Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

kubeadm: Allow certain certs/keys to be missing on the secret #75415

Conversation

@ereslibre
Copy link
Member

commented Mar 15, 2019

What type of PR is this?
/kind bug

What this PR does / why we need it:
Under certain circumstances, specially when using an insecure external
etcd cluster (no certificates), or when using external certificates (
no CA key), some keys inside the kubeadm-certs secret data can contain
the key with an empty value on the map.

When downloading certs just ignore those that are blank and inform the
user about it.

Special notes for your reviewer:
This is targeted for v1.14

Does this PR introduce a user-facing change?:

kubeadm: Allow certain certs/keys to be missing on the secret when transferring secrets using `--experimental-upload-certs` feature

/cc @fabriziopandini @yagonobre

Copy link
Member

left a comment

Thanks @ereslibre
/sig cluster-lifecycle
/priority critical-urgent
/lgtm
/assign @fabriziopandini

Copy link
Member

left a comment

@ereslibre thanks for the quick fix!
I have tested this locally and it solves the issue found during my tests.
If possible please fix the two nits

/assign @neolit123
/assign @timothysc

/milestone 1.14

cmd/kubeadm/app/phases/copycerts/copycerts.go Outdated Show resolved Hide resolved
cmd/kubeadm/app/phases/copycerts/copycerts.go Outdated Show resolved Hide resolved
@k8s-ci-robot

This comment has been minimized.

Copy link
Contributor

commented Mar 15, 2019

@fabriziopandini: The provided milestone is not valid for this repository. Milestones in this repository: [next-candidate, v1.10, v1.11, v1.12, v1.13, v1.14, v1.15, v1.16, v1.17, v1.18, v1.4, v1.5, v1.6, v1.7, v1.8, v1.9]

Use /milestone clear to clear the milestone.

In response to this:

@ereslibre thanks for the quick fix!
I have tested this locally and it solves the issue found during my tests.
If possible please fix the two nits

/assign @neolit123
/assign @timothysc

/milestone 1.14

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@fabriziopandini

This comment has been minimized.

Copy link
Member

commented Mar 15, 2019

/milestone v1.14

@k8s-ci-robot k8s-ci-robot added this to the v1.14 milestone Mar 15, 2019
Under certain circumstances, specially when using an insecure external
etcd cluster (no certificates), or when using external certificates (
no CA key), some keys inside the kubeadm-certs secret data can contain
the key with an empty value on the map.

When downloading certs just ignore those that are blank and inform the
user about it.
@ereslibre ereslibre force-pushed the ereslibre:do-not-fail-to-download-partial-secrets branch from d21ff29 to bc26c69 Mar 15, 2019
@k8s-ci-robot k8s-ci-robot removed the lgtm label Mar 15, 2019
@fabriziopandini

This comment has been minimized.

Copy link
Member

commented Mar 15, 2019

@ereslibre thanks!
/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm label Mar 15, 2019
@fabriziopandini

This comment has been minimized.

Copy link
Member

commented Mar 15, 2019

/test pull-kubernetes-kubemark-e2e-gce-big

1 similar comment
@fabriziopandini

This comment has been minimized.

Copy link
Member

commented Mar 16, 2019

/test pull-kubernetes-kubemark-e2e-gce-big

Copy link
Member

left a comment

SGTM, thanks!

/lgtm
/approve
/retest

@k8s-ci-robot

This comment has been minimized.

Copy link
Contributor

commented Mar 16, 2019

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ereslibre, neolit123

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@yagonobre

This comment has been minimized.

Copy link
Member

commented Mar 16, 2019

/test pull-kubernetes-kubemark-e2e-gce-big

@neolit123

This comment has been minimized.

Copy link
Member

commented Mar 16, 2019

/retest

@k8s-ci-robot k8s-ci-robot merged commit 4d12047 into kubernetes:master Mar 16, 2019
17 checks passed
17 checks passed
cla/linuxfoundation ereslibre authorized
Details
pull-kubernetes-bazel-build Job succeeded.
Details
pull-kubernetes-bazel-test Job succeeded.
Details
pull-kubernetes-conformance-image-test Skipped.
pull-kubernetes-cross Skipped.
pull-kubernetes-e2e-gce Job succeeded.
Details
pull-kubernetes-e2e-gce-100-performance Job succeeded.
Details
pull-kubernetes-e2e-gce-device-plugin-gpu Job succeeded.
Details
pull-kubernetes-godeps Skipped.
pull-kubernetes-integration Job succeeded.
Details
pull-kubernetes-kubemark-e2e-gce-big Job succeeded.
Details
pull-kubernetes-local-e2e Skipped.
pull-kubernetes-node-e2e Job succeeded.
Details
pull-kubernetes-typecheck Job succeeded.
Details
pull-kubernetes-verify Job succeeded.
Details
pull-publishing-bot-validate Skipped.
tide In merge pool.
Details
@ereslibre ereslibre deleted the ereslibre:do-not-fail-to-download-partial-secrets branch Mar 16, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.