diff --git a/cmd/kubeadm/app/cmd/init.go b/cmd/kubeadm/app/cmd/init.go index 41f8013dd4..3faee5dd77 100644 --- a/cmd/kubeadm/app/cmd/init.go +++ b/cmd/kubeadm/app/cmd/init.go @@ -166,6 +166,7 @@ func NewCmdInit(out io.Writer) *cobra.Command { // initialize the workflow runner with the list of phases initRunner.AppendPhase(phases.NewPreflightMasterPhase()) + initRunner.AppendPhase(phases.NewCertsPhase()) initRunner.AppendPhase(phases.NewKubeletStartPhase()) // TODO: add other phases to the runner. @@ -427,12 +428,6 @@ func runInit(i *initData, out io.Writer) error { if res, _ := certsphase.UsingExternalCA(i.cfg); !res { - // PHASE 1: Generate certificates - glog.V(1).Infof("[init] creating PKI Assets") - if err := certsphase.CreatePKIAssets(i.cfg); err != nil { - return err - } - // PHASE 2: Generate kubeconfig files for the admin and the kubelet glog.V(2).Infof("[init] generating kubeconfig files") if err := kubeconfigphase.CreateInitKubeConfigFiles(kubeConfigDir, i.cfg); err != nil { diff --git a/cmd/kubeadm/app/cmd/phases/BUILD b/cmd/kubeadm/app/cmd/phases/BUILD index 472b487e6a..0a09ec5045 100644 --- a/cmd/kubeadm/app/cmd/phases/BUILD +++ b/cmd/kubeadm/app/cmd/phases/BUILD @@ -68,7 +68,6 @@ go_test( name = "go_default_test", srcs = [ "addons_test.go", - "certs_test.go", "controlplane_test.go", "etcd_test.go", "kubeconfig_test.go", @@ -84,7 +83,6 @@ go_test( "//cmd/kubeadm/test:go_default_library", "//cmd/kubeadm/test/cmd:go_default_library", "//cmd/kubeadm/test/kubeconfig:go_default_library", - "//pkg/util/node:go_default_library", "//pkg/version:go_default_library", "//staging/src/k8s.io/client-go/tools/clientcmd:go_default_library", "//vendor/github.com/spf13/cobra:go_default_library", diff --git a/cmd/kubeadm/app/cmd/phases/certs.go b/cmd/kubeadm/app/cmd/phases/certs.go index b210958bcd..dbb570fb55 100644 --- a/cmd/kubeadm/app/cmd/phases/certs.go +++ b/cmd/kubeadm/app/cmd/phases/certs.go @@ -20,18 +20,18 @@ import ( "fmt" "strings" + "github.com/pkg/errors" "github.com/spf13/cobra" kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm" kubeadmscheme "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/scheme" kubeadmapiv1beta1 "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta1" - "k8s.io/kubernetes/cmd/kubeadm/app/cmd/options" certscmdphase "k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/certs" + "k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/workflow" cmdutil "k8s.io/kubernetes/cmd/kubeadm/app/cmd/util" kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants" certsphase "k8s.io/kubernetes/cmd/kubeadm/app/phases/certs" kubeadmutil "k8s.io/kubernetes/cmd/kubeadm/app/util" - configutil "k8s.io/kubernetes/cmd/kubeadm/app/util/config" "k8s.io/kubernetes/pkg/util/normalizer" ) @@ -66,6 +66,24 @@ var ( ` + cmdutil.AlphaDisclaimer) ) +// certsData defines the behavior that a runtime data struct passed to the certs phase should +// have. Please note that we are using an interface in order to make this phase reusable in different workflows +// (and thus with different runtime data struct, all of them requested to be compliant to this interface) +type certsData interface { + Cfg() *kubeadmapi.InitConfiguration + CertificateDir() string + CertificateWriteDir() string +} + +// NewCertsPhase returns the phase for the certs +func NewCertsPhase() workflow.Phase { + return workflow.Phase{ + Name: "certs", + Short: "Certificate generation", + Phases: getCertsSubPhases(), + } +} + // NewCmdCerts returns main command for certs phase func NewCmdCerts() *cobra.Command { cmd := &cobra.Command{ @@ -75,72 +93,62 @@ func NewCmdCerts() *cobra.Command { Long: cmdutil.MacroCommandLongDescription, } - cmd.AddCommand(getCertsSubCommands("")...) + cmd.AddCommand(getCertsSubCommands()...) return cmd } // getCertsSubCommands returns sub commands for certs phase -func getCertsSubCommands(defaultKubernetesVersion string) []*cobra.Command { - - cfg := &kubeadmapiv1beta1.InitConfiguration{} - - // Default values for the cobra help text - kubeadmscheme.Scheme.Default(cfg) - - var