Add kubeadm alpha certs certificate-key command #77848
Conversation
k8s-ci-robot
added
release-note
k8s-ci-robot
added
area/kubeadm
sig/cluster-lifecycle
|
/assign @neolit123 @fabriziopandini |
| // NewCmdCertificateKey returns cobra.Command for certificate key generate | ||
| func NewCmdCertificateKey() *cobra.Command { | ||
| return &cobra.Command{ | ||
| Use: "certificate-key", |
There was a problem hiding this comment.
hm, i wonder if we should just use the init phase for this.
adding a top level command would be fine if has more than one sub commands and multiple flags, but right now it would only serve this single purpose.
on the other hand we already have kubeadm token which covers existing functionality in init.
we also have the option here to have kubeadm certificate-key do multiple things:
- only generate key
- upload the certs & generate key (duplicates what the init phase does)
There was a problem hiding this comment.
also, a problem related to UX that i've been seeing is that users want the new full join command when generating a new cert-key.
so they use token ... --print-join-command and combine it with the new cert key manually.
there are no good solutions for this unless we have a command that generates both a new bootstrap token + hash + cert key.
There was a problem hiding this comment.
this command just generate a certificate-key, so user can only use it on init and init print the join command, we can print the init command but token generate just print the token.
There was a problem hiding this comment.
due that the certificate-key can't be manually generate on a easy way, it would be nice to have a command for it, but I agree that a top level command only for this seems weird.
There was a problem hiding this comment.
I agree with @neolit123 . My idea is that this is an utility for certificates and should go with the rest of the certs commands. Probably adding it under kubeadm alpha certs is a good idea.
@fabriziopandini @yagonobre @neolit123 WDYT?
There was a problem hiding this comment.
+1 to move to kubeadm alpha certs
yagonobre
force-pushed
the
certificate-key-command
branch
from
d2864b6
to
81c4b37
Compare
k8s-ci-robot
added
size/S
yagonobre
force-pushed
the
certificate-key-command
branch
2 times, most recently
from
f746458
to
b6e6b46
Compare
k8s-ci-robot
removed
the
needs-rebase
|
@neolit123 @rosti updated! |
cmd/kubeadm/app/cmd/alpha/certs.go
Outdated
| @@ -1,5 +1,5 @@ | |||
| /* | |||
| Copyright 2018 The Kubernetes Authors. | |||
| Copyright 2019 The Kubernetes Authors. | |||
There was a problem hiding this comment.
apparently, the project does not change dates of old source files.
2018 should be kept here.
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: neolit123, yagonobre The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
yagonobre
force-pushed
the
certificate-key-command
branch
from
b6e6b46
to
0a005e3
Compare
yagonobre
changed the title
There was a problem hiding this comment.
Thanks @yagonobre !
Given that this is an alpha command ATM, it's late in the cycle and it's simple enough, I think that it's OK to merge it as is (although it needs a simple test case and some UX polishing upon graduation).
/lgtm
/hold
for the release note to be reflecting kubeadm alpha certs certificate-key instead of kubeadm certificate-key.
k8s-ci-robot
added
do-not-merge/hold
yagonobre
changed the title
|
Thanks @yagonobre ! |
k8s-ci-robot
removed
the
do-not-merge/hold
|
/test pull-kubernetes-kubemark-e2e-gce-big |
|
/retest |
1 similar comment
|
/retest |
|
/test pull-kubernetes-kubemark-e2e-gce-big |
|
/retest |
1 similar comment
|
/retest |
|
/retest Review the full test history for this PR. Silence the bot with an |
2 similar comments
|
/retest Review the full test history for this PR. Silence the bot with an |
|
/retest Review the full test history for this PR. Silence the bot with an |
What type of PR is this?
/kind feature
What this PR does / why we need it:
Add
kubeadm certificate-keycommand to generate secure random key to use on kubeadm init --experimental-upload-certsWhich issue(s) this PR fixes:
Does this PR introduce a user-facing change?:
/priority important-longterm