert, lastCACert))
|
phase = newCertSubPhase(cert, runCertPhase(cert, lastCACert))
|
||||||
phase.LocalFlags = localFlags()
|
|
||||||
}
|
}
|
||||||
subPhases = append(subPhases, phase)
|
subPhases = append(subPhases, phase)
|
||||||
}
|
}
|
||||||
@ -281,15 +265,6 @@ func runCertPhase(cert *certsphase.KubeadmCert, caCert *certsphase.KubeadmCert)
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
if csrOnly {
|
|
||||||
fmt.Printf("[certs] Generating CSR for %s instead of certificate\n", cert.BaseName)
|
|
||||||
if csrDir == "" {
|
|
||||||
csrDir = data.CertificateWriteDir()
|
|
||||||
}
|
|
||||||
|
|
||||||
return certsphase.CreateCSR(cert, data.Cfg(), csrDir)
|
|
||||||
}
|
|
||||||
|
|
||||||
// if dryrunning, write certificates to a temporary folder (and defer restore to the path originally specified by the user)
|
// if dryrunning, write certificates to a temporary folder (and defer restore to the path originally specified by the user)
|
||||||
cfg := data.Cfg()
|
cfg := data.Cfg()
|
||||||
cfg.CertificatesDir = data.CertificateWriteDir()
|
cfg.CertificatesDir = data.CertificateWriteDir()
|
||||||
|
|||||||
@ -23,9 +23,7 @@ import (
|
|||||||
"github.com/spf13/cobra"
|
"github.com/spf13/cobra"
|
||||||
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
|
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
|
||||||
"k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/workflow"
|
"k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/workflow"
|
||||||
"k8s.io/kubernetes/cmd/kubeadm/app/phases/certs"
|
|
||||||
certstestutil "k8s.io/kubernetes/cmd/kubeadm/app/util/certs"
|
certstestutil "k8s.io/kubernetes/cmd/kubeadm/app/util/certs"
|
||||||
"k8s.io/kubernetes/cmd/kubeadm/app/util/pkiutil"
|
|
||||||
pkiutiltesting "k8s.io/kubernetes/cmd/kubeadm/app/util/pkiutil/testing"
|
pkiutiltesting "k8s.io/kubernetes/cmd/kubeadm/app/util/pkiutil/testing"
|
||||||
testutil "k8s.io/kubernetes/cmd/kubeadm/test"
|
testutil "k8s.io/kubernetes/cmd/kubeadm/test"
|
||||||
)
|
)
|
||||||
@ -40,52 +38,6 @@ func (t *testCertsData) ExternalCA() bool { return false }
|
|||||||
func (t *testCertsData) CertificateDir() string { return t.cfg.CertificatesDir }
|
func (t *testCertsData) CertificateDir() string { return t.cfg.CertificatesDir }
|
||||||
func (t *testCertsData) CertificateWriteDir() string { return t.cfg.CertificatesDir }
|
func (t *testCertsData) CertificateWriteDir() string { return t.cfg.CertificatesDir }
|
||||||
|
|
||||||
func TestCertsWithCSRs(t *testing.T) {
|
|
||||||
// restore global variables
|
|
||||||
defer func() {
|
|
||||||
csrOnly = false
|
|
||||||
csrDir = ""
|
|
||||||
}()
|
|
||||||
|
|
||||||
csrDir := testutil.SetupTempDir(t)
|
|
||||||
defer os.RemoveAll(csrDir)
|
|
||||||
certDir := testutil.SetupTempDir(t)
|
|
||||||
defer os.RemoveAll(certDir)
|
|
||||||
cert := certs.KubeadmCertAPIServer()
|
|
||||||
|
|
||||||
certsData := &testCertsData{
|
|
||||||
cfg: testutil.GetDefaultInternalConfig(t),
|
|
||||||
}
|
|
||||||
certsData.cfg.CertificatesDir = certDir
|
|
||||||
|
|
||||||
// set global vars for the test
|
|
||||||
csrOnly = true
|
|
||||||
csrDir = certDir
|
|
||||||
|
|
||||||
phase := NewCertsPhase()
|
|
||||||
// find the api cert phase
|
|
||||||
var apiServerPhase *workflow.Phase
|
|
||||||
for _, phase := range phase.Phases {
|
|
||||||
if phase.Name == cert.Name {
|
|
||||||
apiServerPhase = &phase
|
|
||||||
break
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if apiServerPhase == nil {
|
|
||||||
t.Fatalf("couldn't find apiserver phase")
|
|
||||||
}
|
|
||||||
|
|
||||||
err := apiServerPhase.Run(certsData)
|
|
||||||
if err != nil {
