diff --git a/cmd/kubeadm/app/apis/kubeadm/types.go b/cmd/kubeadm/app/apis/kubeadm/types.go index 8097a3497cc..e2ac31cbacb 100644 --- a/cmd/kubeadm/app/apis/kubeadm/types.go +++ b/cmd/kubeadm/app/apis/kubeadm/types.go @@ -60,6 +60,7 @@ type InitConfiguration struct { // CertificateKey sets the key with which certificates and keys are encrypted prior to being uploaded in // a secret in the cluster during the uploadcerts init phase. + // The certificate key is a hex encoded string that is an AES key of size 32 bytes. CertificateKey string // SkipPhases is a list of phases to skip during command execution. @@ -337,6 +338,7 @@ type JoinControlPlane struct { // CertificateKey is the key that is used for decryption of certificates after they are downloaded from the secret // upon joining a new control plane node. The corresponding encryption key is in the InitConfiguration. + // The certificate key is a hex encoded string that is an AES key of size 32 bytes. CertificateKey string } diff --git a/cmd/kubeadm/app/apis/kubeadm/v1beta3/types.go b/cmd/kubeadm/app/apis/kubeadm/v1beta3/types.go index d7a6a2e2efb..4e9096a4d0d 100644 --- a/cmd/kubeadm/app/apis/kubeadm/v1beta3/types.go +++ b/cmd/kubeadm/app/apis/kubeadm/v1beta3/types.go @@ -54,6 +54,7 @@ type InitConfiguration struct { // CertificateKey sets the key with which certificates and keys are encrypted prior to being uploaded in // a secret in the cluster during the uploadcerts init phase. + // The certificate key is a hex encoded string that is an AES key of size 32 bytes. // +optional CertificateKey string `json:"certificateKey,omitempty"` @@ -354,6 +355,7 @@ type JoinControlPlane struct { // CertificateKey is the key that is used for decryption of certificates after they are downloaded from the secret // upon joining a new control plane node. The corresponding encryption key is in the InitConfiguration. + // The certificate key is a hex encoded string that is an AES key of size 32 bytes. // +optional CertificateKey string `json:"certificateKey,omitempty"` } diff --git a/cmd/kubeadm/app/apis/kubeadm/v1beta4/types.go b/cmd/kubeadm/app/apis/kubeadm/v1beta4/types.go index 48562e6c562..54217a03bcf 100644 --- a/cmd/kubeadm/app/apis/kubeadm/v1beta4/types.go +++ b/cmd/kubeadm/app/apis/kubeadm/v1beta4/types.go @@ -58,6 +58,7 @@ type InitConfiguration struct { // CertificateKey sets the key with which certificates and keys are encrypted prior to being uploaded in // a secret in the cluster during the uploadcerts init phase. + // The certificate key is a hex encoded string that is an AES key of size 32 bytes. // +optional CertificateKey string `json:"certificateKey,omitempty"` @@ -372,6 +373,7 @@ type JoinControlPlane struct { // CertificateKey is the key that is used for decryption of certificates after they are downloaded from the secret // upon joining a new control plane node. The corresponding encryption key is in the InitConfiguration. + // The certificate key is a hex encoded string that is an AES key of size 32 bytes. // +optional CertificateKey string `json:"certificateKey,omitempty"` } diff --git a/cmd/kubeadm/app/cmd/init.go b/cmd/kubeadm/app/cmd/init.go index 1b3940cd38e..1c467bf711e 100644 --- a/cmd/kubeadm/app/cmd/init.go +++ b/cmd/kubeadm/app/cmd/init.go @@ -188,7 +188,7 @@ func AddInitConfigFlags(flagSet *flag.FlagSet, cfg *kubeadmapiv1.InitConfigurati ) flagSet.StringVar( &cfg.CertificateKey, options.CertificateKey, "", - "Key used to encrypt the control-plane certificates in the kubeadm-certs Secret.", + "Key used to encrypt the control-plane certificates in the kubeadm-certs Secret. The certificate key is a hex encoded string that is an AES key of size 32 bytes.", ) cmdutil.AddCRISocketFlag(flagSet, &cfg.NodeRegistration.CRISocket) } diff --git a/cmd/kubeadm/app/cmd/join.go b/cmd/kubeadm/app/cmd/join.go index efde491ad64..f5ffb0f37c1 100644 --- a/cmd/kubeadm/app/cmd/join.go +++ b/cmd/kubeadm/app/cmd/join.go @@ -251,7 +251,7 @@ func addJoinConfigFlags(flagSet *flag.FlagSet, cfg *kubeadmapiv1.JoinConfigurati ) flagSet.StringVar( &cfg.ControlPlane.CertificateKey, options.CertificateKey, cfg.ControlPlane.CertificateKey, - "Use this key to decrypt the certificate secrets uploaded by init.", + "Use this key to decrypt the certificate secrets uploaded by init. The certificate key is a hex encoded string that is an AES key of size 32 bytes.", ) // add control plane endpoint flags to the specified flagset flagSet.StringVar(