cfgPath string - - // Special case commands - // All runs CreatePKIAssets, which isn't a particular certificate - allCmd := &cobra.Command{ - Use: "all", - Short: "Generates all PKI assets necessary to establish the control plane", - Long: allCertsLongDesc, - Example: allCertsExample, - Run: func(cmd *cobra.Command, args []string) { - internalcfg, err := configutil.ConfigFileAndDefaultsToInternalConfig(cfgPath, cfg) - kubeadmutil.CheckErr(err) - - err = certsphase.CreatePKIAssets(internalcfg) - kubeadmutil.CheckErr(err) - }, - } - addFlags(allCmd, &cfgPath, cfg, true) - - // SA creates the private/public key pair, which doesn't use x509 at all - saCmd := &cobra.Command{ - Use: "sa", - Short: "Generates a private key for signing service account tokens along with its public key", - Long: saKeyLongDesc, - Run: func(cmd *cobra.Command, args []string) { - internalcfg, err := configutil.ConfigFileAndDefaultsToInternalConfig(cfgPath, cfg) - kubeadmutil.CheckErr(err) - - err = certsphase.CreateServiceAccountKeyAndPublicKeyFiles(internalcfg) - kubeadmutil.CheckErr(err) - }, - } - addFlags(saCmd, &cfgPath, cfg, false) - - // "renew" command - renewCmd := certscmdphase.NewCmdCertsRenewal() - - subCmds := []*cobra.Command{allCmd, saCmd, renewCmd} - - certTree, err := certsphase.GetDefaultCertList().AsMap().CertTree() - kubeadmutil.CheckErr(err) - - for ca, certList := range certTree { - // Don't use pointers from for loops, they will be rewrittenb - caCmds := makeCommandsForCA(ca, certList, &cfgPath, cfg) - subCmds = append(subCmds, caCmds...) - } - - return subCmds +func getCertsSubCommands() []*cobra.Command { + return []*cobra.Command{certscmdphase.NewCmdCertsRenewal()} } -func makeCmd(certSpec *certsphase.KubeadmCert, cfgPath *string, cfg *kubeadmapiv1beta1.InitConfiguration) *cobra.Command { - cmd := &cobra.Command{ - Use: certSpec.Name, +// getCertsSubPhases returns sub phases for certs phase +func getCertsSubPhases() []workflow.Phase { + subPhases := []workflow.Phase{} + + certTree, _ := certsphase.GetDefaultCertList().AsMap().CertTree() + + for ca, certList := range certTree { + caPhase := newCertSubPhase(ca, runCAPhase(ca)) + subPhases = append(subPhases, caPhase) + + for _, cert := range certList { + certPhase := newCertSubPhase(cert, runCertPhase(cert, ca)) + subPhases = append(subPhases, certPhase) + } + + subPhases = append(subPhases, caPhase) + } + + // SA creates the private/public key pair, which doesn't use x509 at all + saPhase := workflow.Phase{ + Name: "sa", + Short: "Generates a private key for signing service account tokens along with its public key", + Long: saKeyLongDesc, + Run: runCertsSa, + } + + subPhases = append(subPhases, saPhase) + + return subPhases +} + +func runCertsSa(c workflow.RunData) error { + data, ok := c.(certsData) + if !ok { + return errors.New("certs phase invoked with an invalid data struct") + } + + cfg := data.Cfg() + cfg.CertificatesDir = data.CertificateWriteDir() + defer func() { cfg.CertificatesDir = data.CertificateDir() }() + + return certsphase.CreateServiceAccountKeyAndPublicKeyFiles(cfg) +} + +func newCertSubPhase(certSpec *certsphase.KubeadmCert, run func(c workflow.RunData) error) workflow.Phase { + phase := workflow.Phase{ + Name: certSpec.Name, Short: fmt.Sprintf("Generates the %s", certSpec.LongName), Long: fmt.Sprintf( genericLongDesc, @@ -148,10 +156,9 @@ func makeCmd(certSpec *certsphase.KubeadmCert, cfgPath *string, cfg *kubeadmapiv certSpec.BaseName, getSANDescription(certSpec), ), + Run: run, } - addFlags(cmd, cfgPath, cfg, certSpec.Name == "apiserver") - // Add flags to the command - return cmd + return phase } func getSANDescription(certSpec *certsphase.KubeadmCert) string { @@ -188,51 +195,32 @@ func getSANDescription(certSpec *certsphase.KubeadmCert) string { return fmt.Sprintf("\n\nDefault SANs are %s", strings.Join(sans, ", ")) } -func addFlags(cmd *cobra.Command, cfgPath *string, cfg *kubeadmapiv1beta1.InitConfiguration, addAPIFlags bool) { - options.AddCertificateDirFlag(cmd.Flags(), &cfg.CertificatesDir) - options.AddConfigFlag(cmd.Flags(), cfgPath) - if