implement upgrades

2016-12-06 16:08:39 -08:00 · 2016-12-06 16:08:39 -08:00 · 3ab0e37cc6
parent d0997a3d1f
commit 3ab0e37cc6
4 changed files with 8 additions and 4 deletions
--- a/cluster/common.sh
+++ b/cluster/common.sh
@ -572,6 +572,7 @@ function build-kube-master-certs {
  cat >$file <<EOF
 KUBEAPISERVER_CERT: $(yaml-quote ${KUBEAPISERVER_CERT_BASE64:-})
 KUBEAPISERVER_KEY: $(yaml-quote ${KUBEAPISERVER_KEY_BASE64:-})
+KUBELET_AUTH_CA_CERT: $(yaml-quote ${KUBELET_AUTH_CA_CERT_BASE64:-})
 EOF
 }

--- a/cluster/gce/gci/configure-helper.sh
+++ b/cluster/gce/gci/configure-helper.sh
@ -559,6 +559,9 @@ function start-kubelet {
       [[ "${HAIRPIN_MODE:-}" == "none" ]]; then
      flags+=" --hairpin-mode=${HAIRPIN_MODE}"
    fi
+    if [ -n "${KUBELET_AUTH_CA_CERT:-}" ]; then
+      flags+=" --anonymous-auth=false --client-ca-file=/var/lib/kubelet/kubelet_auth_ca.crt"
+    fi
  fi
  # Network plugin
  if [[ -n "${NETWORK_PROVIDER:-}" ]]; then
@ -588,9 +591,6 @@ function start-kubelet {
  if [[ -n "${FEATURE_GATES:-}" ]]; then
    flags+=" --feature-gates=${FEATURE_GATES}"
  fi
-  if [ -n "${KUBELET_AUTH_CA_CERT:-}" ]; then
-    flags+=" --anonymous-auth=false --client-ca-file=/var/lib/kubelet/kubelet_auth_ca.crt"
-  fi

  local -r kubelet_env_file="/etc/default/kubelet"
  echo "KUBELET_OPTS=\"${flags}\"" > "${kubelet_env_file}"
--- a/cluster/gce/upgrade.sh
+++ b/cluster/gce/upgrade.sh
@ -233,6 +233,9 @@ function prepare-node-upgrade() {
  KUBELET_CERT_BASE64=$(get-env-val "${node_env}" "KUBELET_CERT")
  KUBELET_KEY_BASE64=$(get-env-val "${node_env}" "KUBELET_KEY")

+  local master_env=$(get-master-env)
+  KUBELET_AUTH_CA_CERT_BASE64=$(get-env-val "${master_env}" "KUBELET_AUTH_CA_CERT")
+
  # TODO(zmerlynn): How do we ensure kube-env is written in a ${version}-
  #                 compatible way?
  write-node-env
--- a/cmd/kube-apiserver/app/server.go
+++ b/cmd/kube-apiserver/app/server.go
@ -141,7 +141,7 @@ func Run(s *options.ServerRunOptions) error {
 			return fmt.Errorf("must enable kubelet port if proxy ssh-tunneling is specified")
 		}
 		if s.KubeletConfig.ReadOnlyPort == 0 {
-			return fmt.Errorf("Must enable kubelet readonly port if proxy ssh-tunneling is specified.")
+			return fmt.Errorf("must enable kubelet readonly port if proxy ssh-tunneling is specified")
 		}
 		// Set up the tunneler
 		// TODO(cjcullen): If we want this to handle per-kubelet ports or other