Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kubeadm: fix a bug when dry-running with existing ca.key / ca.crt #108410

Merged
merged 1 commit into from
Mar 3, 2022
Merged

kubeadm: fix a bug when dry-running with existing ca.key / ca.crt #108410

merged 1 commit into from
Mar 3, 2022

Conversation

Haleygo
Copy link
Contributor

@Haleygo Haleygo commented Mar 1, 2022
edited

What type of PR is this?

/kind bug

What this PR does / why we need it:

Kubeadm init --dry-run doesn't work when ca.crt and ca.key provided cause they should be copied to tmp dir.

Which issue(s) this PR fixes:

Fixes kubernetes/kubeadm#2512

Special notes for your reviewer:

Does this PR introduce a user-facing change?

kubeadm: fix a bug when using "kubeadm init --dry-run" with certificate authority files (ca.key / ca.crt) present in /etc/kubernetes/pki)

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

NONE

@k8s-ci-robot k8s-ci-robot added release-note-none Denotes a PR that doesn't merit a release note. kind/bug Categorizes issue or PR as related to a bug. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels Mar 1, 2022
@k8s-ci-robot k8s-ci-robot added area/kubeadm sig/cluster-lifecycle Categorizes an issue or PR as relevant to SIG Cluster Lifecycle. and removed do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Mar 1, 2022
@Haleygo
Copy link
Contributor Author

Haleygo commented Mar 1, 2022

/assign @neolit123

neolit123
neolit123 reviewed Mar 1, 2022
View reviewed changes
Copy link
Member

@neolit123 neolit123 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks @Haleygo
i think the change is fine, added some minor comments around error output and the name of CopyFile.

other than that LGTM.

cmd/kubeadm/app/cmd/phases/init/certs.go Outdated Show resolved Hide resolved
cmd/kubeadm/app/cmd/phases/init/certs.go Outdated Show resolved Hide resolved
cmd/kubeadm/app/cmd/phases/init/kubeconfig.go Outdated Show resolved Hide resolved
cmd/kubeadm/app/cmd/phases/util.go Outdated Show resolved Hide resolved
cmd/kubeadm/app/cmd/phases/util.go Outdated Show resolved Hide resolved
@neolit123
Copy link
Member

/priority backlog
/triage accepted

@k8s-ci-robot k8s-ci-robot added priority/backlog Higher priority than priority/awaiting-more-evidence. triage/accepted Indicates an issue or PR is ready to be actively worked on. and removed needs-priority Indicates a PR lacks a `priority/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Mar 1, 2022
@neolit123
Copy link
Member

/retitle kubeadm: fix a bug when dry-running in external CA mode

@k8s-ci-robot k8s-ci-robot changed the title Fix dryrun when ca file exists kubeadm: fix a bug when dry-running in external CA mode Mar 1, 2022
@neolit123
Copy link
Member

/release-note-edit

kubeadm: fix a bug when using "kubeadm init --dry-run" with an external certificate authority (ca.key not present in /etc/kubernetes/pki)

@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. and removed release-note-none Denotes a PR that doesn't merit a release note. labels Mar 1, 2022
@Haleygo Haleygo force-pushed the fix-dryrun-when-ca-existed branch from 8ea93ca to dace266 Compare March 2, 2022 01:54
@Haleygo
Copy link
Contributor Author

Haleygo commented Mar 2, 2022

/retitle kubeadm: fix a bug when dry-running in external CA mode

@neolit123 Title maybe a little inaccurate here. It's not in external CA mode, external CA mode activates when the CA Cert is present but the CA Key is not.
image
It's more like supporting sparse certificates when kubeadm init dryrun.

