Merge pull request #46799 from mikedanese/gce-3
Automatic merge from submit-queue (batch tested with PRs 46972, 42829, 46799, 46802, 46844) promote tls-bootstrap to beta last commit of this PR. Towards https://github.com/kubernetes/kubernetes/issues/46999 ```release-note Promote kubelet tls bootstrap to beta. Add a non-experimental flag to use it and deprecate the old flag. ```
This commit is contained in:
		| @@ -705,7 +705,7 @@ function start-kubelet { | ||||
|     flags+=" --hairpin-mode=none" | ||||
|     if [[ "${REGISTER_MASTER_KUBELET:-false}" == "true" ]]; then | ||||
|       #TODO(mikedanese): allow static pods to start before creating a client | ||||
|       #flags+=" --experimental-bootstrap-kubeconfig=/var/lib/kubelet/bootstrap-kubeconfig" | ||||
|       #flags+=" --bootstrap-kubeconfig=/var/lib/kubelet/bootstrap-kubeconfig" | ||||
|       #flags+=" --kubeconfig=/var/lib/kubelet/kubeconfig" | ||||
|       flags+=" --kubeconfig=/var/lib/kubelet/bootstrap-kubeconfig" | ||||
|       flags+=" --require-kubeconfig" | ||||
| @@ -717,7 +717,7 @@ function start-kubelet { | ||||
|   else # For nodes | ||||
|     flags+="${NODE_KUBELET_TEST_ARGS:-}" | ||||
|     flags+=" --enable-debugging-handlers=true" | ||||
|     flags+=" --experimental-bootstrap-kubeconfig=/var/lib/kubelet/bootstrap-kubeconfig" | ||||
|     flags+=" --bootstrap-kubeconfig=/var/lib/kubelet/bootstrap-kubeconfig" | ||||
|     flags+=" --require-kubeconfig" | ||||
|     flags+=" --kubeconfig=/var/lib/kubelet/kubeconfig" | ||||
|     if [[ "${HAIRPIN_MODE:-}" == "promiscuous-bridge" ]] || \ | ||||
|   | ||||
| @@ -39,7 +39,7 @@ | ||||
| {% endif -%} | ||||
|  | ||||
| {% if grains.cloud == 'gce' -%} | ||||
|   {% set api_servers = "--experimental-bootstrap-kubeconfig=/var/lib/kubelet/bootstrap-kubeconfig --require-kubeconfig --kubeconfig=/var/lib/kubelet/kubeconfig" -%} | ||||
|   {% set api_servers = "--bootstrap-kubeconfig=/var/lib/kubelet/bootstrap-kubeconfig --require-kubeconfig --kubeconfig=/var/lib/kubelet/kubeconfig" -%} | ||||
| {% endif -%} | ||||
|  | ||||
| {% set cloud_provider = "" -%} | ||||
|   | ||||
| @@ -121,7 +121,9 @@ func (f *KubeletFlags) AddFlags(fs *pflag.FlagSet) { | ||||
| 	fs.Var(&f.KubeConfig, "kubeconfig", "Path to a kubeconfig file, specifying how to connect to the API server. --api-servers will be used for the location unless --require-kubeconfig is set.") | ||||
| 	fs.BoolVar(&f.RequireKubeConfig, "require-kubeconfig", f.RequireKubeConfig, "If true the Kubelet will exit if there are configuration errors, and will ignore the value of --api-servers in favor of the server defined in the kubeconfig file.") | ||||
|  | ||||
| 	fs.StringVar(&f.BootstrapKubeconfig, "experimental-bootstrap-kubeconfig", f.BootstrapKubeconfig, "<Warning: Experimental feature> Path to a kubeconfig file that will be used to get client certificate for kubelet. "+ | ||||
| 	fs.MarkDeprecated("experimental-bootstrap-kubeconfig", "Use --bootstrap-kubeconfig") | ||||
| 	fs.StringVar(&f.BootstrapKubeconfig, "experimental-bootstrap-kubeconfig", f.BootstrapKubeconfig, "deprecated: use --bootstrap-kubeconfig") | ||||
| 	fs.StringVar(&f.BootstrapKubeconfig, "bootstrap-kubeconfig", f.BootstrapKubeconfig, "Path to a kubeconfig file that will be used to get client certificate for kubelet. "+ | ||||
| 		"If the file specified by --kubeconfig does not exist, the bootstrap kubeconfig is used to request a client certificate from the API server. "+ | ||||
| 		"On success, a kubeconfig file referencing the generated client certificate and key is written to the path specified by --kubeconfig. "+ | ||||
| 		"The client certificate and key file will be stored in the directory pointed by --cert-dir.") | ||||
|   | ||||
| @@ -244,6 +244,7 @@ exit-on-lock-contention | ||||
| experimental-allocatable-ignore-eviction | ||||
| experimental-allowed-unsafe-sysctls | ||||
| experimental-bootstrap-kubeconfig | ||||
| bootstrap-kubeconfig | ||||
| experimental-bootstrap-token-auth | ||||
| experimental-check-node-capabilities-before-mount | ||||
| experimental-cluster-signing-duration | ||||
|   | ||||
		Reference in New Issue
	
	Block a user
	 Kubernetes Submit Queue
					Kubernetes Submit Queue