Merge pull request #42200 from mikedanese/fix-upgrade
Automatic merge from submit-queue fix upgrades
This commit is contained in:
@@ -1073,6 +1073,8 @@ function parse-master-env() {
|
|||||||
EXTRA_DOCKER_OPTS=$(get-env-val "${master_env}" "EXTRA_DOCKER_OPTS")
|
EXTRA_DOCKER_OPTS=$(get-env-val "${master_env}" "EXTRA_DOCKER_OPTS")
|
||||||
KUBELET_CERT_BASE64=$(get-env-val "${master_env}" "KUBELET_CERT")
|
KUBELET_CERT_BASE64=$(get-env-val "${master_env}" "KUBELET_CERT")
|
||||||
KUBELET_KEY_BASE64=$(get-env-val "${master_env}" "KUBELET_KEY")
|
KUBELET_KEY_BASE64=$(get-env-val "${master_env}" "KUBELET_KEY")
|
||||||
|
MASTER_CERT_BASE64=$(get-env-val "${master_env}" "MASTER_CERT")
|
||||||
|
MASTER_KEY_BASE64=$(get-env-val "${master_env}" "MASTER_KEY")
|
||||||
}
|
}
|
||||||
|
|
||||||
# Update or verify required gcloud components are installed
|
# Update or verify required gcloud components are installed
|
||||||
|
@@ -61,10 +61,11 @@ function create-node-pki {
|
|||||||
|
|
||||||
if [[ -z "${CA_CERT_BUNDLE:-}" ]]; then
|
if [[ -z "${CA_CERT_BUNDLE:-}" ]]; then
|
||||||
CA_CERT_BUNDLE="${CA_CERT}"
|
CA_CERT_BUNDLE="${CA_CERT}"
|
||||||
CA_CERT_BUNDLE_PATH="${pki_dir}/ca-certificates.crt"
|
|
||||||
echo "${CA_CERT_BUNDLE}" | base64 --decode > "${CA_CERT_BUNDLE_PATH}"
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
CA_CERT_BUNDLE_PATH="${pki_dir}/ca-certificates.crt"
|
||||||
|
echo "${CA_CERT_BUNDLE}" | base64 --decode > "${CA_CERT_BUNDLE_PATH}"
|
||||||
|
|
||||||
if [[ ! -z "${KUBELET_CERT:-}" && ! -z "${KUBELET_KEY:-}" ]]; then
|
if [[ ! -z "${KUBELET_CERT:-}" && ! -z "${KUBELET_KEY:-}" ]]; then
|
||||||
KUBELET_CERT_PATH="${pki_dir}/kubelet.crt"
|
KUBELET_CERT_PATH="${pki_dir}/kubelet.crt"
|
||||||
echo "${KUBELET_CERT}" | base64 --decode > "${KUBELET_CERT_PATH}"
|
echo "${KUBELET_CERT}" | base64 --decode > "${KUBELET_CERT_PATH}"
|
||||||
|
@@ -197,10 +197,11 @@ function create-node-pki {
|
|||||||
|
|
||||||
if [[ -z "${CA_CERT_BUNDLE:-}" ]]; then
|
if [[ -z "${CA_CERT_BUNDLE:-}" ]]; then
|
||||||
CA_CERT_BUNDLE="${CA_CERT}"
|
CA_CERT_BUNDLE="${CA_CERT}"
|
||||||
CA_CERT_BUNDLE_PATH="${pki_dir}/ca-certificates.crt"
|
|
||||||
echo "${CA_CERT_BUNDLE}" | base64 --decode > "${CA_CERT_BUNDLE_PATH}"
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
CA_CERT_BUNDLE_PATH="${pki_dir}/ca-certificates.crt"
|
||||||
|
echo "${CA_CERT_BUNDLE}" | base64 --decode > "${CA_CERT_BUNDLE_PATH}"
|
||||||
|
|
||||||
if [[ ! -z "${KUBELET_CERT:-}" && ! -z "${KUBELET_KEY:-}" ]]; then
|
if [[ ! -z "${KUBELET_CERT:-}" && ! -z "${KUBELET_KEY:-}" ]]; then
|
||||||
KUBELET_CERT_PATH="${pki_dir}/kubelet.crt"
|
KUBELET_CERT_PATH="${pki_dir}/kubelet.crt"
|
||||||
echo "${KUBELET_CERT}" | base64 --decode > "${KUBELET_CERT_PATH}"
|
echo "${KUBELET_CERT}" | base64 --decode > "${KUBELET_CERT_PATH}"
|
||||||
@@ -227,33 +228,36 @@ function create-master-pki {
|
|||||||
|
|
||||||
if [[ -z "${APISERVER_SERVER_CERT:-}" || -z "${APISERVER_SERVER_KEY:-}" ]]; then
|
if [[ -z "${APISERVER_SERVER_CERT:-}" || -z "${APISERVER_SERVER_KEY:-}" ]]; then
|
||||||
APISERVER_SERVER_CERT="${MASTER_CERT}"
|
APISERVER_SERVER_CERT="${MASTER_CERT}"
|
||||||
APISERVER_SERVER_CERT_PATH="${pki_dir}/apiserver.crt"
|
|
||||||
echo "${APISERVER_SERVER_CERT}" | base64 --decode > "${APISERVER_SERVER_CERT_PATH}"
|
|
||||||
|
|
||||||
APISERVER_SERVER_KEY="${MASTER_KEY}"
|
APISERVER_SERVER_KEY="${MASTER_KEY}"
|
||||||
APISERVER_SERVER_KEY_PATH="${pki_dir}/apiserver.key"
|
|
||||||
echo "${APISERVER_SERVER_KEY}" | base64 --decode > "${APISERVER_SERVER_KEY_PATH}"
