Walk the certificate tree, at each step checking for a CACert.
If the CACert is found, try to use it to generate certificates.
Otherwise, generate a new CA cert.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[reissue] kubeadm: Split out ClusterConfiguration from InitConfiguration
As @luxas is not able to take care of #66219, I am reissuing the same change here. There are a few minor things added by me:
- The original PR is rebased on latest master.
- Some broken tests were fixed.
- Some TODOs were added.
- Run update-bazel and update-gofmt
Below is the text of the original PR by Lucas.
-----
**What this PR does / why we need it:**
Splits MasterConfiguration to InitConfiguration and ClusterConfiguration as outlined in the kubeadm Config KEP. InitConfiguration holds init-only information, and ClusterConfiguration holds cluster-wide information. In the internal representation InitConfiguration wraps ClusterConfiguration as a field, but in serialized format they're different YAML documents.
**Which issue(s) this PR fixes** (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
ref: kubernetes/kubeadm#911
Depends on:
- [X] #65776
- [X] #65628
- [X] #65629
- [X] #65631
- [X] #65940
- [X] #65787
- [X] #65945
- [X] #65951
- [X] #65952
**Special notes for your reviewer:**
**Release note**:
```release-note
kubeadm: InitConfiguration now consists of two structs: InitConfiguration and ClusterConfiguration
```
@kubernetes/sig-cluster-lifecycle-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 66862, 67618). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix bazel
**What this PR does / why we need it**:
`bazel test //cmd/kubeadm/...` has been broken for a while. This is incredibly annoying to me, because I use it constantly during my workflow. This should fix it.
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 67596, 67520, 67605). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Cert list 2
**What this PR does / why we need it**:
Continuation of #67208. Uses the newly created declarative list of certificates kubeadm requires for the certs phase and upgrade steps.
**Special notes for your reviewer**:
**Release note**:
```release-note
```
kubeadm init cmd tests are improved in the following ways:
- Fix a few cases that were always successful (despite completely wrong).
- Add more test cases (for different configs in particular)
- Use dry run, to avoid modifying the system and using kubeadm reset
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
Allow to specify a node-name instead of relaying in `os.Hostname()`
This is useful where kubelet use the name given by the cloud-provider to
register the node.
Partially fix: kubernetes/kubeadm#64
Automatic merge from submit-queue (batch tested with PRs 42432, 44628, 45101, 44921)
kubeadm: join test cmds for new flags
**What this PR does / why we need it**: Adding test-cmds for new kubeadm join flags.
Adding tests is a WIP from #34136
This is a continuation from https://github.com/kubernetes/kubernetes/pull/42812 since it had to be closed.
**Special notes for your reviewer**: /cc @luxas
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 42360, 43109, 43737, 43853)
kubeadm: test-cmds for kubeadm completion
**What this PR does / why we need it**: Adding test-cmds for kubeadm completion.
Adding tests is a WIP from #34136
**Special notes for your reviewer**: /cc @luxas
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 41857, 41864, 40522, 41835, 41991)
kubeadm: update token separator to '.'
**What this PR does / why we need it**: From SIG meetings, it was agreed upon to have '.' be the separator for tokens. This PR updates that.
**Special notes for your reviewer**: /cc @luxas @jbeda
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 41216, 41362, 41275, 41277, 41412)
kubeadm: test-cmd: join{config, discovery}
**What this PR does / why we need it**: Adding test-cmds for kubeadm join {config, discovery}. Will followup with more test-cmds for other flags as soon as validation for the flags works.
Adding tests is a WIP from #34136
**Special notes for your reviewer**: /cc @luxas @pires
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 41216, 41362, 41275, 41277, 41412)
kubeadm: test-cmd: init{config, version, api-port}
**What this PR does / why we need it**: Adding test-cmds for kubeadm init {config, version, api-port}. Will followup with more test-cmds for other flags as soon as validation for the flags works.
Adding tests is a WIP from #34136
**Special notes for your reviewer**: /cc @luxas @pires
**Release note**:
```release-note
NONE
```
After today's SIG meeting, it was discussed how to proceed with these
types of test-cmd tests. They will live in kubeamd/test/cmd and will
provide a flag that will allow you to skip them (--kubeadm-cmd-skip) and
by default will fail if kubeadm binary is not present
Adds kubeadm subcommands to create, list, and delete bootstrap tokens.
Tokens can be created with a TTL duration, or 0 for tokens that will not
expire. The create command can also be used to specify your own token
(for use when bootstrapping masters and nodes in parallel), or update an
existing token's secret or ttl.
Marked "ex" for experimental for now as the boostrap controllers are not
yet hooked up in core.
