github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #70331 from ereslibre/graduate-certs 

kubeadm: Graduate certs phase
pull/58/head
k8s-ci-robot 2018-10-29 14:38:43 -07:00 committed by GitHub
parent 628e44647f 24b4e378c8
commit 8c6fbd708c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
30 changed files with 121 additions and 425 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
cmd/kubeadm/app/cmd/init.go
View File

@ -166,6 +166,7 @@ func NewCmdInit(out io.Writer) *cobra.Command {
// initialize the workflow runner with the list of phases
initRunner.AppendPhase(phases.NewPreflightMasterPhase())
initRunner.AppendPhase(phases.NewCertsPhase())
initRunner.AppendPhase(phases.NewKubeletStartPhase())
// TODO: add other phases to the runner.
@ -427,12 +428,6 @@ func runInit(i *initData, out io.Writer) error {
if res, _ := certsphase.UsingExternalCA(i.cfg); !res {
// PHASE 1: Generate certificates
glog.V(1).Infof("[init] creating PKI Assets")
if err := certsphase.CreatePKIAssets(i.cfg); err != nil {
return err
}
// PHASE 2: Generate kubeconfig files for the admin and the kubelet
glog.V(2).Infof("[init] generating kubeconfig files")
if err := kubeconfigphase.CreateInitKubeConfigFiles(kubeConfigDir, i.cfg); err != nil {

2
cmd/kubeadm/app/cmd/phases/BUILD
View File

@ -68,7 +68,6 @@ go_test(
name = "go_default_test",
srcs = [
"addons_test.go",
"certs_test.go",
"controlplane_test.go",
"etcd_test.go",
"kubeconfig_test.go",
@ -84,7 +83,6 @@ go_test(
"//cmd/kubeadm/test:go_default_library",
"//cmd/kubeadm/test/cmd:go_default_library",
"//cmd/kubeadm/test/kubeconfig:go_default_library",
"//pkg/util/node:go_default_library",
"//pkg/version:go_default_library",
"//staging/src/k8s.io/client-go/tools/clientcmd:go_default_library",
"//vendor/github.com/spf13/cobra:go_default_library",

184
cmd/kubeadm/app/cmd/phases/certs.go
View File

@ -20,18 +20,18 @@ import (
"fmt"
"strings"
"github.com/pkg/errors"
"github.com/spf13/cobra"
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
kubeadmscheme "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/scheme"
kubeadmapiv1beta1 "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta1"
"k8s.io/kubernetes/cmd/kubeadm/app/cmd/options"
certscmdphase "k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/certs"
"k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/workflow"
cmdutil "k8s.io/kubernetes/cmd/kubeadm/app/cmd/util"
kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants"
certsphase "k8s.io/kubernetes/cmd/kubeadm/app/phases/certs"
kubeadmutil "k8s.io/kubernetes/cmd/kubeadm/app/util"
configutil "k8s.io/kubernetes/cmd/kubeadm/app/util/config"
"k8s.io/kubernetes/pkg/util/normalizer"
)
@ -66,6 +66,24 @@ var (
` + cmdutil.AlphaDisclaimer)
)
// certsData defines the behavior that a runtime data struct passed to the certs phase should
// have. Please note that we are using an interface in order to make this phase reusable in different workflows
// (and thus with different runtime data struct, all of them requested to be compliant to this interface)
type certsData interface {
Cfg() *kubeadmapi.InitConfiguration
CertificateDir() string
CertificateWriteDir() string
}
// NewCertsPhase returns the phase for the certs
func NewCertsPhase() workflow.Phase {
return workflow.Phase{
Name: "certs",
Short: "Certificate generation",
Phases: getCertsSubPhases(),
}
}
// NewCmdCerts returns main command for certs phase
func NewCmdCerts() *cobra.Command {
cmd := &cobra.Command{
@ -75,72 +93,62 @@ func NewCmdCerts() *cobra.Command {
Long: cmdutil.MacroCommandLongDescription,
}
cmd.AddCommand(getCertsSubCommands("")...)
cmd.AddCommand(getCertsSubCommands()...)
return cmd
}
// getCertsSubCommands returns sub commands for certs phase
func getCertsSubCommands(defaultKubernetesVersion string) []*cobra.Command {
cfg := &kubeadmapiv1beta1.InitConfiguration{}
// Default values for the cobra help text
kubeadmscheme.Scheme.Default(cfg)
var cfgPath string
// Special case commands
// All runs CreatePKIAssets, which isn't a particular certificate
allCmd := &cobra.Command{
Use: "all",
Short: "Generates all PKI assets necessary to establish the control plane",
Long: allCertsLongDesc,
Example: allCertsExample,
Run: func(cmd *cobra.Command, args []string) {
internalcfg, err := configutil.ConfigFileAndDefaultsToInternalConfig(cfgPath, cfg)
kubeadmutil.CheckErr(err)
err = certsphase.CreatePKIAssets(internalcfg)
kubeadmutil.CheckErr(err)
},
func getCertsSubCommands() []*cobra.Command {
return []*cobra.Command{certscmdphase.NewCmdCertsRenewal()}
}
addFlags(allCmd, &cfgPath, cfg, true)
// SA creates the private/public key pair, which doesn't use x509 at all
saCmd := &cobra.Command{
Use: "sa",
Short: "Generates a private key for signing service account tokens along with its public key",
Long: saKeyLongDesc,
Run: func(cmd *cobra.Command, args []string) {
internalcfg, err := configutil.ConfigFileAndDefaultsToInternalConfig(cfgPath, cfg)
kubeadmutil.CheckErr(err)
// getCertsSubPhases returns sub phases for certs phase
func getCertsSubPhases() []workflow.Phase {
subPhases := []workflow.Phase{}
err = certsphase.CreateServiceAccountKeyAndPublicKeyFiles(internalcfg)
kubeadmutil.CheckErr(err)
},
}
addFlags(saCmd, &cfgPath, cfg, false)
// "renew" command
renewCmd := certscmdphase.NewCmdCertsRenewal()
subCmds := []*cobra.Command{allCmd, saCmd, renewCmd}
certTree, err := certsphase.GetDefaultCertList().AsMap().CertTree()
kubeadmutil.CheckErr(err)
certTree, _ := certsphase.GetDefaultCertList().AsMap().CertTree()
for ca, certList := range certTree {
// Don't use pointers from for loops, they will be rewrittenb
caCmds := makeCommandsForCA(ca, certList, &cfgPath, cfg)
subCmds = append(subCmds, caCmds...)
caPhase := newCertSubPhase(ca, runCAPhase(ca))
subPhases = append(subPhases, caPhase)
for _, cert := range certList {
certPhase := newCertSubPhase(cert, runCertPhase(cert, ca))
subPhases = append(subPhases, certPhase)
}
return subCmds
subPhases = append(subPhases, caPhase)
}
func makeCmd(certSpec *certsphase.KubeadmCert, cfgPath *string, cfg *kubeadmapiv1beta1.InitConfiguration) *cobra.Command {
cmd := &cobra.Command{
Use: certSpec.Name,
// SA creates the private/public key pair, which doesn't use x509 at all
saPhase := workflow.Phase{
Name: "sa",
Short: "Generates a private key for signing service account tokens along with its public key",
Long: saKeyLongDesc,
Run: runCertsSa,
}
subPhases = append(subPhases, saPhase)
return subPhases
}
func runCertsSa(c workflow.RunData) error {
data, ok := c.(certsData)
if !ok {
return errors.New("certs phase invoked with an invalid data struct")
}
cfg := data.Cfg()
cfg.CertificatesDir = data.CertificateWriteDir()
defer func() { cfg.CertificatesDir = data.CertificateDir() }()
return certsphase.CreateServiceAccountKeyAndPublicKeyFiles(cfg)
}
func newCertSubPhase(certSpec *certsphase.KubeadmCert, run func(c workflow.RunData) error) workflow.Phase {
phase := workflow.Phase{
Name: certSpec.Name,
Short: fmt.Sprintf("Generates the %s", certSpec.LongName),
Long: fmt.Sprintf(
genericLongDesc,
@ -148,10 +156,9 @@ func makeCmd(certSpec *certsphase.KubeadmCert, cfgPath *string, cfg *kubeadmapiv
certSpec.BaseName,
getSANDescription(certSpec),
),
Run: run,
}
addFlags(cmd, cfgPath, cfg, certSpec.Name == "apiserver")
// Add flags to the command
return cmd
return phase
}
func getSANDescription(certSpec *certsphase.KubeadmCert) string {
@ -188,51 +195,32 @@ func getSANDescription(certSpec *certsphase.KubeadmCert) string {
return fmt.Sprintf("\n\nDefault SANs are %s", strings.Join(sans, ", "))
}
func addFlags(cmd *cobra.Command, cfgPath *string, cfg *kubeadmapiv1beta1.InitConfiguration, addAPIFlags bool) {
options.AddCertificateDirFlag(cmd.Flags(), &cfg.CertificatesDir)
options.AddConfigFlag(cmd.Flags(), cfgPath)
if addAPIFlags {
cmd.Flags().StringVar(&cfg.Networking.DNSDomain, "service-dns-domain", cfg.Networking.DNSDomain, "Alternative domain for services, to use for the API server serving cert")
cmd.Flags().StringVar(&cfg.Networking.ServiceSubnet, "service-cidr", cfg.Networking.ServiceSubnet, "Alternative range of IP address for service VIPs, from which derives the internal API server VIP that will be added to the API Server serving cert")
cmd.Flags().StringSliceVar(&cfg.APIServerCertSANs, "apiserver-cert-extra-sans", []string{}, "Optional extra altnames to use for the API server serving cert. Can be both IP addresses and DNS names")
cmd.Flags().StringVar(&cfg.APIEndpoint.AdvertiseAddress, "apiserver-advertise-address", cfg.APIEndpoint.AdvertiseAddress, "The IP address the API server is accessible on, to use for the API server serving cert")
func runCAPhase(ca *certsphase.KubeadmCert) func(c workflow.RunData) error {
return func(c workflow.RunData) error {
data, ok := c.(certsData)
if !ok {
return errors.New("certs phase invoked with an invalid data struct")
}
cfg := data.Cfg()
cfg.CertificatesDir = data.CertificateWriteDir()
defer func() { cfg.CertificatesDir = data.CertificateDir() }()
return certsphase.CreateCACertAndKeyFiles(ca, cfg)
}
}
func makeCommandsForCA(ca *certsphase.KubeadmCert, certList []*certsphase.KubeadmCert, cfgPath *string, cfg *kubeadmapiv1beta1.InitConfiguration) []*cobra.Command {
subCmds := []*cobra.Command{}
caCmd := makeCmd(ca, cfgPath, cfg)
caCmd.Run = func(cmd *cobra.Command, args []string) {
internalcfg, err := configutil.ConfigFileAndDefaultsToInternalConfig(*cfgPath, cfg)
kubeadmutil.CheckErr(err)
err = certsphase.CreateCACertAndKeyFiles(ca, internalcfg)
kubeadmutil.CheckErr(err)
func runCertPhase(cert *certsphase.KubeadmCert, caCert *certsphase.KubeadmCert) func(c workflow.RunData) error {
return func(c workflow.RunData) error {
data, ok := c.(certsData)
if !ok {
return errors.New("certs phase invoked with an invalid data struct")
}
subCmds = append(subCmds, caCmd)
cfg := data.Cfg()
cfg.CertificatesDir = data.CertificateWriteDir()
defer func() { cfg.CertificatesDir = data.CertificateDir() }()
for _, cert := range certList {
certCmd := makeCommandForCert(cert, ca, cfgPath, cfg)
subCmds = append(subCmds, certCmd)
return certsphase.CreateCertAndKeyFilesWithCA(cert, caCert, cfg)
}
return subCmds
}
func makeCommandForCert(cert *certsphase.KubeadmCert, caCert *certsphase.KubeadmCert, cfgPath *string, cfg *kubeadmapiv1beta1.InitConfiguration) *cobra.Command {
certCmd := makeCmd(cert, cfgPath, cfg)
certCmd.Run = func(cmd *cobra.Command, args []string) {
internalcfg, err := configutil.ConfigFileAndDefaultsToInternalConfig(*cfgPath, cfg)
kubeadmutil.CheckErr(err)
err = configutil.VerifyAPIServerBindAddress(internalcfg.APIEndpoint.AdvertiseAddress)
kubeadmutil.CheckErr(err)
err = certsphase.CreateCertAndKeyFilesWithCA(cert, caCert, internalcfg)
kubeadmutil.CheckErr(err)
}
return certCmd
}

287
cmd/kubeadm/app/cmd/phases/certs_test.go
View File

@ -1,287 +0,0 @@
/*
Copyright 2017 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package phases
import (
"fmt"
"os"
"strings"
"testing"
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants"
"k8s.io/kubernetes/cmd/kubeadm/app/phases/certs/pkiutil"
"k8s.io/kubernetes/pkg/util/node"
testutil "k8s.io/kubernetes/cmd/kubeadm/test"
cmdtestutil "k8s.io/kubernetes/cmd/kubeadm/test/cmd"
)
// phaseTestK8sVersion is a fake kubernetes version to use when testing
const phaseTestK8sVersion = "v1.11.0"
func TestCertsSubCommandsHasFlags(t *testing.T) {
subCmds := getCertsSubCommands(phaseTestK8sVersion)
commonFlags := []string{
"cert-dir",
"config",
}
var tests = []struct {
command string
additionalFlags []string
}{
{
command: "all",
additionalFlags: []string{
"apiserver-advertise-address",
"apiserver-cert-extra-sans",
"service-cidr",
"service-dns-domain",
},
},
{
command: "ca",
},
{
command: "apiserver",
additionalFlags: []string{
"apiserver-advertise-address",
"apiserver-cert-extra-sans",
"service-cidr",
"service-dns-domain",
},
},
{
command: "apiserver-kubelet-client",
},
{
command: "etcd-ca",
},
{
command: "etcd-server",
},
{
command: "etcd-peer",
},
{
command: "etcd-healthcheck-client",
},
{
command: "apiserver-etcd-client",
},
{
command: "sa",
},
{
command: "front-proxy-ca",
},
{
command: "front-proxy-client",
},
}
for _, test := range tests {
expectedFlags := append(commonFlags, test.additionalFlags...)
cmdtestutil.AssertSubCommandHasFlags(t, subCmds, test.command, expectedFlags...)
}
}
func TestSubCmdCertsCreateFilesWithFlags(t *testing.T) {
subCmds := getCertsSubCommands(phaseTestK8sVersion)
var tests = []struct {
subCmds []string
expectedFiles []string
}{
{
subCmds: []string{"all"},
expectedFiles: []string{
kubeadmconstants.CACertName, kubeadmconstants.CAKeyName,
kubeadmconstants.APIServerCertName, kubeadmconstants.APIServerKeyName,
kubeadmconstants.APIServerKubeletClientCertName, kubeadmconstants.APIServerKubeletClientKeyName,
kubeadmconstants.ServiceAccountPrivateKeyName, kubeadmconstants.ServiceAccountPublicKeyName,
kubeadmconstants.FrontProxyCACertName, kubeadmconstants.FrontProxyCAKeyName,
kubeadmconstants.FrontProxyClientCertName, kubeadmconstants.FrontProxyClientKeyName,
},
},
{
subCmds: []string{"ca", "apiserver", "apiserver-kubelet-client"},
expectedFiles: []string{kubeadmconstants.CACertName, kubeadmconstants.CAKeyName, kubeadmconstants.APIServerCertName, kubeadmconstants.APIServerKeyName, kubeadmconstants.APIServerKubeletClientCertName, kubeadmconstants.APIServerKubeletClientKeyName},
},
{
subCmds: []string{"etcd-ca", "etcd-server", "etcd-peer", "etcd-healthcheck-client", "apiserver-etcd-client"},
expectedFiles: []string{
kubeadmconstants.EtcdCACertName, kubeadmconstants.EtcdCAKeyName,
kubeadmconstants.EtcdServerCertName, kubeadmconstants.EtcdServerKeyName,
kubeadmconstants.EtcdPeerCertName, kubeadmconstants.EtcdPeerKeyName,
kubeadmconstants.EtcdHealthcheckClientCertName, kubeadmconstants.EtcdHealthcheckClientKeyName,
kubeadmconstants.APIServerEtcdClientCertName, kubeadmconstants.APIServerEtcdClientKeyName,
},
},
{
subCmds: []string{"sa"},
expectedFiles: []string{kubeadmconstants.ServiceAccountPrivateKeyName, kubeadmconstants.ServiceAccountPublicKeyName},
},
{
subCmds: []string{"front-proxy-ca", "front-proxy-client"},
expectedFiles: []string{kubeadmconstants.FrontProxyCACertName, kubeadmconstants.FrontProxyCAKeyName, kubeadmconstants.FrontProxyClientCertName, kubeadmconstants.FrontProxyClientKeyName},
},
}
for _, test := range tests {
t.Run(strings.Join(test.subCmds, ","), func(t *testing.T) {
// Create temp folder for the test case
tmpdir := testutil.SetupTempDir(t)
defer os.RemoveAll(tmpdir)
// executes given sub commands
for _, subCmdName := range test.subCmds {
fmt.Printf("running command %q\n", subCmdName)
certDirFlag := fmt.Sprintf("--cert-dir=%s", tmpdir)
cmdtestutil.RunSubCommand(t, subCmds, subCmdName, certDirFlag)
}
// verify expected files are there
testutil.AssertFileExists(t, tmpdir, test.expectedFiles...)
})
}
}
func TestSubCmdCertsApiServerForwardsFlags(t *testing.T) {
subCmds := getCertsSubCommands(phaseTestK8sVersion)
