kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Refactor legacy etcd manager etcd-client keypair

This commit is contained in:
John Gardiner Myers 2021-07-17 11:06:09 -07:00
parent 67cfa9d4d4
commit 226380bf5b
2 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
nodeup/pkg/model/kube_apiserver.go
View File

@ -130,13 +130,11 @@ func (b *KubeAPIServerBuilder) Build(c *fi.ModelBuilderContext) error {
if err := issueCert.AddFileTasks(c, pathSrvKAPI, issueCert.Name, "", nil); err != nil { if err := issueCert.AddFileTasks(c, pathSrvKAPI, issueCert.Name, "", nil); err != nil {
return err return err
} }
kubeAPIServer.EtcdCertFile = filepath.Join(pathSrvKAPI, "etcd-client.crt")
kubeAPIServer.EtcdKeyFile = filepath.Join(pathSrvKAPI, "etcd-client.key")
} else if b.UseEtcdTLS() { } else if b.UseEtcdTLS() {
kubeAPIServer.EtcdCAFile = filepath.Join(b.PathSrvKubernetes(), "ca.crt") kubeAPIServer.EtcdCAFile = filepath.Join(b.PathSrvKubernetes(), "ca.crt")
kubeAPIServer.EtcdCertFile = filepath.Join(b.PathSrvKubernetes(), "etcd-client.pem")
kubeAPIServer.EtcdKeyFile = filepath.Join(b.PathSrvKubernetes(), "etcd-client-key.pem")
} }
kubeAPIServer.EtcdCertFile = filepath.Join(pathSrvKAPI, "etcd-client.crt")
kubeAPIServer.EtcdKeyFile = filepath.Join(pathSrvKAPI, "etcd-client.key")
{ {
c.AddTask(&nodetasks.File{ c.AddTask(&nodetasks.File{

12
nodeup/pkg/model/protokube.go
View File

@ -101,16 +101,24 @@ func (t *ProtokubeBuilder) Build(c *fi.ModelBuilderContext) error {
// retrieve the etcd peer certificates and private keys from the keystore // retrieve the etcd peer certificates and private keys from the keystore
if !t.UseEtcdManager() && t.UseEtcdTLS() { if !t.UseEtcdManager() && t.UseEtcdTLS() {
for _, x := range []string{"etcd", "etcd-peer", "etcd-client"} { for _, x := range []string{"etcd", "etcd-peer"} {
if err := t.BuildCertificateTask(c, x, fmt.Sprintf("%s.pem", x), nil); err != nil { if err := t.BuildCertificateTask(c, x, fmt.Sprintf("%s.pem", x), nil); err != nil {
return err return err
} }
} }
for _, x := range []string{"etcd", "etcd-peer", "etcd-client"} { for _, x := range []string{"etcd", "etcd-peer"} {
if err := t.BuildLegacyPrivateKeyTask(c, x, fmt.Sprintf("%s-key.pem", x), nil); err != nil { if err := t.BuildLegacyPrivateKeyTask(c, x, fmt.Sprintf("%s-key.pem", x), nil); err != nil {
return err return err
} }
} }
pathEtcdClient := filepath.Join(t.PathSrvKubernetes(), "kube-apiserver", "etcd-client")
if err := t.BuildCertificateTask(c, "etcd-client", pathEtcdClient+".crt", nil); err != nil {
return err
}
if err := t.BuildLegacyPrivateKeyTask(c, "etcd-client", pathEtcdClient+".key", nil); err != nil {
return err
}
} }
} }