Merge pull request #65587 from liggitt/node-csr-addresses-1

Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Revert "certs: only append locally discovered addresses when we got none from the cloudprovider"

This reverts commit 7354bbe5ac.

https://github.com/kubernetes/kubernetes/pull/61869 caused a mismatch between the requested CSR and the addresses in node status.

Instead of computing addresses in two places, the cert manager should derive its CSR request from the addresses in node status. This would enable the kubelet to react to address changes, as well as be driven by an external cloud provider.

/cc @mikedanese

```release-note
NONE
```
This commit is contained in:
Kubernetes Submit Queue 2018-06-28 17:36:45 -07:00 committed by GitHub
commit c57cdc1d35
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -750,28 +750,20 @@ func NewMainKubelet(kubeCfg *kubeletconfiginternal.KubeletConfiguration,
klet.statusManager = status.NewManager(klet.kubeClient, klet.podManager, klet)
if kubeCfg.ServerTLSBootstrap && kubeDeps.TLSOptions != nil && utilfeature.DefaultFeatureGate.Enabled(features.RotateKubeletServerCertificate) {
var (
ips []net.IP
names []string
)
// If the address was explicitly configured, use that. Otherwise, try to
// discover addresses from the cloudprovider. Otherwise, make a best guess.
if cfgAddress := net.ParseIP(kubeCfg.Address); cfgAddress != nil && !cfgAddress.IsUnspecified() {
ips = []net.IP{cfgAddress}
names = []string{klet.GetHostname(), hostnameOverride}
} else if len(cloudIPs) != 0 || len(cloudNames) != 0 {
ips = cloudIPs
names = cloudNames
} else {
var ips []net.IP
cfgAddress := net.ParseIP(kubeCfg.Address)
if cfgAddress == nil || cfgAddress.IsUnspecified() {
localIPs, err := allGlobalUnicastIPs()
if err != nil {
return nil, err
}
ips = localIPs
names = []string{klet.GetHostname(), hostnameOverride}
} else {
ips = []net.IP{cfgAddress}
}
ips = append(ips, cloudIPs...)
names := append([]string{klet.GetHostname(), hostnameOverride}, cloudNames...)
klet.serverCertificateManager, err = kubeletcertificate.NewKubeletServerCertificateManager(klet.kubeClient, kubeCfg, klet.nodeName, ips, names, certDirectory)
if err != nil {
return nil, fmt.Errorf("failed to initialize certificate manager: %v", err)