Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kubeadm: add front-proxy CA certificate to selfhosting controller-manager #72727

Merged
merged 1 commit into from
Jan 10, 2019
Merged

kubeadm: add front-proxy CA certificate to selfhosting controller-manager #72727

merged 1 commit into from
Jan 10, 2019

Conversation

bart0sh
Copy link
Contributor

@bart0sh bart0sh commented Jan 9, 2019

What type of PR is this?

/kind bug

What this PR does / why we need it:

Selfhosting pivoting fails when using --store-certs-in-secrets
as controller-manager fails to start because of missing front-proxy CA
certificate:

    unable to load client CA file: unable to load client CA file: open
    /etc/kubernetes/pki/front-proxy-ca.crt: no such file or directory

Added required certificate to fix this.

Which issue(s) this PR fixes:

Fixes kubernetes/kubeadm#1281

Does this PR introduce a user-facing change?:

kubeadm: fixed storing of front-proxy certificate in secrets required by kube-controller-manager selfhosting pivoting

@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. kind/bug Categorizes issue or PR as related to a bug. needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. area/kubeadm sig/cluster-lifecycle Categorizes an issue or PR as relevant to SIG Cluster Lifecycle. and removed needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Jan 9, 2019
@bart0sh bart0sh force-pushed the PR0057-kubeadm-selfhosting-pivot-controller-manager-add-front-proxy-ca branch from 09d682f to e8eceb2 Compare January 9, 2019 14:10
@bart0sh
kubeadm: add front-proxy CA certificate to selfhosting controller-man…
d91861e 
…ager

Selfhosting pivoting fails when using --store-certs-in-secrets
as controller-manager fails to start because of missing front-proxy CA
certificate:
    unable to load client CA file: unable to load client CA file: open
    /etc/kubernetes/pki/front-proxy-ca.crt: no such file or directory

Added required certificate to fix this.

This should fix kubernetes/kubeadm#1281
@bart0sh bart0sh force-pushed the PR0057-kubeadm-selfhosting-pivot-controller-manager-add-front-proxy-ca branch from e8eceb2 to d91861e Compare January 9, 2019 15:01
neolit123
neolit123 approved these changes Jan 9, 2019
View reviewed changes
Copy link
Member

@neolit123 neolit123 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks for the PR @bart0sh
/assign @fabriziopandini

@neolit123
Copy link
Member

/priority important-longterm

@k8s-ci-robot k8s-ci-robot added priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. lgtm "Looks good to me", indicates that a PR is ready to be merged. and removed needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels Jan 9, 2019
fabriziopandini
fabriziopandini approved these changes Jan 10, 2019
View reviewed changes
Copy link
Member

@fabriziopandini fabriziopandini left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@bart0sh
Thanks for your awesome work on self-hosting!
/approve
/lgtm

@fabriziopandini
Copy link
Member

/test pull-kubernetes-e2e-kops-aws

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: bart0sh, fabriziopandini

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jan 10, 2019
@fabriziopandini
Copy link
Member

/test pull-kubernetes-e2e-kops-aws

@k8s-ci-robot k8s-ci-robot merged commit 3d9c6eb into kubernetes:master Jan 10, 2019
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@neolit123 neolit123 neolit123 approved these changes

@fabriziopandini fabriziopandini fabriziopandini approved these changes

@rosti rosti Awaiting requested review from rosti

Assignees

@fabriziopandini fabriziopandini

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/kubeadm cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. lgtm "Looks good to me", indicates that a PR is ready to be merged. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/cluster-lifecycle Categorizes an issue or PR as relevant to SIG Cluster Lifecycle. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Selfhosting pivoting fails when using --store-certs-in-secrets
4 participants
@bart0sh @neolit123 @fabriziopandini @k8s-ci-robot