addAPIFlags { - cmd.Flags().StringVar(&cfg.Networking.DNSDomain, "service-dns-domain", cfg.Networking.DNSDomain, "Alternative domain for services, to use for the API server serving cert") - cmd.Flags().StringVar(&cfg.Networking.ServiceSubnet, "service-cidr", cfg.Networking.ServiceSubnet, "Alternative range of IP address for service VIPs, from which derives the internal API server VIP that will be added to the API Server serving cert") - cmd.Flags().StringSliceVar(&cfg.APIServerCertSANs, "apiserver-cert-extra-sans", []string{}, "Optional extra altnames to use for the API server serving cert. Can be both IP addresses and DNS names") - cmd.Flags().StringVar(&cfg.APIEndpoint.AdvertiseAddress, "apiserver-advertise-address", cfg.APIEndpoint.AdvertiseAddress, "The IP address the API server is accessible on, to use for the API server serving cert") +func runCAPhase(ca *certsphase.KubeadmCert) func(c workflow.RunData) error { + return func(c workflow.RunData) error { + data, ok := c.(certsData) + if !ok { + return errors.New("certs phase invoked with an invalid data struct") + } + + cfg := data.Cfg() + cfg.CertificatesDir = data.CertificateWriteDir() + defer func() { cfg.CertificatesDir = data.CertificateDir() }() + + return certsphase.CreateCACertAndKeyFiles(ca, cfg) } } -func makeCommandsForCA(ca *certsphase.KubeadmCert, certList []*certsphase.KubeadmCert, cfgPath *string, cfg *kubeadmapiv1beta1.InitConfiguration) []*cobra.Command { - subCmds := []*cobra.Command{} +func runCertPhase(cert *certsphase.KubeadmCert, caCert *certsphase.KubeadmCert) func(c workflow.RunData) error { + return func(c workflow.RunData) error { + data, ok := c.(certsData) + if !ok { + return errors.New("certs phase invoked with an invalid data struct") + } - caCmd := makeCmd(ca, cfgPath, cfg) - caCmd.Run = func(cmd *cobra.Command, args []string) { - internalcfg, err := configutil.ConfigFileAndDefaultsToInternalConfig(*cfgPath, cfg) - kubeadmutil.CheckErr(err) + cfg := data.Cfg() + cfg.CertificatesDir = data.CertificateWriteDir() + defer func() { cfg.CertificatesDir = data.CertificateDir() }() - err = certsphase.CreateCACertAndKeyFiles(ca, internalcfg) - kubeadmutil.CheckErr(err) + return certsphase.CreateCertAndKeyFilesWithCA(cert, caCert, cfg) } - - subCmds = append(subCmds, caCmd) - - for _, cert := range certList { - certCmd := makeCommandForCert(cert, ca, cfgPath, cfg) - subCmds = append(subCmds, certCmd) - } - - return subCmds -} - -func makeCommandForCert(cert *certsphase.KubeadmCert, caCert *certsphase.KubeadmCert, cfgPath *string, cfg *kubeadmapiv1beta1.InitConfiguration) *cobra.Command { - certCmd := makeCmd(cert, cfgPath, cfg) - - certCmd.Run = func(cmd *cobra.Command, args []string) { - internalcfg, err := configutil.ConfigFileAndDefaultsToInternalConfig(*cfgPath, cfg) - kubeadmutil.CheckErr(err) - err = configutil.VerifyAPIServerBindAddress(internalcfg.APIEndpoint.AdvertiseAddress) - kubeadmutil.CheckErr(err) - - err = certsphase.CreateCertAndKeyFilesWithCA(cert, caCert, internalcfg) - kubeadmutil.CheckErr(err) - } - - return certCmd } diff --git a/cmd/kubeadm/app/cmd/phases/certs_test.go b/cmd/kubeadm/app/cmd/phases/certs_test.go deleted file mode 100644 index 09fe2572f9..0000000000 --- a/cmd/kubeadm/app/cmd/phases/certs_test.go +++ /dev/null @@ -1,287 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package phases - -import ( - "fmt" - "os" - "strings" - "testing" - - kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm" - kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants" - "k8s.io/kubernetes/cmd/kubeadm/app/phases/certs/pkiutil" - "k8s.io/kubernetes/pkg/util/node" - - testutil "k8s.io/kubernetes/cmd/kubeadm/test" - cmdtestutil "k8s.io/kubernetes/cmd/kubeadm/test/cmd" -) - -// phaseTestK8sVersion is a fake kubernetes version to use when testing -const phaseTestK8sVersion = "v1.11.0" - -func TestCertsSubCommandsHasFlags(t *testing.T) { - - subCmds := getCertsSubCommands(phaseTestK8sVersion) - - commonFlags := []string{ - "cert-dir", - "config", - } - - var tests = []struct { - command string - additionalFlags []string - }{ - { - command: "all", - additionalFlags: []string{ - "apiserver-advertise-address", - "apiserver-cert-extra-sans", - "service-cidr", - "service-dns-domain", - }, - }, - { - command: "ca", - }, - { - command: "apiserver", - additionalFlags: []string{ - "apiserver-advertise-address", - "apiserver-cert-extra-sans", - "service-cidr", - "service-dns-domain", - }, - }, - { - command: "apiserver-kubelet-client", - }, - { - command: "etcd-ca", - }, - { - command: "etcd-server", - }, - { - command: "etcd-peer", - }, - { - command: "etcd-healthcheck-client", - }, - { - command: "apiserver-etcd-client", - }, - { - command: "sa", - }, - { - command: "front-proxy-ca", - }, - { - command: "front-proxy-client", - }, - } - - for _, test := range tests { - expectedFlags := append(commonFlags, test.additionalFlags...) - cmdtestutil.AssertSubCommandHasFlags(t, subCmds, test.command, expectedFlags...) - } -} - -func TestSubCmdCertsCreateFilesWithFlags(t *testing.T) { - - subCmds := getCertsSubCommands(phaseTestK8sVersion) - - var tests = []struct { - subCmds []string - expectedFiles []string - }{ - { - subCmds: []string{"all"}, - expectedFiles: []string{ - kubeadmconstants.CACertName, kubeadmconstants.CAKeyName, - kubeadmconstants.APIServerCertName, kubeadmconstants.APIServerKeyName, - kubeadmconstants.APIServerKubeletClientCertName, kubeadmconstants.APIServerKubeletClientKeyName, - kubeadmconstants.ServiceAccountPrivateKeyName, kubeadmconstants.ServiceAccountPublicKeyName, - kubeadmconstants.FrontProxyCACertName, kubeadmconstants.FrontProxyCAKeyName, - kubeadmconstants.FrontProxyClientCertName, kubeadmconstants.FrontProxyClientKeyName, - }, - }, - { - subCmds: []string{"ca", "apiserver", "apiserver-kubelet-client"}, - expectedFiles: []string{kubeadmconstants.CACertName, kubeadmconstants.CAKeyName, kubeadmconstants.APIServerCertName, kubeadmconstants.APIServerKeyName, kubeadmconstants.APIServerKubeletClientCertName, kubeadmconstants.APIServerKubeletClientKeyName}, - }, - { - subCmds: []string{"etcd-ca", "etcd-server", "etcd-peer", "etcd-healthcheck-client", "apiserver-etcd-client"}, - expectedFiles: []string{ - kubeadmconstants.EtcdCACertName, kubeadmconstants.EtcdCAKeyName, - kubeadmconstants.EtcdServerCertName, kubeadmconstants.EtcdServerKeyName, - kubeadmconstants.EtcdPeerCertName, kubeadmconstants.EtcdPeerKeyName, - kubeadmconstants.EtcdHealthcheckClientCertName, kubeadmconstants.EtcdHealthcheckClientKeyName, - kubeadmconstants.APIServerEtcdClientCertName, kubeadmconstants.APIServerEtcdClientKeyName, - }, - }, - { - subCmds: []string{"sa"}, - expectedFiles: []string{kubeadmconstants.ServiceAccountPrivateKeyName, kubeadmconstants.ServiceAccountPublicKeyName}, - }, - { - subCmds: []string{"front-proxy-ca", "front-proxy-client"}, - expectedFiles: []string{kubeadmconstants.FrontProxyCACertName, kubeadmconstants.FrontProxyCAKeyName, kubeadmconstants.FrontProxyClientCertName, kubeadmconstants.FrontProxyClientKeyName}, - }, - } - - for _, test := range tests { - t.Run(strings.Join(test.subCmds, ","), func(t *testing.T) { - // Create temp folder for the test case - tmpdir := testutil.SetupTempDir(t) - defer os.RemoveAll(tmpdir) - - // executes given sub commands - for _, subCmdName := range test.subCmds { - fmt.Printf("running command %q\n", subCmdName) - certDirFlag := fmt.Sprintf("--cert-dir=%s", tmpdir) - cmdtestutil.RunSubCommand(t, subCmds, subCmdName, certDirFlag) - } - - // verify expected files are there - testutil.AssertFileExists(t, tmpdir, test.expectedFiles...) - }) - } -} - -func TestSubCmdCertsApiServerForwardsFlags(t *testing.T) { - - subCmds := getCertsSubCommands(phaseTestK8sVersion) - - // Create temp folder for the test case - tmpdir := testutil.SetupTempDir(t) - defer os.RemoveAll(tmpdir) - - // creates ca cert - certDirFlag := fmt.Sprintf("--cert-dir=%s", tmpdir) - cmdtestutil.RunSubCommand(t, subCmds, "ca", certDirFlag) - - // creates apiserver cert - apiserverFlags := []string{ - fmt.Sprintf("--cert-dir=%s", tmpdir), - "--apiserver-cert-extra-sans=foo,boo", - "--service-cidr=10.0.0.0/24", - "--service-dns-domain=mycluster.local", - "--apiserver-advertise-address=1.2.3.4", - } - cmdtestutil.RunSubCommand(t, subCmds, "apiserver", apiserverFlags...) - - // asserts created cert has values from CLI flags - APIserverCert, err := pkiutil.TryLoadCertFromDisk(tmpdir, kubeadmconstants.APIServerCertAndKeyBaseName) - if err != nil { - t.Fatalf("Error loading API server certificate: %v", err) - } - - hostname, err := node.GetHostname("") - if err != nil { - t.Fatal(err) - } - - for i, name := range []string{hostname, "kubernetes", "kubernetes.default", "kubernetes.default.svc", "kubernetes.default.svc.mycluster.local"} { - if APIserverCert.DNSNames[i] != name { - t.Errorf("APIserverCert.DNSNames[%d] is %s instead of %s", i, APIserverCert.DNSNames[i], name) - } - } - for i, ip := range []string{"10.0.0.1", "1.2.3.4"} { - if APIserverCert.IPAddresses[i].String() != ip { - t.Errorf("APIserverCert.IPAddresses[%d] is %s instead of %s", i, APIserverCert.IPAddresses[i], ip) - } - } -} - -func TestSubCmdCertsCreateFilesWithConfigFile(t *testing.T) { - - subCmds := getCertsSubCommands(phaseTestK8sVersion) - - var tests = []struct { - subCmds []string - expectedFiles []string - }{ - { - subCmds: []string{"all"}, - expectedFiles: []string{ - kubeadmconstants.CACertName, kubeadmconstants.CAKeyName, - kubeadmconstants.APIServerCertName, kubeadmconstants.APIServerKeyName, - kubeadmconstants.APIServerKubeletClientCertName, kubeadmconstants.APIServerKubeletClientKeyName, - kubeadmconstants.ServiceAccountPrivateKeyName, kubeadmconstants.ServiceAccountPublicKeyName, - kubeadmconstants.FrontProxyCACertName, kubeadmconstants.FrontProxyCAKeyName, - kubeadmconstants.FrontProxyClientCertName, kubeadmconstants.FrontProxyClientKeyName, - }, - }, - { - subCmds: []string{"ca", "apiserver", "apiserver-kubelet-client"}, - expectedFiles: []string{ - kubeadmconstants.CACertName, kubeadmconstants.CAKeyName, - kubeadmconstants.APIServerCertName, kubeadmconstants.APIServerKeyName, - kubeadmconstants.APIServerKubeletClientCertName, kubeadmconstants.APIServerKubeletClientKeyName, - }, - }, - { - subCmds: []string{"etcd-ca", "etcd-server", "etcd-peer", "etcd-healthcheck-client", "apiserver-etcd-client"}, - expectedFiles: []string{ - kubeadmconstants.EtcdCACertName, kubeadmconstants.EtcdCAKeyName, - kubeadmconstants.EtcdServerCertName, kubeadmconstants.EtcdServerKeyName, - kubeadmconstants.EtcdPeerCertName, kubeadmconstants.EtcdPeerKeyName, - kubeadmconstants.EtcdHealthcheckClientCertName, kubeadmconstants.EtcdHealthcheckClientKeyName, - kubeadmconstants.APIServerEtcdClientCertName, kubeadmconstants.APIServerEtcdClientKeyName, - }, - }, - { - subCmds: []string{"front-proxy-ca", "front-proxy-client"}, - expectedFiles: []string{kubeadmconstants.FrontProxyCACertName, kubeadmconstants.FrontProxyCAKeyName, kubeadmconstants.FrontProxyClientCertName, kubeadmconstants.FrontProxyClientKeyName}, - }, - { - subCmds: []string{"sa"}, - expectedFiles: []string{kubeadmconstants.ServiceAccountPrivateKeyName, kubeadmconstants.ServiceAccountPublicKeyName}, - }, - } - - for _, test := range tests { - t.Run(strings.Join(test.subCmds, ","), func(t *testing.T) { - - // Create temp folder for the test case - tmpdir := testutil.SetupTempDir(t) - defer os.RemoveAll(tmpdir) - - cfg := &kubeadmapi.InitConfiguration{ - APIEndpoint: kubeadmapi.APIEndpoint{AdvertiseAddress: "1.2.3.4", BindPort: 1234}, - ClusterConfiguration: kubeadmapi.ClusterConfiguration{ - CertificatesDir: tmpdir, - }, - NodeRegistration: kubeadmapi.NodeRegistrationOptions{Name: "valid-node-name"}, - } - configPath := testutil.SetupInitConfigurationFile(t, tmpdir, cfg) - - // executes given sub commands - for _, subCmdName := range test.subCmds { - t.Logf("running subcommand %q", subCmdName) - configFlag := fmt.Sprintf("--config=%s", configPath) - cmdtestutil.RunSubCommand(t, subCmds, subCmdName, configFlag) - } - - // verify expected files are there - testutil.AssertFileExists(t, tmpdir, test.expectedFiles...) - }) - } -} diff --git a/cmd/kubeadm/app/cmd/phases/controlplane_test.go b/cmd/kubeadm/app/cmd/phases/controlplane_test.go index a9ad56b3af..dc745129bb 100644 --- a/cmd/kubeadm/app/cmd/phases/controlplane_test.go +++ b/cmd/kubeadm/app/cmd/phases/controlplane_test.go @@ -25,6 +25,8 @@ import ( cmdtestutil "k8s.io/kubernetes/cmd/kubeadm/test/cmd" ) +const phaseTestK8sVersion = "v1.11.0" + func TestControlPlaneSubCommandsHasFlags(t *testing.T) { subCmds := getControlPlaneSubCommands("", phaseTestK8sVersion) diff --git a/docs/.generated_docs b/docs/.generated_docs index d47c6ab73b..0672858818 100644 --- a/docs/.generated_docs +++ b/docs/.generated_docs @@ -19,17 +19,6 @@ docs/admin/kubeadm_alpha_phase_bootstrap-token_node.md docs/admin/kubeadm_alpha_phase_bootstrap-token_node_allow-auto-approve.md docs/admin/kubeadm_alpha_phase_bootstrap-token_node_allow-post-csrs.md docs/admin/kubeadm_alpha_phase_certs.md -docs/admin/kubeadm_alpha_phase_certs_all.md -docs/admin/kubeadm_alpha_phase_certs_apiserver-etcd-client.md -docs/admin/kubeadm_alpha_phase_certs_apiserver-kubelet-client.md -docs/admin/kubeadm_alpha_phase_certs_apiserver.md -docs/admin/kubeadm_alpha_phase_certs_ca.md -docs/admin/kubeadm_alpha_phase_certs_etcd-ca.md -docs/admin/kubeadm_alpha_phase_certs_etcd-healthcheck-client.md -docs/admin/kubeadm_alpha_phase_certs_etcd-peer.md -docs/admin/kubeadm_alpha_phase_certs_etcd-server.md -docs/admin/kubeadm_alpha_phase_certs_front-proxy-ca.md -docs/admin/kubeadm_alpha_phase_certs_front-proxy-client.md docs/admin/kubeadm_alpha_phase_certs_renew.md docs/admin/kubeadm_alpha_phase_certs_renew_all.md docs/admin/kubeadm_alpha_phase_certs_renew_apiserver-etcd-client.md @@ -39,7 +28,6 @@ docs/admin/kubeadm_alpha_phase_certs_renew_etcd-healthcheck-client.md docs/admin/kubeadm_alpha_phase_certs_renew_etcd-peer.md docs/admin/kubeadm_alpha_phase_certs_renew_etcd-server.md docs/admin/kubeadm_alpha_phase_certs_renew_front-proxy-client.md -docs/admin/kubeadm_alpha_phase_certs_sa.md docs/admin/kubeadm_alpha_phase_controlplane.md docs/admin/kubeadm_alpha_phase_controlplane_all.md docs/admin/kubeadm_alpha_phase_controlplane_apiserver.md @@ -81,6 +69,18 @@ docs/admin/kubeadm_config_upload_from-flags.md docs/admin/kubeadm_config_view.md docs/admin/kubeadm_init.md docs/admin/kubeadm_init_phase.md +docs/admin/kubeadm_init_phase_certs.md +docs/admin/kubeadm_init_phase_certs_apiserver-etcd-client.md +docs/admin/kubeadm_init_phase_certs_apiserver-kubelet-client.md +docs/admin/kubeadm_init_phase_certs_apiserver.md +docs/admin/kubeadm_init_phase_certs_ca.md +docs/admin/kubeadm_init_phase_certs_etcd-ca.md +docs/admin/kubeadm_init_phase_certs_etcd-healthcheck-client.md +docs/admin/kubeadm_init_phase_certs_etcd-peer.md +docs/admin/kubeadm_init_phase_certs_etcd-server.md +docs/admin/kubeadm_init_phase_certs_front-proxy-ca.md +docs/admin/kubeadm_init_phase_certs_front-proxy-client.md +docs/admin/kubeadm_init_phase_certs_sa.md docs/admin/kubeadm_init_phase_kubelet-start.md docs/admin/kubeadm_init_phase_preflight.md docs/admin/kubeadm_join.md @@ -115,17 +115,6 @@ docs/man/man1/kubeadm-alpha-phase-bootstrap-token-node-allow-auto-approve.1 docs/man/man1/kubeadm-alpha-phase-bootstrap-token-node-allow-post-csrs.1 docs/man/man1/kubeadm-alpha-phase-bootstrap-token-node.1 docs/man/man1/kubeadm-alpha-phase-bootstrap-token.1 -docs/man/man1/kubeadm-alpha-phase-certs-all.1 -docs/man/man1/kubeadm-alpha-phase-certs-apiserver-etcd-client.1 -docs/man/man1/kubeadm-alpha-phase-certs-apiserver-kubelet-client.1 -docs/man/man1/kubeadm-alpha-phase-certs-apiserver.1 -docs/man/man1/kubeadm-alpha-phase-certs-ca.1 -docs/man/man1/kubeadm-alpha-phase-certs-etcd-ca.1 -docs/man/man1/kubeadm-alpha-phase-certs-etcd-healthcheck-client.1 -docs/man/man1/kubeadm-alpha-phase-certs-etcd-peer.1 -docs/man/man1/kubeadm-alpha-phase-certs-etcd-server.1 -docs/man/man1/kubeadm-alpha-phase-certs-front-proxy-ca.1 -docs/man/man1/kubeadm-alpha-phase-certs-front-proxy-client.1 docs/man/man1/kubeadm-alpha-phase-certs-renew-all.1 docs/man/man1/kubeadm-alpha-phase-certs-renew-apiserver-etcd-client.1 docs/man/man1/kubeadm-alpha-phase-certs-renew-apiserver-kubelet-client.1 @@ -135,7 +124,6 @@ docs/man/man1/kubeadm-alpha-phase-certs-renew-etcd-peer.1 docs/man/man1/kubeadm-alpha-phase-certs-renew-etcd-server.1 docs/man/man1/kubeadm-alpha-phase-certs-renew-front-proxy-client.1 docs/man/man1/kubeadm-alpha-phase-certs-renew.1 -docs/man/man1/kubeadm-alpha-phase-certs-sa.1 docs/man/man1/kubeadm-alpha-phase-certs.1 docs/man/man1/kubeadm-alpha-phase-controlplane-all.1 docs/man/man1/kubeadm-alpha-phase-controlplane-apiserver.1 @@ -179,6 +167,18 @@ docs/man/man1/kubeadm-config-upload-from-flags.1 docs/man/man1/kubeadm-config-upload.1 docs/man/man1/kubeadm-config-view.1 docs/man/man1/kubeadm-config.1 +docs/man/man1/kubeadm-init-phase-certs-apiserver-etcd-client.1 +docs/man/man1/kubeadm-init-phase-certs-apiserver-kubelet-client.1 +docs/man/man1/kubeadm-init-phase-certs-apiserver.1 +docs/man/man1/kubeadm-init-phase-certs-ca.1 +docs/man/man1/kubeadm-init-phase-certs-etcd-ca.1 +docs/man/man1/kubeadm-init-phase-certs-etcd-healthcheck-client.1 +docs/man/man1/kubeadm-init-phase-certs-etcd-peer.1 +docs/man/man1/kubeadm-init-phase-certs-etcd-server.1 +docs/man/man1/kubeadm-init-phase-certs-front-proxy-ca.1 +docs/man/man1/kubeadm-init-phase-certs-front-proxy-client.1 +docs/man/man1/kubeadm-init-phase-certs-sa.1 +docs/man/man1/kubeadm-init-phase-certs.1 docs/man/man1/kubeadm-init-phase-kubelet-start.1 docs/man/man1/kubeadm-init-phase-preflight.1 docs/man/man1/kubeadm-init-phase.1 diff --git a/docs/admin/kubeadm_alpha_phase_certs_all.md b/docs/admin/kubeadm_init_phase_certs.md similarity index 100% rename from docs/admin/kubeadm_alpha_phase_certs_all.md rename to docs/admin/kubeadm_init_phase_certs.md diff --git a/docs/admin/kubeadm_alpha_phase_certs_apiserver-etcd-client.md b/docs/admin/kubeadm_init_phase_certs_apiserver-etcd-client.md similarity index 100% rename from docs/admin/kubeadm_alpha_phase_certs_apiserver-etcd-client.md rename to docs/admin/kubeadm_init_phase_certs_apiserver-etcd-client.md diff --git a/docs/admin/kubeadm_alpha_phase_certs_apiserver-kubelet-client.md b/docs/admin/kubeadm_init_phase_certs_apiserver-kubelet-client.md similarity index 100% rename from docs/admin/kubeadm_alpha_phase_certs_apiserver-kubelet-client.md rename to docs/admin/kubeadm_init_phase_certs_apiserver-kubelet-client.md diff --git a/docs/admin/kubeadm_alpha_phase_certs_apiserver.md b/docs/admin/kubeadm_init_phase_certs_apiserver.md similarity index 100% rename from docs/admin/kubeadm_alpha_phase_certs_apiserver.md rename to docs/admin/kubeadm_init_phase_certs_apiserver.md diff --git a/docs/admin/kubeadm_alpha_phase_certs_ca.md b/docs/admin/kubeadm_init_phase_certs_ca.md similarity index 100% rename from docs/admin/kubeadm_alpha_phase_certs_ca.md rename to docs/admin/kubeadm_init_phase_certs_ca.md diff --git a/docs/admin/kubeadm_alpha_phase_certs_etcd-ca.md b/docs/admin/kubeadm_init_phase_certs_etcd-ca.md similarity index 100% rename from docs/admin/kubeadm_alpha_phase_certs_etcd-ca.md rename to docs/admin/kubeadm_init_phase_certs_etcd-ca.md diff --git a/docs/admin/kubeadm_alpha_phase_certs_etcd-healthcheck-client.md b/docs/admin/kubeadm_init_phase_certs_etcd-healthcheck-client.md similarity index 100% rename from docs/admin/kubeadm_alpha_phase_certs_etcd-healthcheck-client.md rename to docs/admin/kubeadm_init_phase_certs_etcd-healthcheck-client.md diff --git a/docs/admin/kubeadm_alpha_phase_certs_etcd-peer.md b/docs/admin/kubeadm_init_phase_certs_etcd-peer.md similarity index 100% rename from docs/admin/kubeadm_alpha_phase_certs_etcd-peer.md rename to docs/admin/kubeadm_init_phase_certs_etcd-peer.md diff --git a/docs/admin/kubeadm_alpha_phase_certs_etcd-server.md b/docs/admin/kubeadm_init_phase_certs_etcd-server.md similarity index 100% rename from docs/admin/kubeadm_alpha_phase_certs_etcd-server.md rename to docs/admin/kubeadm_init_phase_certs_etcd-server.md diff --git a/docs/admin/kubeadm_alpha_phase_certs_front-proxy-ca.md