// Create temp folder for the test case
tmpdir := testutil.SetupTempDir(t)
defer os.RemoveAll(tmpdir)
// creates ca cert
certDirFlag := fmt.Sprintf("--cert-dir=%s", tmpdir)
cmdtestutil.RunSubCommand(t, subCmds, "ca", certDirFlag)
// creates apiserver cert
apiserverFlags := []string{
fmt.Sprintf("--cert-dir=%s", tmpdir),
"--apiserver-cert-extra-sans=foo,boo",
"--service-cidr=10.0.0.0/24",
"--service-dns-domain=mycluster.local",
"--apiserver-advertise-address=1.2.3.4",
}
cmdtestutil.RunSubCommand(t, subCmds, "apiserver", apiserverFlags...)
// asserts created cert has values from CLI flags
APIserverCert, err := pkiutil.TryLoadCertFromDisk(tmpdir, kubeadmconstants.APIServerCertAndKeyBaseName)
if err != nil {
t.Fatalf("Error loading API server certificate: %v", err)
}
hostname, err := node.GetHostname("")
if err != nil {
t.Fatal(err)
}
for i, name := range []string{hostname, "kubernetes", "kubernetes.default", "kubernetes.default.svc", "kubernetes.default.svc.mycluster.local"} {
if APIserverCert.DNSNames[i] != name {
t.Errorf("APIserverCert.DNSNames[%d] is %s instead of %s", i, APIserverCert.DNSNames[i], name)
}
}
for i, ip := range []string{"10.0.0.1", "1.2.3.4"} {
if APIserverCert.IPAddresses[i].String() != ip {
t.Errorf("APIserverCert.IPAddresses[%d] is %s instead of %s", i, APIserverCert.IPAddresses[i], ip)
}
}
}
func TestSubCmdCertsCreateFilesWithConfigFile(t *testing.T) {
subCmds := getCertsSubCommands(phaseTestK8sVersion)
var tests = []struct {
subCmds []string
expectedFiles []string
}{
{
subCmds: []string{"all"},
expectedFiles: []string{
kubeadmconstants.CACertName, kubeadmconstants.CAKeyName,
kubeadmconstants.APIServerCertName, kubeadmconstants.APIServerKeyName,
kubeadmconstants.APIServerKubeletClientCertName, kubeadmconstants.APIServerKubeletClientKeyName,
kubeadmconstants.ServiceAccountPrivateKeyName, kubeadmconstants.ServiceAccountPublicKeyName,
kubeadmconstants.FrontProxyCACertName, kubeadmconstants.FrontProxyCAKeyName,
kubeadmconstants.FrontProxyClientCertName, kubeadmconstants.FrontProxyClientKeyName,
},
},
{
subCmds: []string{"ca", "apiserver", "apiserver-kubelet-client"},
expectedFiles: []string{
kubeadmconstants.CACertName, kubeadmconstants.CAKeyName,
kubeadmconstants.APIServerCertName, kubeadmconstants.APIServerKeyName,
kubeadmconstants.APIServerKubeletClientCertName, kubeadmconstants.APIServerKubeletClientKeyName,
},
},
{
subCmds: []string{"etcd-ca", "etcd-server", "etcd-peer", "etcd-healthcheck-client", "apiserver-etcd-client"},
expectedFiles: []string{
kubeadmconstants.EtcdCACertName, kubeadmconstants.EtcdCAKeyName,
kubeadmconstants.EtcdServerCertName, kubeadmconstants.EtcdServerKeyName,
kubeadmconstants.EtcdPeerCertName, kubeadmconstants.EtcdPeerKeyName,
kubeadmconstants.EtcdHealthcheckClientCertName, kubeadmconstants.EtcdHealthcheckClientKeyName,
kubeadmconstants.APIServerEtcdClientCertName, kubeadmconstants.APIServerEtcdClientKeyName,
},
},
{
subCmds: []string{"front-proxy-ca", "front-proxy-client"},
expectedFiles: []string{kubeadmconstants.FrontProxyCACertName, kubeadmconstants.FrontProxyCAKeyName, kubeadmconstants.FrontProxyClientCertName, kubeadmconstants.FrontProxyClientKeyName},
},
{
subCmds: []string{"sa"},
expectedFiles: []string{kubeadmconstants.ServiceAccountPrivateKeyName, kubeadmconstants.ServiceAccountPublicKeyName},
},
}
for _, test := range tests {
t.Run(strings.Join(test.subCmds, ","), func(t *testing.T) {
// Create temp folder for the test case
tmpdir := testutil.SetupTempDir(t)
defer os.RemoveAll(tmpdir)
cfg := &kubeadmapi.InitConfiguration{
APIEndpoint: kubeadmapi.APIEndpoint{AdvertiseAddress: "1.2.3.4", BindPort: 1234},
ClusterConfiguration: kubeadmapi.ClusterConfiguration{
CertificatesDir: tmpdir,
},
NodeRegistration: kubeadmapi.NodeRegistrationOptions{Name: "valid-node-name"},
}
configPath := testutil.SetupInitConfigurationFile(t, tmpdir, cfg)
// executes given sub commands
for _, subCmdName := range test.subCmds {
t.Logf("running subcommand %q", subCmdName)
configFlag := fmt.Sprintf("--config=%s", configPath)
cmdtestutil.RunSubCommand(t, subCmds, subCmdName, configFlag)
}
// verify expected files are there
testutil.AssertFileExists(t, tmpdir, test.expectedFiles...)
})
}
}

2
cmd/kubeadm/app/cmd/phases/controlplane_test.go
View File

@ -25,6 +25,8 @@ import (
cmdtestutil "k8s.io/kubernetes/cmd/kubeadm/test/cmd"
)
const phaseTestK8sVersion = "v1.11.0"
func TestControlPlaneSubCommandsHasFlags(t *testing.T) {
subCmds := getControlPlaneSubCommands("", phaseTestK8sVersion)

48
docs/.generated_docs
View File

@ -19,17 +19,6 @@ docs/admin/kubeadm_alpha_phase_bootstrap-token_node.md
docs/admin/kubeadm_alpha_phase_bootstrap-token_node_allow-auto-approve.md
docs/admin/kubeadm_alpha_phase_bootstrap-token_node_allow-post-csrs.md
docs/admin/kubeadm_alpha_phase_certs.md
docs/admin/kubeadm_alpha_phase_certs_all.md
docs/admin/kubeadm_alpha_phase_certs_apiserver-etcd-client.md
docs/admin/kubeadm_alpha_phase_certs_apiserver-kubelet-client.md
docs/admin/kubeadm_alpha_phase_certs_apiserver.md
docs/admin/kubeadm_alpha_phase_certs_ca.md
docs/admin/kubeadm_alpha_phase_certs_etcd-ca.md
docs/admin/kubeadm_alpha_phase_certs_etcd-healthcheck-client.md
docs/admin/kubeadm_alpha_phase_certs_etcd-peer.md
docs/admin/kubeadm_alpha_phase_certs_etcd-server.md
docs/admin/kubeadm_alpha_phase_certs_front-proxy-ca.md
docs/admin/kubeadm_alpha_phase_certs_front-proxy-client.md
docs/admin/kubeadm_alpha_phase_certs_renew.md
docs/admin/kubeadm_alpha_phase_certs_renew_all.md
docs/admin/kubeadm_alpha_phase_certs_renew_apiserver-etcd-client.md
@ -39,7 +28,6 @@ docs/admin/kubeadm_alpha_phase_certs_renew_etcd-healthcheck-client.md
docs/admin/kubeadm_alpha_phase_certs_renew_etcd-peer.md
docs/admin/kubeadm_alpha_phase_certs_renew_etcd-server.md
docs/admin/kubeadm_alpha_phase_certs_renew_front-proxy-client.md
docs/admin/kubeadm_alpha_phase_certs_sa.md
docs/admin/kubeadm_alpha_phase_controlplane.md
docs/admin/kubeadm_alpha_phase_controlplane_all.md
docs/admin/kubeadm_alpha_phase_controlplane_apiserver.md
@ -81,6 +69,18 @@ docs/admin/kubeadm_config_upload_from-flags.md
docs/admin/kubeadm_config_view.md
docs/admin/kubeadm_init.md
docs/admin/kubeadm_init_phase.md
docs/admin/kubeadm_init_phase_certs.md
docs/admin/kubeadm_init_phase_certs_apiserver-etcd-client.md
docs/admin/kubeadm_init_phase_certs_apiserver-kubelet-client.md
docs/admin/kubeadm_init_phase_certs_apiserver.md
docs/admin/kubeadm_init_phase_certs_ca.md
docs/admin/kubeadm_init_phase_certs_etcd-ca.md
docs/admin/kubeadm_init_phase_certs_etcd-healthcheck-client.md
docs/admin/kubeadm_init_phase_certs_etcd-peer.md
docs/admin/kubeadm_init_phase_certs_etcd-server.md
docs/admin/kubeadm_init_phase_certs_front-proxy-ca.md
docs/admin/kubeadm_init_phase_certs_front-proxy-client.md
docs/admin/kubeadm_init_phase_certs_sa.md
docs/admin/kubeadm_init_phase_kubelet-start.md
docs/admin/kubeadm_init_phase_preflight.md
docs/admin/kubeadm_join.md
@ -115,17 +115,6 @@ docs/man/man1/kubeadm-alpha-phase-bootstrap-token-node-allow-auto-approve.1
docs/man/man1/kubeadm-alpha-phase-bootstrap-token-node-allow-post-csrs.1
docs/man/man1/kubeadm-alpha-phase-bootstrap-token-node.1
docs/man/man1/kubeadm-alpha-phase-bootstrap-token.1
docs/man/man1/kubeadm-alpha-phase-certs-all.1
docs/man/man1/kubeadm-alpha-phase-certs-apiserver-etcd-client.1
docs/man/man1/kubeadm-alpha-phase-certs-apiserver-kubelet-client.1
docs/man/man1/kubeadm-alpha-phase-certs-apiserver.1
docs/man/man1/kubeadm-alpha-phase-certs-ca.1
docs/man/man1/kubeadm-alpha-phase-certs-etcd-ca.1
docs/man/man1/kubeadm-alpha-phase-certs-etcd-healthcheck-client.1
docs/man/man1/kubeadm-alpha-phase-certs-etcd-peer.1
docs/man/man1/kubeadm-alpha-phase-certs-etcd-server.1
docs/man/man1/kubeadm-alpha-phase-certs-front-proxy-ca.1
docs/man/man1/kubeadm-alpha-phase-certs-front-proxy-client.1
docs/man/man1/kubeadm-alpha-phase-certs-renew-all.1
docs/man/man1/kubeadm-alpha-phase-certs-renew-apiserver-etcd-client.1
docs/man/man1/kubeadm-alpha-phase-certs-renew-apiserver-kubelet-client.1
@ -135,7 +124,6 @@ docs/man/man1/kubeadm-alpha-phase-certs-renew-etcd-peer.1
docs/man/man1/kubeadm-alpha-phase-certs-renew-etcd-server.1
docs/man/man1/kubeadm-alpha-phase-certs-renew-front-proxy-client.1
docs/man/man1/kubeadm-alpha-phase-certs-renew.1
docs/man/man1/kubeadm-alpha-phase-certs-sa.1
docs/man/man1/kubeadm-alpha-phase-certs.1
docs/man/man1/kubeadm-alpha-phase-controlplane-all.1
docs/man/man1/kubeadm-alpha-phase-controlplane-apiserver.1
@ -179,6 +167,18 @@ docs/man/man1/kubeadm-config-upload-from-flags.1
docs/man/man1/kubeadm-config-upload.1
docs/man/man1/kubeadm-config-view.1
docs/man/man1/kubeadm-config.1
docs/man/man1/kubeadm-init-phase-certs-apiserver-etcd-client.1
docs/man/man1/kubeadm-init-phase-certs-apiserver-kubelet-client.1
docs/man/man1/kubeadm-init-phase-certs-apiserver.1
docs/man/man1/kubeadm-init-phase-certs-ca.1
docs/man/man1/kubeadm-init-phase-certs-etcd-ca.1
docs/man/man1/kubeadm-init-phase-certs-etcd-healthcheck-client.1
docs/man/man1/kubeadm-init-phase-certs-etcd-peer.1
docs/man/man1/kubeadm-init-phase-certs-etcd-server.1
docs/man/man1/kubeadm-init-phase-certs-front-proxy-ca.1
docs/man/man1/kubeadm-init-phase-certs-front-proxy-client.1
docs/man/man1/kubeadm-init-phase-certs-sa.1
docs/man/man1/kubeadm-init-phase-certs.1
docs/man/man1/kubeadm-init-phase-kubelet-start.1
docs/man/man1/kubeadm-init-phase-preflight.1
docs/man/man1/kubeadm-init-phase.1

