kubeadm: Add a flag to allow check-expiration command in external etcd setups

Is this a BUG REPORT or FEATURE REQUEST?

FEATURE REQUEST

If this is a FEATURE REQUEST, please:

  • Describe in detail the feature/behavior/change you’d like to see.

The kubeadm alpha certs check-expiration command fails when running a k8s cluster with an external etcd cluster since some of the expected certs don’t live on the control plane node. It would be helpful to have one of the two scenarios happen:

  1. Add a flag to allow for skipping over files that aren’t found instead of failing

  2. Have kubeadm check the cluster to autodiscover if an external etcd cluster is being used and automatically skip files that aren’t expected to live on a control plane node in that setup

Both might actually be helpful, though. We regularly see external etcd clusters that have been setup using kubeadm for cert/manifest generation, using the kubelet in standalone mode to run etcd in containers. The ability to run the check-expiration command with a “skip-not-found” flag would be really helpful.

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Comments: 17 (11 by maintainers)

Most upvoted comments

I’m +1 to get the bug fixed asap (check config map, skip in case of external etcd) WRT to supporting external etcd my proposal is to try to get an agreement on go/no go tomorrow during office hours

+2
fabriziopandini on Oct 22, 2019
Read more comments on GitHub
← kubeadm: 1.15 - kubeadm join --control-plane fails on clusters created with <= 1.12
kubeadm: add API support for controlling various timeouts during init / join →