validateKubeConfig
ignores CertificateAuthority
and only looks at CertificateAuthorityData
#2739
Labels
area/pki
PKI and certificate related issues
kind/feature
Categorizes issue or PR as related to a new feature.
priority/backlog
Higher priority than priority/awaiting-more-evidence.
What keywords did you search in kubeadm issues before filing this one?
"got the wrong CA cert"
Is this a BUG REPORT or FEATURE REQUEST?
BUG REPORT
Versions
kubeadm version (use
kubeadm version
): v1.23.6Environment:
kubectl version
): v1.23.6ca.key
in/etc/kubernetes/pki
)What happened?
Got the following error while running
kubeadm init phase kubelet-start --config=/path/to/kubeadm.conf
What you expected to happen?
Didn't expect this error to happen, because our controller-manager kubeconfig has:
The root CA is the exact same file.
How to reproduce it (as minimally and precisely as possible)?
ca.key
in/etc/kubernetes/pki
.certificate-authority
instead ofcertificate-authority-data
.kubeadm init phase kubelet-start --config=/path/to/kubeadm.conf
Anything else we need to know?
https://github.com/kubernetes/kubernetes/blob/v1.23.6/cmd/kubeadm/app/phases/kubeconfig/kubeconfig.go#L240 is looking at just
CertificateAuthorityData
. It should also read the contents of the file pointed byCertificateAuthority
ifCertificateAuthorityData
is empty.The text was updated successfully, but these errors were encountered: