Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Automate certificates renew #1300

Merged
merged 4 commits into from
Apr 2, 2021
Merged

Automate certificates renew #1300

merged 4 commits into from
Apr 2, 2021

Conversation

kron4eg
Copy link
Member

@kron4eg kron4eg commented Mar 30, 2021

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #1297

Does this PR introduce a user-facing change?:

certificates renew on upgrades

@kron4eg
Automate certificates renew
b8fbff7 
When upgrade --force or apply --force-upgrade are used.

Signed-off-by: Artiom Diomin <kron82@gmail.com>
@kron4eg kron4eg requested a review from xmudrii March 30, 2021 14:15
@kubermatic-bot kubermatic-bot added release-note Denotes a PR that will be considered when it comes time to generate release notes. dco-signoff: yes Denotes that all commits in the pull request have the valid DCO signoff message. approved Indicates a PR has been approved by an approver from all required OWNERS files. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Mar 30, 2021
@kron4eg
Copy link
Member Author

kron4eg commented Mar 30, 2021

/retest

@kron4eg
Update golangci-lint to v1.38.0
f0648e7 
Signed-off-by: Artiom Diomin <kron82@gmail.com>
@kron4eg
Copy link
Member Author

kron4eg commented Mar 30, 2021

/retest

xmudrii
xmudrii reviewed Mar 31, 2021
View reviewed changes
pkg/state/cluster.go Outdated Show resolved Hide resolved
pkg/tasks/certs.go Show resolved Hide resolved
pkg/tasks/certs.go Outdated Show resolved Hide resolved
@kron4eg
Review changes
5f7d78b 
Signed-off-by: Artiom Diomin <kron82@gmail.com>
@kron4eg
Copy link
Member Author

kron4eg commented Mar 31, 2021

/retest

xmudrii
xmudrii reviewed Apr 1, 2021
View reviewed changes
Copy link
Member

@xmudrii xmudrii left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We might be missing one important step here. What about restarting the API server, controller manager, etcd, and other relevant components? AFAIK, if we don't restart those components, they will still use the old certificates.

pkg/tasks/tasks.go Show resolved Hide resolved
pkg/tasks/tasks.go Show resolved Hide resolved
pkg/tasks/certs.go Show resolved Hide resolved
@kron4eg
Copy link
Member Author

kron4eg commented Apr 1, 2021

We might be missing one important step here. What about restarting the API server, controller manager, etcd, and other relevant components? AFAIK, if we don't restart those components, they will still use the old certificates.

I'm not sure but seems like apiserver observes the certificate files and restart its listener or it's kubeadm cert renew all sending HUP to apiserver, anyhow I see certificates are changing without me involved.

@kron4eg
Review changes
61cb047 
Signed-off-by: Artiom Diomin <kron82@gmail.com>
@kron4eg
Copy link
Member Author

kron4eg commented Apr 1, 2021

/retest

1 similar comment
@kron4eg
Copy link
Member Author

kron4eg commented Apr 1, 2021

/retest

xmudrii
xmudrii approved these changes Apr 2, 2021
View reviewed changes
Copy link
Member

@xmudrii xmudrii left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

@kubermatic-bot kubermatic-bot added the lgtm Indicates that a PR is ready to be merged. label Apr 2, 2021
@kubermatic-bot
Copy link
Contributor

LGTM label has been added.

Git tree hash: 61dfc6a94807c8c58ffcaa9a652cb7a8dffd5a9e

@kubermatic-bot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: kron4eg, xmudrii

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@kubermatic-bot kubermatic-bot merged commit cc00c0b into master Apr 2, 2021
@kubermatic-bot kubermatic-bot added this to the KubeOne 1.3 milestone Apr 2, 2021
@kubermatic-bot kubermatic-bot deleted the 1297-certs branch April 2, 2021 14:03
hwuethrich added a commit to hwuethrich/kubeone that referenced this pull request Aug 3, 2021
@hwuethrich
Merge remote-tracking branch 'upstream/master'
4a67bf1 
* upstream/master: (23 commits)
  Use spot instances for E2E on AWS (kubermatic#1310)
  Add Kubernetes 1.21 presubmits (kubermatic#1312)
  Add Kubernetes 1.21 binaries to the kubeone-e2e image (kubermatic#1311)
  [Azure] Added 30 second delay in output so that publicIP for Azure VM is available (kubermatic#1306)
  Remove e2e build tag (kubermatic#1305)
  Automate certificates renew (kubermatic#1300)
  Disable repo_gpgcheck for the Kubernetes yum repo (kubermatic#1304)
  Unattended upgrades addon (kubermatic#1291)
  Add the changelog for the v1.2.1 release (kubermatic#1292)
  Use admissionregistration v1 (kubermatic#1290)
  Upgrade machinecontroller to v1.27.4 (kubermatic#1288)
  Install cri-tools on Amazon Linux 2 (kubermatic#1282)
  Add the changelog for the v1.2.0 release (kubermatic#1275)
  Upgrade dependencies (kubermatic#1279)
  Use machinecontroller v1.27.1 to fix issue with flatcar (kubermatic#1276)
  shfmt (kubermatic#1274)
  Upgrade machinecontroller to v1.27.0 (kubermatic#1272)
  Add the changelog for the v1.2.0-rc.1 release (kubermatic#1270)
  Update E2E tests to use Go 1.16.1 (kubermatic#1268)
  Update the kubeone-e2e image and build jobs to Go 1.16.1 (kubermatic#1267)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@xmudrii xmudrii xmudrii approved these changes

Assignees

@xmudrii xmudrii

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. dco-signoff: yes Denotes that all commits in the pull request have the valid DCO signoff message. lgtm Indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
KubeOne 1.3
Development

Successfully merging this pull request may close these issues.

kubeone upgrade --force without changing version doesn't renew certificates
3 participants
@kron4eg @kubermatic-bot @xmudrii