Merge pull request #77848 from yagonobre/certificate-key-command

Add kubeadm alpha certs certificate-key command

cmd/kubeadm/app/cmd/alpha/BUILD

@@ -22,6 +22,7 @@ go_library(
         "//cmd/kubeadm/app/constants:go_default_library",
         "//cmd/kubeadm/app/features:go_default_library",
         "//cmd/kubeadm/app/phases/certs/renewal:go_default_library",
+        "//cmd/kubeadm/app/phases/copycerts:go_default_library",
         "//cmd/kubeadm/app/phases/kubeconfig:go_default_library",
         "//cmd/kubeadm/app/phases/kubelet:go_default_library",
         "//cmd/kubeadm/app/phases/selfhosting:go_default_library",
@@ -33,6 +34,7 @@ go_library(
         "//pkg/util/normalizer:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/util/duration:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/util/version:go_default_library",
+        "//vendor/github.com/lithammer/dedent:go_default_library",
         "//vendor/github.com/pkg/errors:go_default_library",
         "//vendor/github.com/spf13/cobra:go_default_library",
         "//vendor/k8s.io/utils/exec:go_default_library",

cmd/kubeadm/app/cmd/alpha/certs.go

@@ -21,6 +21,7 @@ import (
 	"io"
 	"text/tabwriter"
 
+	"github.com/lithammer/dedent"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 
@@ -33,6 +34,7 @@ import (
 	"k8s.io/kubernetes/cmd/kubeadm/app/constants"
 	kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants"
 	"k8s.io/kubernetes/cmd/kubeadm/app/phases/certs/renewal"
+	"k8s.io/kubernetes/cmd/kubeadm/app/phases/copycerts"
 	kubeadmutil "k8s.io/kubernetes/cmd/kubeadm/app/util"
 	configutil "k8s.io/kubernetes/cmd/kubeadm/app/util/config"
 	kubeconfigutil "k8s.io/kubernetes/cmd/kubeadm/app/util/kubeconfig"
@@ -61,6 +63,14 @@ var (
 	expirationLongDesc = normalizer.LongDesc(`
 	Checks expiration for the certificates in the local PKI managed by kubeadm.
 `)
+
+	certificateKeyLongDesc = dedent.Dedent(`
+	This command will print out a secure randomly-generated certificate key that can be used with
+	the "init" command.
+
+	You can also use "kubeadm init --experimental-upload-certs" without specifying a certificate key and it will
+	generate and print one for you.
+`)
 )
 
 // newCmdCertsUtility returns main command for certs phase
@@ -73,9 +83,25 @@ func newCmdCertsUtility(out io.Writer) *cobra.Command {
 
 	cmd.AddCommand(newCmdCertsRenewal())
 	cmd.AddCommand(newCmdCertsExpiration(out, kubeadmconstants.KubernetesDir))
+	cmd.AddCommand(NewCmdCertificateKey())
 	return cmd
 }
 
+// NewCmdCertificateKey returns cobra.Command for certificate key generate
+func NewCmdCertificateKey() *cobra.Command {
+	return &cobra.Command{
+		Use:   "certificate-key",
+		Short: "Generate certificate keys",
+		Long:  certificateKeyLongDesc,
+
+		Run: func(cmd *cobra.Command, args []string) {
+			key, err := copycerts.CreateCertificateKey()
+			kubeadmutil.CheckErr(err)
+			fmt.Println(key)
+		},
+	}
+}
+
 // newCmdCertsRenewal creates a new `cert renew` command.
 func newCmdCertsRenewal() *cobra.Command {
 	cmd := &cobra.Command{