From c5c4cd2580dd6ce9f6c35f2caaebd4f922e46fae Mon Sep 17 00:00:00 2001 From: "Lubomir I. Ivanov" Date: Sat, 9 Mar 2019 00:57:11 +0200 Subject: [PATCH] kubeadm: print key inside the upload-certs phase of init The standalone execution of upload-certs phase does not print the key that that user should use for the newly uploaded encrypted secret. Print this key in the upload-certs phase in both standalone mode or if executed in the standard init workflow. Make it possible to omit the printing if the user passes --skip-certificate-key-print. Also: - Uppercase string in Printf call in copycerts.go - Don't use V(1) for the "Skipping phase" message in uploadcerts.go instead always print a message that the user case use --experimental-upload-certs. This solves a problem if the user tried the standalone phase but didn't pass --experimental-upload-certs. --- cmd/kubeadm/app/cmd/init.go | 5 +++++ cmd/kubeadm/app/cmd/phases/init/data.go | 1 + cmd/kubeadm/app/cmd/phases/init/data_test.go | 1 + cmd/kubeadm/app/cmd/phases/init/uploadcerts.go | 7 +++++-- cmd/kubeadm/app/phases/copycerts/copycerts.go | 2 +- 5 files changed, 13 insertions(+), 3 deletions(-) diff --git a/cmd/kubeadm/app/cmd/init.go b/cmd/kubeadm/app/cmd/init.go index 85c5eec165..b55aa9e87c 100644 --- a/cmd/kubeadm/app/cmd/init.go +++ b/cmd/kubeadm/app/cmd/init.go @@ -379,6 +379,11 @@ func (d *initData) SetCertificateKey(key string) { d.certificateKey = key } +// SkipCertificateKeyPrint returns the skipCertificateKeyPrint flag. +func (d *initData) SkipCertificateKeyPrint() bool { + return d.skipCertificateKeyPrint +} + // Cfg returns initConfiguration. func (d *initData) Cfg() *kubeadmapi.InitConfiguration { return d.cfg diff --git a/cmd/kubeadm/app/cmd/phases/init/data.go b/cmd/kubeadm/app/cmd/phases/init/data.go index f30a9c3577..38e7a88ec2 100644 --- a/cmd/kubeadm/app/cmd/phases/init/data.go +++ b/cmd/kubeadm/app/cmd/phases/init/data.go @@ -30,6 +30,7 @@ type InitData interface { UploadCerts() bool CertificateKey() string SetCertificateKey(key string) + SkipCertificateKeyPrint() bool Cfg() *kubeadmapi.InitConfiguration DryRun() bool SkipTokenPrint() bool diff --git a/cmd/kubeadm/app/cmd/phases/init/data_test.go b/cmd/kubeadm/app/cmd/phases/init/data_test.go index 4d51efef76..a33cf8189f 100644 --- a/cmd/kubeadm/app/cmd/phases/init/data_test.go +++ b/cmd/kubeadm/app/cmd/phases/init/data_test.go @@ -33,6 +33,7 @@ var _ InitData = &testInitData{} func (t *testInitData) UploadCerts() bool { return false } func (t *testInitData) CertificateKey() string { return "" } func (t *testInitData) SetCertificateKey(key string) {} +func (t *testInitData) SkipCertificateKeyPrint() bool { return false } func (t *testInitData) Cfg() *kubeadmapi.InitConfiguration { return nil } func (t *testInitData) DryRun() bool { return false } func (t *testInitData) SkipTokenPrint() bool { return false } diff --git a/cmd/kubeadm/app/cmd/phases/init/uploadcerts.go b/cmd/kubeadm/app/cmd/phases/init/uploadcerts.go index bd24cbcff1..f62815a446 100644 --- a/cmd/kubeadm/app/cmd/phases/init/uploadcerts.go +++ b/cmd/kubeadm/app/cmd/phases/init/uploadcerts.go @@ -21,7 +21,6 @@ import ( "github.com/pkg/errors" - "k8s.io/klog" "k8s.io/kubernetes/cmd/kubeadm/app/cmd/options" "k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/workflow" cmdutil "k8s.io/kubernetes/cmd/kubeadm/app/cmd/util" @@ -40,6 +39,7 @@ func NewUploadCertsPhase() workflow.Phase { options.CfgPath, options.UploadCerts, options.CertificateKey, + options.SkipCertificateKeyPrint, }, } } @@ -51,7 +51,7 @@ func runUploadCerts(c workflow.RunData) error { } if !data.UploadCerts() { - klog.V(1).Infoln("[upload-certs] Skipping certs upload") + fmt.Printf("[upload-certs] Skipping phase. Please see --%s\n", options.UploadCerts) return nil } client, err := data.Client() @@ -70,5 +70,8 @@ func runUploadCerts(c workflow.RunData) error { if err := copycerts.UploadCerts(client, data.Cfg(), data.CertificateKey()); err != nil { return errors.Wrap(err, "error uploading certs") } + if !data.SkipCertificateKeyPrint() { + fmt.Printf("[upload-certs] Using certificate key:\n%s\n", data.CertificateKey()) + } return nil } diff --git a/cmd/kubeadm/app/phases/copycerts/copycerts.go b/cmd/kubeadm/app/phases/copycerts/copycerts.go index 229be0a22f..44899f178e 100644 --- a/cmd/kubeadm/app/phases/copycerts/copycerts.go +++ b/cmd/kubeadm/app/phases/copycerts/copycerts.go @@ -85,7 +85,7 @@ func CreateCertificateKey() (string, error) { //UploadCerts save certs needs to join a new control-plane on kubeadm-certs sercret. func UploadCerts(client clientset.Interface, cfg *kubeadmapi.InitConfiguration, key string) error { - fmt.Printf("[upload-certs] storing the certificates in ConfigMap %q in the %q Namespace\n", kubeadmconstants.KubeadmCertsSecret, metav1.NamespaceSystem) + fmt.Printf("[upload-certs] Storing the certificates in ConfigMap %q in the %q Namespace\n", kubeadmconstants.KubeadmCertsSecret, metav1.NamespaceSystem) decodedKey, err := hex.DecodeString(key) if err != nil { return err