github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

kubeadm - do not generate etcd ca/certs for external etcd 

Only generate the etcd CA and certificates if not configured for external
etcd.
pull/8/head
Jason DeTiberus 2018-05-14 11:56:17 -04:00
parent ff7abf2705
commit 187ef17ed8
No known key found for this signature in database
GPG Key ID: CBD7D7A4B41437BC
2 changed files with 27 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
cmd/kubeadm/app/phases/certs/certs.go
View File

@ -39,14 +39,21 @@ func CreatePKIAssets(cfg *kubeadmapi.MasterConfiguration) error {
CreateCACertAndKeyFiles, CreateCACertAndKeyFiles,
CreateAPIServerCertAndKeyFiles, CreateAPIServerCertAndKeyFiles,
CreateAPIServerKubeletClientCertAndKeyFiles, CreateAPIServerKubeletClientCertAndKeyFiles,
CreateServiceAccountKeyAndPublicKeyFiles,
CreateFrontProxyCACertAndKeyFiles,
CreateFrontProxyClientCertAndKeyFiles,
}
etcdCertActions := []func(cfg *kubeadmapi.MasterConfiguration) error{
CreateEtcdCACertAndKeyFiles, CreateEtcdCACertAndKeyFiles,
CreateEtcdServerCertAndKeyFiles, CreateEtcdServerCertAndKeyFiles,
CreateEtcdPeerCertAndKeyFiles, CreateEtcdPeerCertAndKeyFiles,
CreateEtcdHealthcheckClientCertAndKeyFiles, CreateEtcdHealthcheckClientCertAndKeyFiles,
CreateAPIServerEtcdClientCertAndKeyFiles, CreateAPIServerEtcdClientCertAndKeyFiles,
CreateServiceAccountKeyAndPublicKeyFiles, }
CreateFrontProxyCACertAndKeyFiles,
CreateFrontProxyClientCertAndKeyFiles, // Currently this is the only way we have to identify static pod etcd vs external etcd
if len(cfg.Etcd.Endpoints) == 0 {
certActions = append(certActions, etcdCertActions...)
} }
for _, action := range certActions { for _, action := range certActions {

17
cmd/kubeadm/app/phases/certs/certs_test.go
View File

@ -603,6 +603,7 @@ func TestCreateCertificateFilesMethods(t *testing.T) {
setupFunc func(cfg *kubeadmapi.MasterConfiguration) error setupFunc func(cfg *kubeadmapi.MasterConfiguration) error
createFunc func(cfg *kubeadmapi.MasterConfiguration) error createFunc func(cfg *kubeadmapi.MasterConfiguration) error
expectedFiles []string expectedFiles []string
externalEtcd bool
}{ }{
{ {
createFunc: CreatePKIAssets, createFunc: CreatePKIAssets,
@ -620,6 +621,18 @@ func TestCreateCertificateFilesMethods(t *testing.T) {
kubeadmconstants.FrontProxyClientCertName, kubeadmconstants.FrontProxyClientKeyName, kubeadmconstants.FrontProxyClientCertName, kubeadmconstants.FrontProxyClientKeyName,
}, },
}, },
{
createFunc: CreatePKIAssets,
externalEtcd: true,
expectedFiles: []string{
kubeadmconstants.CACertName, kubeadmconstants.CAKeyName,
kubeadmconstants.APIServerCertName, kubeadmconstants.APIServerKeyName,
kubeadmconstants.APIServerKubeletClientCertName, kubeadmconstants.APIServerKubeletClientKeyName,
kubeadmconstants.ServiceAccountPrivateKeyName, kubeadmconstants.ServiceAccountPublicKeyName,
kubeadmconstants.FrontProxyCACertName, kubeadmconstants.FrontProxyCAKeyName,
kubeadmconstants.FrontProxyClientCertName, kubeadmconstants.FrontProxyClientKeyName,
},
},
{ {
createFunc: CreateCACertAndKeyFiles, createFunc: CreateCACertAndKeyFiles,
expectedFiles: []string{kubeadmconstants.CACertName, kubeadmconstants.CAKeyName}, expectedFiles: []string{kubeadmconstants.CACertName, kubeadmconstants.CAKeyName},
@ -685,6 +698,10 @@ func TestCreateCertificateFilesMethods(t *testing.T) {
CertificatesDir: tmpdir, CertificatesDir: tmpdir,
} }
if test.externalEtcd {
cfg.Etcd.Endpoints = []string{"192.168.1.1:2379"}
}
// executes setup func (if necessary) // executes setup func (if necessary)
if test.setupFunc != nil { if test.setupFunc != nil {
if err := test.setupFunc(cfg); err != nil { if err := test.setupFunc(cfg); err != nil {