Merge pull request #72478 from bart0sh/PR0054-kubeadm-selfhosting-pivot-kube-apiserver

kubeadm: add required etcd certs to selfhosting api-server
2025-07-24 20:24:09 +00:00 · 2019-01-02 07:43:30 -08:00 · 2019-01-02 07:43:30 -08:00 · da59a6da4a
commit da59a6da4a
parent 58eb3e4b3a 7b058c4357
1 changed files with 46 additions and 1 deletions
--- a/cmd/kubeadm/app/phases/selfhosting/selfhosting_volumes.go
+++ b/cmd/kubeadm/app/phases/selfhosting/selfhosting_volumes.go
@ -20,6 +20,7 @@ import (
 	"fmt"
 	"io/ioutil"
 	"path/filepath"
+	"strings"

 	"k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@ -128,6 +129,40 @@ func apiServerCertificatesVolumeSource() v1.VolumeSource {
 						},
 					},
 				},
+				{
+					Secret: &v1.SecretProjection{
+						LocalObjectReference: v1.LocalObjectReference{
+							Name: strings.Replace(kubeadmconstants.EtcdCACertAndKeyBaseName, "/", "-", -1),
+						},
+						Items: []v1.KeyToPath{
+							{
+								Key:  v1.TLSCertKey,
+								Path: kubeadmconstants.EtcdCACertName,
+							},
+							{
+								Key:  v1.TLSPrivateKeyKey,
+								Path: kubeadmconstants.EtcdCAKeyName,
+							},
+						},
+					},
+				},
+				{
+					Secret: &v1.SecretProjection{
+						LocalObjectReference: v1.LocalObjectReference{
+							Name: kubeadmconstants.APIServerEtcdClientCertAndKeyBaseName,
+						},
+						Items: []v1.KeyToPath{
+							{
+								Key:  v1.TLSCertKey,
+								Path: kubeadmconstants.APIServerEtcdClientCertName,
+							},
+							{
+								Key:  v1.TLSPrivateKeyKey,
+								Path: kubeadmconstants.APIServerEtcdClientKeyName,
+							},
+						},
+					},
+				},
 			},
 		},
 	}
@ -175,7 +210,7 @@ func controllerManagerCertificatesVolumeSource() v1.VolumeSource {
 func kubeConfigVolumeSource(kubeconfigSecretName string) v1.VolumeSource {
 	return v1.VolumeSource{
 		Secret: &v1.SecretVolumeSource{
-			SecretName: kubeconfigSecretName,
+			SecretName: strings.Replace(kubeconfigSecretName, "/", "-", -1),
 		},
 	}
 }
@ -294,5 +329,15 @@ func getTLSKeyPairs() []*tlsKeyPair {
 			cert: kubeadmconstants.FrontProxyClientCertName,
 			key:  kubeadmconstants.FrontProxyClientKeyName,
 		},
+		{
+			name: strings.Replace(kubeadmconstants.EtcdCACertAndKeyBaseName, "/", "-", -1),
+			cert: kubeadmconstants.EtcdCACertName,
+			key:  kubeadmconstants.EtcdCAKeyName,
+		},
+		{
+			name: kubeadmconstants.APIServerEtcdClientCertAndKeyBaseName,
+			cert: kubeadmconstants.APIServerEtcdClientCertName,
+			key:  kubeadmconstants.APIServerEtcdClientKeyName,
+		},
 	}
 }