add a compatibility shim for certs to support a cluster downgrade

2017-03-08 14:03:51 -08:00 · 2017-03-08 14:03:51 -08:00 · 361c40cc66
parent 08e351acc8
commit 361c40cc66
2 changed files with 13 additions and 0 deletions
--- a/cluster/gce/configure-vm.sh
+++ b/cluster/gce/configure-vm.sh
@ -66,6 +66,10 @@ function create-node-pki {
    KUBELET_KEY_PATH="${pki_dir}/kubelet.key"
    echo "${KUBELET_KEY}" | base64 --decode > "${KUBELET_KEY_PATH}"
  fi
+
+  # TODO(mikedanese): remove this when we don't support downgrading to versions
+  # < 1.6.
+  ln -s "${CA_CERT_BUNDLE_PATH}" /etc/kubernetes/ca.crt
 }

 # A hookpoint for setting up local devices
--- a/cluster/gce/gci/configure-helper.sh
+++ b/cluster/gce/gci/configure-helper.sh
@ -216,6 +216,10 @@ function create-node-pki {
    KUBELET_KEY_PATH="${pki_dir}/kubelet.key"
    echo "${KUBELET_KEY}" | base64 --decode > "${KUBELET_KEY_PATH}"
  fi
+
+  # TODO(mikedanese): remove this when we don't support downgrading to versions
+  # < 1.6.
+  ln -s "${CA_CERT_BUNDLE_PATH}" /etc/srv/kubernetes/ca.crt
 }

 function create-master-pki {
@ -265,6 +269,11 @@ function create-master-pki {

  SERVICEACCOUNT_KEY_PATH="${pki_dir}/serviceaccount.key"
  echo "${SERVICEACCOUNT_KEY}" | base64 --decode > "${SERVICEACCOUNT_KEY_PATH}"
+
+  # TODO(mikedanese): remove this when we don't support downgrading to versions
+  # < 1.6.
+  ln -s "${APISERVER_SERVER_CERT_PATH}" /etc/srv/kubernetes/server.key
+  ln -s "${APISERVER_SERVER_CERT_PATH}" /etc/srv/kubernetes/server.cert
 }

 # After the first boot and on upgrade, these files exist on the master-pd