Fetch Control-Plane and etcd IPs for certificates renewal when API server is reachable #9907
Conversation
|
Hi @howard-junec. Thanks for your PR. I'm waiting for a aws member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
pkg/certificates/config.go
Outdated
|
|
||
| etcdIPs, err := getEtcdIPs(ctx, kubeClient, cluster) | ||
| if err != nil { | ||
| fmt.Printf("Warning: Failed to get etcd IPs: %v\n", err) |
There was a problem hiding this comment.
please return an error from here.
pkg/certificates/config.go
Outdated
| } | ||
|
|
||
| func getControlPlaneIPs(ctx context.Context, kubeClient kubernetes.Client, cluster *types.Cluster) ([]string, error) { | ||
| fmt.Printf("getControlPlaneIPs \n") |
There was a problem hiding this comment.
Can we remove this log line?
pkg/certificates/config.go
Outdated
| } | ||
|
|
||
| for _, machine := range machineList.Items { | ||
| if machine.Labels["cluster.x-k8s.io/cluster-name"] == cluster.Name { |
There was a problem hiding this comment.
Can we use clusterNameLabel and controlPlaneLabel variable for these labels?
Also, Can we pass these labels as a selector when we make kubeClient.List? Same for external etcd.
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: panktishah26 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
@panktishah26: #9907 failed to apply on top of branch "release-0.23": In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/cherry-pick release-0.23 |
|
@panktishah26: new pull request created: #9963 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Issue #, if available:
Description of changes:
This PR adds the ability to renew certificates by cluster name, discovering control plane and etcd node IPs using kubectl when the Kubernetes API server is reachable. When the API server is unreachable (which can happen during certificate expiration), it gracefully falls back to prompting users to provide node IPs in the configuration file. This improves user experience by reducing manual configuration steps when possible, while maintaining compatibility with scenarios where the API server is unavailable.
Testing (if applicable):
Documentation added/planned (if applicable):
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.