Selfhosting pivoting fails when using --store-certs-in-secrets
as api-server fails to start because of missing etcd/ca and
apiserver-etcd-client certificates:
F1227 16:01:52.237352 1 storage_decorator.go:57] Unable to create storage backend:
config (&{ /registry [https://127.0.0.1:2379]
/etc/kubernetes/pki/apiserver-etcd-client.key
/etc/kubernetes/pki/apiserver-etcd-client.crt
/etc/kubernetes/pki/etcd/ca.crt true 0xc000884120 <nil> 5m0s 1m0s}),
err (open /etc/kubernetes/pki/apiserver-etcd-client.crt: no such file or directory)
Added required certificates to fix this.
Secret name for etc/ca certifcate has been converted to conform RFC-1123 subdomain
naming conventions to prevent this TLS secret creation failure:
unable to create secret: Secret "etcd/ca" is invalid: metadata.name:
Invalid value: "etcd/ca": a DNS-1123 subdomain must consist of lower
case alphanumeric characters, '-' or '.', and must start and end with an
alphanumeric character (e.g. 'example.com', regex used for validation is
'[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')
Related issue: kubernetes/kubeadm#1281
7b058c4357