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
APISERVER_SERVER_CERT_PATH="${pki_dir}/apiserver.crt"
|
||||||
|
echo "${APISERVER_SERVER_CERT}" | base64 --decode > "${APISERVER_SERVER_CERT_PATH}"
|
||||||
|
|
||||||
|
APISERVER_SERVER_KEY_PATH="${pki_dir}/apiserver.key"
|
||||||
|
echo "${APISERVER_SERVER_KEY}" | base64 --decode > "${APISERVER_SERVER_KEY_PATH}"
|
||||||
|
|
||||||
if [[ -z "${APISERVER_CLIENT_CERT:-}" || -z "${APISERVER_CLIENT_KEY:-}" ]]; then
|
if [[ -z "${APISERVER_CLIENT_CERT:-}" || -z "${APISERVER_CLIENT_KEY:-}" ]]; then
|
||||||
APISERVER_CLIENT_CERT="${KUBEAPISERVER_CERT}"
|
APISERVER_CLIENT_CERT="${KUBEAPISERVER_CERT}"
|
||||||
APISERVER_CLIENT_CERT_PATH="${pki_dir}/apiserver-client.crt"
|
|
||||||
echo "${APISERVER_CLIENT_CERT}" | base64 --decode > "${APISERVER_CLIENT_CERT_PATH}"
|
|
||||||
|
|
||||||
APISERVER_CLIENT_KEY="${KUBEAPISERVER_KEY}"
|
APISERVER_CLIENT_KEY="${KUBEAPISERVER_KEY}"
|
||||||
APISERVER_CLIENT_KEY_PATH="${pki_dir}/apiserver-client.key"
|
|
||||||
echo "${APISERVER_CLIENT_KEY}" | base64 --decode > "${APISERVER_CLIENT_KEY_PATH}"
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
APISERVER_CLIENT_CERT_PATH="${pki_dir}/apiserver-client.crt"
|
||||||
|
echo "${APISERVER_CLIENT_CERT}" | base64 --decode > "${APISERVER_CLIENT_CERT_PATH}"
|
||||||
|
|
||||||
|
APISERVER_CLIENT_KEY_PATH="${pki_dir}/apiserver-client.key"
|
||||||
|
echo "${APISERVER_CLIENT_KEY}" | base64 --decode > "${APISERVER_CLIENT_KEY_PATH}"
|
||||||
|
|
||||||
if [[ -z "${SERVICEACCOUNT_CERT:-}" || -z "${SERVICEACCOUNT_KEY:-}" ]]; then
|
if [[ -z "${SERVICEACCOUNT_CERT:-}" || -z "${SERVICEACCOUNT_KEY:-}" ]]; then
|
||||||
SERVICEACCOUNT_CERT="${MASTER_CERT}"
|
SERVICEACCOUNT_CERT="${MASTER_CERT}"
|
||||||
SERVICEACCOUNT_CERT_PATH="${pki_dir}/serviceaccount.crt"
|
|
||||||
echo "${SERVICEACCOUNT_CERT}" | base64 --decode > "${SERVICEACCOUNT_CERT_PATH}"
|
|
||||||
|
|
||||||
SERVICEACCOUNT_KEY="${MASTER_KEY}"
|
SERVICEACCOUNT_KEY="${MASTER_KEY}"
|
||||||
SERVICEACCOUNT_KEY_PATH="${pki_dir}/serviceaccount.key"
|
|
||||||
echo "${SERVICEACCOUNT_KEY}" | base64 --decode > "${SERVICEACCOUNT_KEY_PATH}"
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
SERVICEACCOUNT_CERT_PATH="${pki_dir}/serviceaccount.crt"
|
||||||
|
echo "${SERVICEACCOUNT_CERT}" | base64 --decode > "${SERVICEACCOUNT_CERT_PATH}"
|
||||||
|
|
||||||
|
SERVICEACCOUNT_KEY_PATH="${pki_dir}/serviceaccount.key"
|
||||||
|
echo "${SERVICEACCOUNT_KEY}" | base64 --decode > "${SERVICEACCOUNT_KEY_PATH}"
|
||||||
}
|
}
|
||||||
|
|
||||||
# After the first boot and on upgrade, these files exist on the master-pd
|
# After the first boot and on upgrade, these files exist on the master-pd
|
||||||
|
@@ -264,7 +264,7 @@
|
|||||||
"mountPath": "/etc/openssl",
|
"mountPath": "/etc/openssl",
|
||||||
"readOnly": true},
|
"readOnly": true},
|
||||||
{ "name": "etcpki",
|
{ "name": "etcpki",
|
||||||
"mountPath": "/etc/pki",
|
"mountPath": "/etc/srv/pki",
|
||||||
"readOnly": true},
|
"readOnly": true},
|
||||||
{ "name": "srvsshproxy",
|
{ "name": "srvsshproxy",
|
||||||
"mountPath": "{{srv_sshproxy_path}}",
|
"mountPath": "{{srv_sshproxy_path}}",
|
||||||
@@ -309,7 +309,7 @@
|
|||||||
},
|
},
|
||||||
{ "name": "etcpki",
|
{ "name": "etcpki",
|
||||||
"hostPath": {
|
"hostPath": {
|
||||||
"path": "/etc/pki"}
|
"path": "/etc/srv/pki"}
|
||||||
},
|
},
|
||||||
{ "name": "srvsshproxy",
|
{ "name": "srvsshproxy",
|
||||||
"hostPath": {
|
"hostPath": {
|
||||||
|
Reference in New Issue
Block a user