|
|
||||||
t.Fatalf("couldn't run API server phase: %v", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
if _, _, err := pkiutil.TryLoadCSRAndKeyFromDisk(csrDir, cert.BaseName); err != nil {
|
|
||||||
t.Fatalf("couldn't load certificate %q: %v", cert.BaseName, err)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func TestCreateSparseCerts(t *testing.T) {
|
func TestCreateSparseCerts(t *testing.T) {
|
||||||
for _, test := range certstestutil.GetSparseCertTestCases(t) {
|
for _, test := range certstestutil.GetSparseCertTestCases(t) {
|
||||||
t.Run(test.Name, func(t *testing.T) {
|
t.Run(test.Name, func(t *testing.T) {
|
||||||
|
|||||||
@ -19,16 +19,10 @@ package kubeadm
|
|||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"os"
|
"os"
|
||||||
"os/exec"
|
|
||||||
"strings"
|
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
"github.com/lithammer/dedent"
|
"github.com/lithammer/dedent"
|
||||||
"github.com/pkg/errors"
|
|
||||||
"k8s.io/kubernetes/cmd/kubeadm/app/constants"
|
"k8s.io/kubernetes/cmd/kubeadm/app/constants"
|
||||||
"k8s.io/kubernetes/cmd/kubeadm/app/phases/certs"
|
|
||||||
"k8s.io/kubernetes/cmd/kubeadm/app/util/pkiutil"
|
|
||||||
testutil "k8s.io/kubernetes/cmd/kubeadm/test"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
func runKubeadmInit(args ...string) (string, string, int, error) {
|
func runKubeadmInit(args ...string) (string, string, int, error) {
|
||||||
@ -194,66 +188,6 @@ func TestCmdInitConfig(t *testing.T) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestCmdInitCertPhaseCSR(t *testing.T) {
|
|
||||||
tests := []struct {
|
|
||||||
name string
|
|
||||||
baseName string
|
|
||||||
expectedError string
|
|
||||||
}{
|
|
||||||
{
|
|
||||||
name: "generate CSR",
|
|
||||||
baseName: certs.KubeadmCertKubeletClient().BaseName,
|
|
||||||
},
|
|
||||||
{
|
|
||||||
name: "fails on CSR",
|
|
||||||
baseName: certs.KubeadmCertRootCA().BaseName,
|
|
||||||
expectedError: "unknown flag: --csr-only",
|
|
||||||
},
|
|
||||||
{
|
|
||||||
name: "fails on all",
|
|
||||||
baseName: "all",
|
|
||||||
expectedError: "unknown flag: --csr-only",
|
|
||||||
},
|
|
||||||
}
|
|
||||||
|
|
||||||
for _, test := range tests {
|
|
||||||
t.Run(test.name, func(t *testing.T) {
|
|
||||||
csrDir := testutil.SetupTempDir(t)
|
|
||||||
cert := certs.KubeadmCertKubeletClient()
|
|
||||||
kubeadmPath := getKubeadmPath()
|
|
||||||
_, stderr, _, err := RunCmd(kubeadmPath,
|
|
||||||
"init",
|
|
||||||
"phase",
|
|
||||||
"certs",
|
|
||||||
test.baseName,
|
|
||||||
"--csr-only",
|
|
||||||
"--csr-dir="+csrDir,
|
|
||||||
)
|
|
||||||
|
|
||||||
if test.expectedError != "" {
|
|
||||||
cause := errors.Cause(err)
|
|
||||||
_, ok := cause.(*exec.ExitError)
|
|
||||||
if !ok {
|
|
||||||
t.Fatalf("expected exitErr: got %T (%v)", cause, err)
|
|
||||||
}
|
|
||||||
|
|
||||||
if !strings.Contains(stderr, test.expectedError) {
|
|
||||||
t.Errorf("expected %q to contain %q", stderr, test.expectedError)
|
|
||||||
}
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
if err != nil {
|
|
||||||
t.Fatalf("couldn't run kubeadm: %v", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
if _, _, err := pkiutil.TryLoadCSRAndKeyFromDisk(csrDir, cert.BaseName); err != nil {
|
|
||||||
t.Fatalf("couldn't load certificate %q: %v", cert.BaseName, err)
|
|
||||||
}
|
|
||||||
})
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func TestCmdInitAPIPort(t *testing.T) {
|
func TestCmdInitAPIPort(t *testing.T) {
|
||||||
initTest := []struct {
|
initTest := []struct {
|
||||||
name string
|
name string
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user