From 328254957776fcc087e02d3fa40bf61a189cdc4c Mon Sep 17 00:00:00 2001
From: John Gardiner Myers <jgmyers@proofpoint.com>
Date: Fri, 16 Jul 2021 10:13:20 -0700
Subject: [PATCH] Issue kubelet cert on apiserver nodes for k8s before 1.19

---
 nodeup/pkg/model/kubelet.go | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/nodeup/pkg/model/kubelet.go b/nodeup/pkg/model/kubelet.go
index 9d715d5036..38b273cb18 100644
--- a/nodeup/pkg/model/kubelet.go
+++ b/nodeup/pkg/model/kubelet.go
@@ -117,8 +117,15 @@ func (b *KubeletBuilder) Build(c *fi.ModelBuilderContext) error {
 
 		if b.HasAPIServer || !b.UseBootstrapTokens() {
 			var kubeconfig fi.Resource
-			if b.HasAPIServer && (b.IsKubernetesGTE("1.19") || b.UseBootstrapTokens()) {
-				kubeconfig, err = b.buildMasterKubeletKubeconfig(c)
+			if b.HasAPIServer {
+				if b.IsKubernetesGTE("1.19") || b.UseBootstrapTokens() {
+					kubeconfig, err = b.buildMasterKubeletKubeconfig(c)
+				} else {
+					kubeconfig = b.BuildIssuedKubeconfig("kubelet", nodetasks.PKIXName{
+						CommonName:   "kubelet",
+						Organization: []string{rbac.NodesGroup},
+					}, c)
+				}
 			} else {
 				kubeconfig, err = b.BuildBootstrapKubeconfig("kubelet", c)
 			}