@neolit123
Copy link
Member

It's more like supporting sparse certificates when kubeadm init dryrun.

ok, that is true. updating:

/retitle kubeadm: fix a bug when dry-running with existing ca.key / ca.crt

@k8s-ci-robot k8s-ci-robot changed the title kubeadm: fix a bug when dry-running in external CA mode kubeadm: fix a bug when dry-running with existing ca.key / ca.crt Mar 2, 2022
@neolit123
Copy link
Member

/release-note-edit

kubeadm: fix a bug when using "kubeadm init --dry-run" with certificate authority files (ca.key / ca.crt) present in /etc/kubernetes/pki)

neolit123
neolit123 reviewed Mar 2, 2022
View reviewed changes
Copy link
Member

@neolit123 neolit123 left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve

i will give this a quick test locally.
EDIT: works fine!

does anyone want to backport it to 1.21, 1.22, 1.23 once it merges?
@Haleygo @pacoxu @RA489 ?

the script we use is: ./hack/cherry_pick_pull.sh

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Haleygo, neolit123

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 2, 2022
@neolit123
Copy link
Member

also please update this in the description:
Fixes #kubernetes/kubeadm#2512 to Fixes kubernetes/kubeadm#2512

to trigger the fixes GH keyword.

@Haleygo Haleygo force-pushed the fix-dryrun-when-ca-existed branch from dace266 to 22c7fb3 Compare March 3, 2022 01:40
@Haleygo
Copy link
Contributor Author

Haleygo commented Mar 3, 2022
edited

/approve

i will give this a quick test locally. EDIT: works fine!

does anyone want to backport it to 1.21, 1.22, 1.23 once it merges? @Haleygo @pacoxu @RA489 ?

the script we use is: ./hack/cherry_pick_pull.sh

thanks, I will take it :)

@pacoxu
Copy link
Member

pacoxu commented Mar 3, 2022

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 3, 2022
@Haleygo Haleygo force-pushed the fix-dryrun-when-ca-existed branch from 22c7fb3 to fe104a9 Compare March 3, 2022 03:50
@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 3, 2022
@Haleygo Haleygo force-pushed the fix-dryrun-when-ca-existed branch from fe104a9 to 3bbc257 Compare March 3, 2022 03:54
@pacoxu
Copy link
Member

pacoxu commented Mar 3, 2022

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 3, 2022
This was referenced Mar 3, 2022
Merged
Merged
@Haleygo
Copy link
Contributor Author

Haleygo commented Mar 3, 2022

/test pull-kubernetes-e2e-kind

@Haleygo Haleygo mentioned this pull request Mar 3, 2022
Merged
@k8s-ci-robot k8s-ci-robot merged commit 6f1612d into kubernetes:master Mar 3, 2022
@k8s-ci-robot k8s-ci-robot added this to the v1.24 milestone Mar 3, 2022
@Haleygo Haleygo deleted the fix-dryrun-when-ca-existed branch March 3, 2022 08:55
k8s-ci-robot added a commit that referenced this pull request Mar 3, 2022
@k8s-ci-robot
Merge pull request #108471 from Haleygo/automated-cherry-pick-of-#108…
24a7837 
…410-upstream-release-1.22

Automated cherry pick of #108410: fix dryrun when ca file exists
k8s-ci-robot added a commit that referenced this pull request Mar 3, 2022
@k8s-ci-robot
Merge pull request #108472 from Haleygo/automated-cherry-pick-of-#108…
382913a 
…410-upstream-release-1.21

Automated cherry pick of #108410: fix dryrun when ca file exists
k8s-ci-robot added a commit that referenced this pull request Mar 3, 2022
@k8s-ci-robot
Merge pull request #108469 from Haleygo/automated-cherry-pick-of-#108…
dec3835 
…410-upstream-release-1.23

Automated cherry pick of #108410: fix dryrun when ca file exists
@github-actions github-actions bot mentioned this pull request Mar 22, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@neolit123 neolit123 neolit123 left review comments

@RA489 RA489 Awaiting requested review from RA489

Assignees

@neolit123 neolit123

@pacoxu pacoxu

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/kubeadm cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. lgtm "Looks good to me", indicates that a PR is ready to be merged. priority/backlog Higher priority than priority/awaiting-more-evidence. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/cluster-lifecycle Categorizes an issue or PR as relevant to SIG Cluster Lifecycle. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
None yet
Milestone
v1.24
Development

Successfully merging this pull request may close these issues.

Kubeadm init --dry-run doestn't work if using an external ca
4 participants
@Haleygo @neolit123 @k8s-ci-robot @pacoxu