mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-22 19:31:44 +00:00
Merge pull request #61869 from mikedanese/serverauth1
Automatic merge from submit-queue (batch tested with PRs 54997, 61869, 61816, 61909, 60525). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. certs: only append locally discovered addresses when we get none from the cloudprovider The cloudprovider is right, and only cloudprovider addresses can be verified centrally, so don't add any extra when we have them.
This commit is contained in:
commit
9c67d76bf6
@ -737,20 +737,28 @@ func NewMainKubelet(kubeCfg *kubeletconfiginternal.KubeletConfiguration,
|
||||
klet.statusManager = status.NewManager(klet.kubeClient, klet.podManager, klet)
|
||||
|
||||
if utilfeature.DefaultFeatureGate.Enabled(features.RotateKubeletServerCertificate) && kubeDeps.TLSOptions != nil {
|
||||
var ips []net.IP
|
||||
cfgAddress := net.ParseIP(kubeCfg.Address)
|
||||
if cfgAddress == nil || cfgAddress.IsUnspecified() {
|
||||
var (
|
||||
ips []net.IP
|
||||
names []string
|
||||
)
|
||||
|
||||
// If the address was explicitly configured, use that. Otherwise, try to
|
||||
// discover addresses from the cloudprovider. Otherwise, make a best guess.
|
||||
if cfgAddress := net.ParseIP(kubeCfg.Address); cfgAddress != nil && !cfgAddress.IsUnspecified() {
|
||||
ips = []net.IP{cfgAddress}
|
||||
names = []string{klet.GetHostname(), hostnameOverride}
|
||||
} else if len(cloudIPs) != 0 || len(cloudNames) != 0 {
|
||||
ips = cloudIPs
|
||||
names = cloudNames
|
||||
} else {
|
||||
localIPs, err := allGlobalUnicastIPs()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
ips = localIPs
|
||||
} else {
|
||||
ips = []net.IP{cfgAddress}
|
||||
names = []string{klet.GetHostname(), hostnameOverride}
|
||||
}
|
||||
|
||||
ips = append(ips, cloudIPs...)
|
||||
names := append([]string{klet.GetHostname(), hostnameOverride}, cloudNames...)
|
||||
klet.serverCertificateManager, err = kubeletcertificate.NewKubeletServerCertificateManager(klet.kubeClient, kubeCfg, klet.nodeName, ips, names, certDirectory)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to initialize certificate manager: %v", err)
|
||||
|
Loading…
Reference in New Issue
Block a user