b/docs/admin/kubeadm_init_phase_certs_front-proxy-ca.md similarity index 100% rename from docs/admin/kubeadm_alpha_phase_certs_front-proxy-ca.md rename to docs/admin/kubeadm_init_phase_certs_front-proxy-ca.md diff --git a/docs/admin/kubeadm_alpha_phase_certs_front-proxy-client.md b/docs/admin/kubeadm_init_phase_certs_front-proxy-client.md similarity index 100% rename from docs/admin/kubeadm_alpha_phase_certs_front-proxy-client.md rename to docs/admin/kubeadm_init_phase_certs_front-proxy-client.md diff --git a/docs/admin/kubeadm_alpha_phase_certs_sa.md b/docs/admin/kubeadm_init_phase_certs_sa.md similarity index 100% rename from docs/admin/kubeadm_alpha_phase_certs_sa.md rename to docs/admin/kubeadm_init_phase_certs_sa.md diff --git a/docs/man/man1/kubeadm-alpha-phase-certs-all.1 b/docs/man/man1/kubeadm-init-phase-certs-apiserver-etcd-client.1 similarity index 100% rename from docs/man/man1/kubeadm-alpha-phase-certs-all.1 rename to docs/man/man1/kubeadm-init-phase-certs-apiserver-etcd-client.1 diff --git a/docs/man/man1/kubeadm-alpha-phase-certs-apiserver-etcd-client.1 b/docs/man/man1/kubeadm-init-phase-certs-apiserver-kubelet-client.1 similarity index 100% rename from docs/man/man1/kubeadm-alpha-phase-certs-apiserver-etcd-client.1 rename to docs/man/man1/kubeadm-init-phase-certs-apiserver-kubelet-client.1 diff --git a/docs/man/man1/kubeadm-alpha-phase-certs-apiserver-kubelet-client.1 b/docs/man/man1/kubeadm-init-phase-certs-apiserver.1 similarity index 100% rename from docs/man/man1/kubeadm-alpha-phase-certs-apiserver-kubelet-client.1 rename to docs/man/man1/kubeadm-init-phase-certs-apiserver.1 diff --git a/docs/man/man1/kubeadm-alpha-phase-certs-apiserver.1 b/docs/man/man1/kubeadm-init-phase-certs-ca.1 similarity index 100% rename from docs/man/man1/kubeadm-alpha-phase-certs-apiserver.1 rename to docs/man/man1/kubeadm-init-phase-certs-ca.1 diff --git a/docs/man/man1/kubeadm-alpha-phase-certs-ca.1 b/docs/man/man1/kubeadm-init-phase-certs-etcd-ca.1 similarity index 100% rename from docs/man/man1/kubeadm-alpha-phase-certs-ca.1 rename to docs/man/man1/kubeadm-init-phase-certs-etcd-ca.1 diff --git a/docs/man/man1/kubeadm-alpha-phase-certs-etcd-ca.1 b/docs/man/man1/kubeadm-init-phase-certs-etcd-healthcheck-client.1 similarity index 100% rename from docs/man/man1/kubeadm-alpha-phase-certs-etcd-ca.1 rename to docs/man/man1/kubeadm-init-phase-certs-etcd-healthcheck-client.1 diff --git a/docs/man/man1/kubeadm-alpha-phase-certs-etcd-healthcheck-client.1 b/docs/man/man1/kubeadm-init-phase-certs-etcd-peer.1 similarity index 100% rename from docs/man/man1/kubeadm-alpha-phase-certs-etcd-healthcheck-client.1 rename to docs/man/man1/kubeadm-init-phase-certs-etcd-peer.1 diff --git a/docs/man/man1/kubeadm-alpha-phase-certs-etcd-peer.1 b/docs/man/man1/kubeadm-init-phase-certs-etcd-server.1 similarity index 100% rename from docs/man/man1/kubeadm-alpha-phase-certs-etcd-peer.1 rename to docs/man/man1/kubeadm-init-phase-certs-etcd-server.1 diff --git a/docs/man/man1/kubeadm-alpha-phase-certs-etcd-server.1 b/docs/man/man1/kubeadm-init-phase-certs-front-proxy-ca.1 similarity index 100% rename from docs/man/man1/kubeadm-alpha-phase-certs-etcd-server.1 rename to docs/man/man1/kubeadm-init-phase-certs-front-proxy-ca.1 diff --git a/docs/man/man1/kubeadm-alpha-phase-certs-front-proxy-ca.1 b/docs/man/man1/kubeadm-init-phase-certs-front-proxy-client.1 similarity index 100% rename from docs/man/man1/kubeadm-alpha-phase-certs-front-proxy-ca.1 rename to docs/man/man1/kubeadm-init-phase-certs-front-proxy-client.1 diff --git a/docs/man/man1/kubeadm-alpha-phase-certs-front-proxy-client.1 b/docs/man/man1/kubeadm-init-phase-certs-sa.1 similarity index 100% rename from docs/man/man1/kubeadm-alpha-phase-certs-front-proxy-client.1 rename to docs/man/man1/kubeadm-init-phase-certs-sa.1 diff --git a/docs/man/man1/kubeadm-alpha-phase-certs-sa.1 b/docs/man/man1/kubeadm-init-phase-certs.1 similarity index 100% rename from docs/man/man1/kubeadm-alpha-phase-certs-sa.1 rename to docs/man/man1/kubeadm-init-phase-certs.1