Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
kubeadm: add required etcd certs to selfhosting api-server
Selfhosting pivoting fails when using --store-certs-in-secrets as api-server fails to start because of missing etcd/ca and apiserver-etcd-client certificates: F1227 16:01:52.237352 1 storage_decorator.go:57] Unable to create storage backend: config (&{ /registry [https://127.0.0.1:2379] /etc/kubernetes/pki/apiserver-etcd-client.key /etc/kubernetes/pki/apiserver-etcd-client.crt /etc/kubernetes/pki/etcd/ca.crt true 0xc000884120 <nil> 5m0s 1m0s}), err (open /etc/kubernetes/pki/apiserver-etcd-client.crt: no such file or directory) Added required certificates to fix this. Secret name for etc/ca certifcate has been converted to conform RFC-1123 subdomain naming conventions to prevent this TLS secret creation failure: unable to create secret: Secret "etcd/ca" is invalid: metadata.name: Invalid value: "etcd/ca": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*') Related issue: kubernetes/kubeadm#1281
- Loading branch information