Certificates copy for join --control-plane

parent issue: #2500

Enhancement Description

• One-line enhancement description (can be used as a release note): Certificates copy for join --control-plane
• Kubernetes Enhancement Proposal:

https://github.com/kubernetes/enhancements/tree/master/keps/sig-cluster-lifecycle/kubeadm/2502-Certificates-copy-for-join-control-plane

Automatic certificates copy makes easier to create HA clusters with the kubeadm tool using exactly
the same kubeadm init and kubeadm join commands the users are familiar with.

Motivation

As confirmed by the recent kubeadm survey,
support for high availability cluster is one of the most requested features for kubeadm.

A lot of effort was already done in kubeadm for achieving this goal, among them the redesign
of the kubeadm config file and its graduation to beta and the implementation of the
kubeadm join --control-plane workflow (KEP0015),
but the solution currently in place stills requires the manual copy of cluster certificates from
the bootstrap control-plane node to secondary control-plane nodes.

This KEP introduces automatic certificates copy, eliminating the manual operation described
above and completing the kubeadm solution for creating HA clusters.

• Discussion Link:
• Primary contact (assignee): @fabriziopandini
• Responsible SIGs: sig-cluster-lifecycle
• Enhancement target (which target equals to which milestone):
  • Alpha release target (x.y): 1.14
  • Beta release target (x.y): -
  • Stable release target (x.y): 1.24
• Alpha
  • KEP (k/enhancements) update PR(s):
  • Code (k/k) update PR(s):
  • Docs (k/website) update PR(s):

Implementation History

• 22 Jan 2019 - first release of this KEP
• v1.14 implementation as alpha feature without
  • Extension of the kubeadm config file for allowing usage of pre-generated certificate keys
  • TokenCleaner enforcement
  • E2E tests

Please keep this description up to date. This will help the Enhancement Team to track the evolution of the enhancement efficiently.

Migrating all the old template keps to new template : #2499

[fejta-bot]

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale

[fabriziopandini]

/remove-lifecycle stale

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle stale
• Mark this issue or PR as rotten with /lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[fabriziopandini]

/remove-lifecycle stale

@neolit123 WDYT about graduating this feature?

GA criteria are already met:

• To create a periodic E2E tests for HA clusters creation
• To create a periodic E2E tests to ensure upgradability of HA clusters
• To document the kubeadm support for HA in kubernetes.io

[neolit123]

a formal graduation to GA in 1.23 makes sense.

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle stale
• Mark this issue or PR as rotten with /lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale