From 7c783fa374e1a48d88409ee7f9bd01836c40542f Mon Sep 17 00:00:00 2001 From: "Lubomir I. Ivanov" Date: Wed, 23 Sep 2020 04:18:29 +0300 Subject: [PATCH] kubeadm: make the CP join handling of kubeconfig similar to "init" The kubeconfig phase of "kubeadm init" detects external CA mode and skips the generation of kubeconfig files. The kubeconfig handling during control-plane join executes CreateJoinControlPlaneKubeConfigFiles() which requires the presence of ca.key when preparing the spec of a kubeconfig file and prevents usage of external CA mode. Modify CreateJoinControlPlaneKubeConfigFiles() to skip generating the kubeconfig files if external CA mode is detected. --- .../app/phases/kubeconfig/kubeconfig.go | 26 +++++++++++++++---- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/cmd/kubeadm/app/phases/kubeconfig/kubeconfig.go b/cmd/kubeadm/app/phases/kubeconfig/kubeconfig.go index 51bd42eec2b0..008265481d86 100644 --- a/cmd/kubeadm/app/phases/kubeconfig/kubeconfig.go +++ b/cmd/kubeadm/app/phases/kubeconfig/kubeconfig.go @@ -67,15 +67,31 @@ type kubeConfigSpec struct { // CreateJoinControlPlaneKubeConfigFiles will create and write to disk the kubeconfig files required by kubeadm // join --control-plane workflow, plus the admin kubeconfig file used by the administrator and kubeadm itself; the // kubelet.conf file must not be created because it will be created and signed by the kubelet TLS bootstrap process. -// If any kubeconfig files already exists, it used only if evaluated equal; otherwise an error is returned. +// When not using external CA mode, if a kubeconfig file already exists it is used only if evaluated equal, +// otherwise an error is returned. For external CA mode, the creation of kubeconfig files is skipped. func CreateJoinControlPlaneKubeConfigFiles(outDir string, cfg *kubeadmapi.InitConfiguration) error { - return createKubeConfigFiles( - outDir, - cfg, + var externaCA bool + caKeyPath := filepath.Join(cfg.CertificatesDir, kubeadmconstants.CAKeyName) + if _, err := os.Stat(caKeyPath); os.IsNotExist(err) { + externaCA = true + } + + files := []string{ kubeadmconstants.AdminKubeConfigFileName, kubeadmconstants.ControllerManagerKubeConfigFileName, kubeadmconstants.SchedulerKubeConfigFileName, - ) + } + + for _, file := range files { + if externaCA { + fmt.Printf("[kubeconfig] External CA mode: Using user provided %s\n", file) + continue + } + if err := createKubeConfigFiles(outDir, cfg, file); err != nil { + return err + } + } + return nil } // CreateKubeConfigFile creates a kubeconfig file.