github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
6603cf6357
kubernetes/cmd/kubeadm
History
Lubomir I. Ivanov 6603cf6357 kubeadm: validate local etcd certficates during expiration checks 
In case stacked etcd is used, the code that does expiration checks
does not validate if the etcd CA is "external" (missing key)
and if the etcd CA signed certificates are valid.

Add a new function UsingExternalEtcdCA() similar to existing functions
for the cluster CA and front-proxy CA, that performs the checks for
missing etcd CA key and certificate validity.

This function only runs for stacked etcd, since if etcd is external
kubeadm does not track any certs signed by that etcd CA.

This fixes a bug where the etcd CA will be reported as local even
if the etcd/ca.key is missing during "certs check-expiration".
2021-12-08 20:39:14 +02:00
..
app kubeadm: validate local etcd certficates during expiration checks 2021-12-08 20:39:14 +02:00
test cleanup: DualStack GA for kubeadm 2021-09-04 22:38:14 +08:00
.import-restrictions add kube-openapi/pkg/schemaconv to kubeadm import-restrictions 2021-07-28 01:06:15 +00:00
kubeadm.go alias kubeadmutil for k8s.io/kubernetes/cmd/kubeadm/app/util 2019-12-27 17:57:04 +08:00
OWNERS kubeadm: Add RA489 as reviewer 2021-04-06 21:45:39 +05:30