Merge pull request #63323 from awly/gce-kubelet-ca

Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. gce: plumb --kubelet-certificate-authority flag to apiserver **What this PR does / why we need it**: We want to start signing kubelets' serving certs with cluster CA. This flag is required to enforce that on apiserver side. **Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*: **Special notes for your reviewer**: **Release note**: ```release-note NONE ```
2025-07-23 03:41:45 +00:00 · 2018-05-07 21:03:43 -07:00 · 2018-05-07 21:03:43 -07:00 · 940e716c06
commit 940e716c06
parent 0b0c36fddc e86bdf5801
1 changed files with 3 additions and 0 deletions
--- a/cluster/gce/gci/configure-helper.sh
+++ b/cluster/gce/gci/configure-helper.sh
@ -1592,6 +1592,9 @@ function start-kube-apiserver {
  if [[ "${ENABLE_APISERVER_LOGS_HANDLER:-}" == "false" ]]; then
    params+=" --enable-logs-handler=false"
  fi
+  if [[ -n "${APISERVER_KUBELET_CA:-}" ]]; then
+    params+=" --kubelet-certificate-authority=${APISERVER_KUBELET_CA}"
+  fi

  local admission_controller_config_mount=""
  local admission_controller_config_volume=""