New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add kubeadm alpha certs certificate-key command #77848
Add kubeadm alpha certs certificate-key command #77848
Conversation
/assign @neolit123 @fabriziopandini |
// NewCmdCertificateKey returns cobra.Command for certificate key generate | ||
func NewCmdCertificateKey() *cobra.Command { | ||
return &cobra.Command{ | ||
Use: "certificate-key", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hm, i wonder if we should just use the init phase for this.
adding a top level command would be fine if has more than one sub commands and multiple flags, but right now it would only serve this single purpose.
on the other hand we already have kubeadm token
which covers existing functionality in init
.
we also have the option here to have kubeadm certificate-key
do multiple things:
- only generate key
- upload the certs & generate key (duplicates what the init phase does)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
also, a problem related to UX that i've been seeing is that users want the new full join command when generating a new cert-key.
so they use token ... --print-join-command
and combine it with the new cert key manually.
there are no good solutions for this unless we have a command that generates both a new bootstrap token + hash + cert key.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this command just generate a certificate-key, so user can only use it on init and init print the join command, we can print the init command but token generate
just print the token.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
due that the certificate-key can't be manually generate on a easy way, it would be nice to have a command for it, but I agree that a top level command only for this seems weird.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree with @neolit123 . My idea is that this is an utility for certificates and should go with the rest of the certs commands. Probably adding it under kubeadm alpha certs
is a good idea.
@fabriziopandini @yagonobre @neolit123 WDYT?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1 to move to kubeadm alpha certs
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1
d2864b6
to
81c4b37
Compare
f746458
to
b6e6b46
Compare
@neolit123 @rosti updated! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@yagonobre one minor comment about date but LGTM.
/approve
cmd/kubeadm/app/cmd/alpha/certs.go
Outdated
@@ -1,5 +1,5 @@ | |||
/* | |||
Copyright 2018 The Kubernetes Authors. | |||
Copyright 2019 The Kubernetes Authors. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
apparently, the project does not change dates of old source files.
2018 should be kept here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
til
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
updated!
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: neolit123, yagonobre The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
b6e6b46
to
0a005e3
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @yagonobre !
Given that this is an alpha command ATM, it's late in the cycle and it's simple enough, I think that it's OK to merge it as is (although it needs a simple test case and some UX polishing upon graduation).
/lgtm
/hold
for the release note to be reflecting kubeadm alpha certs certificate-key
instead of kubeadm certificate-key
.
Thanks @yagonobre ! |
/test pull-kubernetes-kubemark-e2e-gce-big |
/retest |
1 similar comment
/retest |
/test pull-kubernetes-kubemark-e2e-gce-big |
/retest |
1 similar comment
/retest |
/retest Review the full test history for this PR. Silence the bot with an |
2 similar comments
/retest Review the full test history for this PR. Silence the bot with an |
/retest Review the full test history for this PR. Silence the bot with an |
What type of PR is this?
/kind feature
What this PR does / why we need it:
Add
kubeadm certificate-key
command to generate secure random key to use on kubeadm init --experimental-upload-certsWhich issue(s) this PR fixes:
Does this PR introduce a user-facing change?:
/priority important-longterm