New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Automated cherry pick of #106854: kubeadm: avoid requiring a CA key during kubeconfig #106929
Automated cherry pick of #106854: kubeadm: avoid requiring a CA key during kubeconfig #106929
Conversation
When the "kubeadm certs check-expiration" command is used and if the ca.key is not present, regular on disk certificate reads pass fine, but fail for kubeconfig files. The reason for the failure is that reading of kubeconfig files currently requires reading both the CA key and cert from disk. Reading the CA is done to ensure that the CA cert in the kubeconfig is not out of date during renewal. Instead of requiring both a CA key and cert to be read, only read the CA cert from disk, as only the cert is needed for kubeconfig files. This fixes printing the cert expiration table even if the ca.key is missing on a host (i.e. the CA is considered external).
/lgtm |
ping @kubernetes/release-managers |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: neolit123, SataQiu The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Thanks @neolit123 ! |
/test pull-kubernetes-conformance-kind-ga-only-parallel |
Cherry pick of #106854 on release-1.21.
#106854: kubeadm: avoid requiring a CA key during kubeconfig
For details on the cherry pick process, see the cherry pick requests page.