0
docs/admin/kubeadm_alpha_phase_certs_all.md → docs/admin/kubeadm_init_phase_certs.md
View File

0
docs/admin/kubeadm_alpha_phase_certs_apiserver-etcd-client.md → docs/admin/kubeadm_init_phase_certs_apiserver-etcd-client.md
View File

0
docs/admin/kubeadm_alpha_phase_certs_apiserver-kubelet-client.md → docs/admin/kubeadm_init_phase_certs_apiserver-kubelet-client.md
View File

0
docs/admin/kubeadm_alpha_phase_certs_apiserver.md → docs/admin/kubeadm_init_phase_certs_apiserver.md
View File

0
docs/admin/kubeadm_alpha_phase_certs_ca.md → docs/admin/kubeadm_init_phase_certs_ca.md
View File

0
docs/admin/kubeadm_alpha_phase_certs_etcd-ca.md → docs/admin/kubeadm_init_phase_certs_etcd-ca.md
View File

0
docs/admin/kubeadm_alpha_phase_certs_etcd-healthcheck-client.md → docs/admin/kubeadm_init_phase_certs_etcd-healthcheck-client.md
View File

0
docs/admin/kubeadm_alpha_phase_certs_etcd-peer.md → docs/admin/kubeadm_init_phase_certs_etcd-peer.md
View File

0
docs/admin/kubeadm_alpha_phase_certs_etcd-server.md → docs/admin/kubeadm_init_phase_certs_etcd-server.md
View File

0
docs/admin/kubeadm_alpha_phase_certs_front-proxy-ca.md → docs/admin/kubeadm_init_phase_certs_front-proxy-ca.md
View File

0
docs/admin/kubeadm_alpha_phase_certs_front-proxy-client.md → docs/admin/kubeadm_init_phase_certs_front-proxy-client.md
View File

0
docs/admin/kubeadm_alpha_phase_certs_sa.md → docs/admin/kubeadm_init_phase_certs_sa.md
View File

0
docs/man/man1/kubeadm-alpha-phase-certs-all.1 → docs/man/man1/kubeadm-init-phase-certs-apiserver-etcd-client.1
View File

0
docs/man/man1/kubeadm-alpha-phase-certs-apiserver-etcd-client.1 → docs/man/man1/kubeadm-init-phase-certs-apiserver-kubelet-client.1
View File

0
docs/man/man1/kubeadm-alpha-phase-certs-apiserver-kubelet-client.1 → docs/man/man1/kubeadm-init-phase-certs-apiserver.1
View File

0
docs/man/man1/kubeadm-alpha-phase-certs-apiserver.1 → docs/man/man1/kubeadm-init-phase-certs-ca.1
View File

0
docs/man/man1/kubeadm-alpha-phase-certs-ca.1 → docs/man/man1/kubeadm-init-phase-certs-etcd-ca.1
View File

0
docs/man/man1/kubeadm-alpha-phase-certs-etcd-ca.1 → docs/man/man1/kubeadm-init-phase-certs-etcd-healthcheck-client.1
View File

0
docs/man/man1/kubeadm-alpha-phase-certs-etcd-healthcheck-client.1 → docs/man/man1/kubeadm-init-phase-certs-etcd-peer.1
View File

0
docs/man/man1/kubeadm-alpha-phase-certs-etcd-peer.1 → docs/man/man1/kubeadm-init-phase-certs-etcd-server.1
View File

0
docs/man/man1/kubeadm-alpha-phase-certs-etcd-server.1 → docs/man/man1/kubeadm-init-phase-certs-front-proxy-ca.1
View File

0
docs/man/man1/kubeadm-alpha-phase-certs-front-proxy-ca.1 → docs/man/man1/kubeadm-init-phase-certs-front-proxy-client.1
View File

0
docs/man/man1/kubeadm-alpha-phase-certs-front-proxy-client.1 → docs/man/man1/kubeadm-init-phase-certs-sa.1
View File

0
docs/man/man1/kubeadm-alpha-phase-certs-sa.1 → docs/man/man1/kubeadm-init-phase-certs.1
View File