github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-09-24 19:38:02 +00:00
Code Issues Projects Releases Wiki Activity

kubeadm: Enable dry-run mode for phase of control-plane-prepare certs

Browse Source 
- All certs will be created under the folder of `/etc/kubernetes/tmp/kubeadm-join-dryrunxxx`
if the `dry-run` mode is enabled.

- Try to make each phase idempotent by resetting the cert dir with `dry-run` mode

Signed-off-by: Dave Chen <dave.chen@arm.com>
This commit is contained in:
Dave Chen
2022-10-12 16:46:31 +08:00
parent 335fd41484
commit b3f91f0c02
3 changed files with 14 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
cmd/kubeadm/app/phases/certs/certlist.go
View File

@@ -21,10 +21,12 @@ import (
"crypto/x509"
"fmt"
"io"
"path/filepath"
"github.com/pkg/errors"
certutil "k8s.io/client-go/util/cert"
"k8s.io/klog/v2"
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants"
@@ -151,6 +153,7 @@ func (t CertificateTree) CreateTree(ic *kubeadmapi.InitConfiguration) error {
continue
}
// CA key exists; just use that to create new certificates.
klog.V(1).Infof("[certs] Using the existing CA certificate %q and key %q\n", filepath.Join(ic.CertificatesDir, fmt.Sprintf("%s.crt", ca.BaseName)), filepath.Join(ic.CertificatesDir, fmt.Sprintf("%s.key", ca.BaseName)))
} else {
// CACert doesn't already exist, create a new cert and key.
caCert, caKey, err = pkiutil.NewCertificateAuthority(cfg)