Skip to content

Commit 5510be2

Browse files
k8s-ci-robotk8s-ci-robot
authored
Merge pull request kubernetes#68473 from detiber/controllerManager
[kubeadm] - Update controller manager arguments for v1.12+
2 parents c5353a7 + a0d7a76 commit 5510be2

File tree

2 files changed

+28
-0
lines changed

2 files changed

+28
-0
lines changed

cmd/kubeadm/app/phases/controlplane/manifests.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -292,6 +292,10 @@ func getControllerManagerCommand(cfg *kubeadmapi.InitConfiguration, k8sVersion *
292292
"cluster-signing-key-file": filepath.Join(cfg.CertificatesDir, kubeadmconstants.CAKeyName),
293293
"use-service-account-credentials": "true",
294294
"controllers": "*,bootstrapsigner,tokencleaner",
295+
"authentication-kubeconfig": filepath.Join(kubeadmconstants.KubernetesDir, kubeadmconstants.ControllerManagerKubeConfigFileName),
296+
"authorization-kubeconfig": filepath.Join(kubeadmconstants.KubernetesDir, kubeadmconstants.ControllerManagerKubeConfigFileName),
297+
"client-ca-file": filepath.Join(cfg.CertificatesDir, kubeadmconstants.CACertName),
298+
"requestheader-client-ca-file": filepath.Join(cfg.CertificatesDir, kubeadmconstants.FrontProxyCACertName),
295299
}
296300

297301
// If using external CA, pass empty string to controller manager instead of ca.key/ca.crt path,

cmd/kubeadm/app/phases/controlplane/manifests_test.go

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -679,6 +679,10 @@ func TestGetControllerManagerCommand(t *testing.T) {
679679
"--cluster-signing-key-file=" + testCertsDir + "/ca.key",
680680
"--use-service-account-credentials=true",
681681
"--controllers=*,bootstrapsigner,tokencleaner",
682+
"--authentication-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
683+
"--authorization-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
684+
"--client-ca-file=" + testCertsDir + "/ca.crt",
685+
"--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt",
682686
},
683687
},
684688
{
@@ -699,6 +703,10 @@ func TestGetControllerManagerCommand(t *testing.T) {
699703
"--cluster-signing-key-file=" + testCertsDir + "/ca.key",
700704
"--use-service-account-credentials=true",
701705
"--controllers=*,bootstrapsigner,tokencleaner",
706+
"--authentication-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
707+
"--authorization-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
708+
"--client-ca-file=" + testCertsDir + "/ca.crt",
709+
"--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt",
702710
"--allocate-node-cidrs=true",
703711
"--cluster-cidr=10.0.1.15/16",
704712
"--node-cidr-mask-size=24",
@@ -723,6 +731,10 @@ func TestGetControllerManagerCommand(t *testing.T) {
723731
"--cluster-signing-key-file=" + testCertsDir + "/ca.key",
724732
"--use-service-account-credentials=true",
725733
"--controllers=*,bootstrapsigner,tokencleaner",
734+
"--authentication-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
735+
"--authorization-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
736+
"--client-ca-file=" + testCertsDir + "/ca.crt",
737+
"--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt",
726738
"--allocate-node-cidrs=true",
727739
"--cluster-cidr=10.0.1.15/16",
728740
"--node-cidr-mask-size=20",
@@ -746,6 +758,10 @@ func TestGetControllerManagerCommand(t *testing.T) {
746758
"--cluster-signing-key-file=" + testCertsDir + "/ca.key",
747759
"--use-service-account-credentials=true",
748760
"--controllers=*,bootstrapsigner,tokencleaner",
761+
"--authentication-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
762+
"--authorization-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
763+
"--client-ca-file=" + testCertsDir + "/ca.crt",
764+
"--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt",
749765
"--allocate-node-cidrs=true",
750766
"--cluster-cidr=2001:db8::/64",
751767
"--node-cidr-mask-size=80",
@@ -873,6 +889,10 @@ func TestGetControllerManagerCommandExternalCA(t *testing.T) {
873889
"--cluster-signing-key-file=",
874890
"--use-service-account-credentials=true",
875891
"--controllers=*,bootstrapsigner,tokencleaner",
892+
"--authentication-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
893+
"--authorization-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
894+
"--client-ca-file=" + tmpdir + "/ca.crt",
895+
"--requestheader-client-ca-file=" + tmpdir + "/front-proxy-ca.crt",
876896
}
877897
},
878898
},
@@ -898,6 +918,10 @@ func TestGetControllerManagerCommandExternalCA(t *testing.T) {
898918
"--cluster-signing-key-file=" + tmpdir + "/ca.key",
899919
"--use-service-account-credentials=true",
900920
"--controllers=*,bootstrapsigner,tokencleaner",
921+
"--authentication-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
922+
"--authorization-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
923+
"--client-ca-file=" + tmpdir + "/ca.crt",
924+
"--requestheader-client-ca-file=" + tmpdir + "/front-proxy-ca.crt",
901925
}
902926
},
903927
},

0 commit comments

Comments
 (0)