diff --git a/bootstrap/kubeadm/main.go b/bootstrap/kubeadm/main.go index 4f2ae9464d9e..4ef2ed5bf08c 100644 --- a/bootstrap/kubeadm/main.go +++ b/bootstrap/kubeadm/main.go @@ -75,6 +75,8 @@ var ( restConfigBurst int webhookPort int webhookCertDir string + webhookCertName string + webhookKeyName string healthAddr string tlsOptions = flags.TLSOptions{} diagnosticsOptions = flags.DiagnosticsOptions{} @@ -149,7 +151,13 @@ func InitFlags(fs *pflag.FlagSet) { "Webhook Server port") fs.StringVar(&webhookCertDir, "webhook-cert-dir", "/tmp/k8s-webhook-server/serving-certs/", - "Webhook cert dir, only used when webhook-port is specified.") + "Webhook cert dir.") + + fs.StringVar(&webhookCertName, "webhook-cert-name", "tls.crt", + "Webhook cert name.") + + fs.StringVar(&webhookKeyName, "webhook-key-name", "tls.key", + "Webhook key name.") fs.StringVar(&healthAddr, "health-addr", ":9440", "The address the health endpoint binds to.") @@ -243,9 +251,11 @@ func main() { }, WebhookServer: webhook.NewServer( webhook.Options{ - Port: webhookPort, - CertDir: webhookCertDir, - TLSOpts: tlsOptionOverrides, + Port: webhookPort, + CertDir: webhookCertDir, + CertName: webhookCertName, + KeyName: webhookKeyName, + TLSOpts: tlsOptionOverrides, }, ), } diff --git a/controlplane/kubeadm/main.go b/controlplane/kubeadm/main.go index cbb91cd1364d..53ccad2e95f9 100644 --- a/controlplane/kubeadm/main.go +++ b/controlplane/kubeadm/main.go @@ -79,6 +79,8 @@ var ( restConfigBurst int webhookPort int webhookCertDir string + webhookCertName string + webhookKeyName string healthAddr string tlsOptions = flags.TLSOptions{} diagnosticsOptions = flags.DiagnosticsOptions{} @@ -148,7 +150,13 @@ func InitFlags(fs *pflag.FlagSet) { "Webhook Server port") fs.StringVar(&webhookCertDir, "webhook-cert-dir", "/tmp/k8s-webhook-server/serving-certs/", - "Webhook cert dir, only used when webhook-port is specified.") + "Webhook cert dir.") + + fs.StringVar(&webhookCertName, "webhook-cert-name", "tls.crt", + "Webhook cert name.") + + fs.StringVar(&webhookKeyName, "webhook-key-name", "tls.key", + "Webhook key name.") fs.StringVar(&healthAddr, "health-addr", ":9440", "The address the health endpoint binds to.") @@ -253,9 +261,11 @@ func main() { }, WebhookServer: webhook.NewServer( webhook.Options{ - Port: webhookPort, - CertDir: webhookCertDir, - TLSOpts: tlsOptionOverrides, + Port: webhookPort, + CertDir: webhookCertDir, + CertName: webhookCertName, + KeyName: webhookKeyName, + TLSOpts: tlsOptionOverrides, }, ), } diff --git a/docs/book/src/tasks/experimental-features/runtime-sdk/implement-extensions.md b/docs/book/src/tasks/experimental-features/runtime-sdk/implement-extensions.md index 275ed022a6d1..5771acf0cc0d 100644 --- a/docs/book/src/tasks/experimental-features/runtime-sdk/implement-extensions.md +++ b/docs/book/src/tasks/experimental-features/runtime-sdk/implement-extensions.md @@ -84,7 +84,7 @@ func InitFlags(fs *pflag.FlagSet) { "Webhook Server port") fs.StringVar(&webhookCertDir, "webhook-cert-dir", "/tmp/k8s-webhook-server/serving-certs/", - "Webhook cert dir, only used when webhook-port is specified.") + "Webhook cert dir.") } func main() { @@ -279,7 +279,7 @@ well with practices like unit testing and generally makes the entire system more ### Error messages -RuntimeExtension authors should be aware that error messages are surfaced as a conditions in Kubernetes resources +RuntimeExtension authors should be aware that error messages are surfaced as a conditions in Kubernetes resources and recorded in Cluster API controller's logs. As a consequence: - Error message must not contain any sensitive information. @@ -291,16 +291,16 @@ and recorded in Cluster API controller's logs. As a consequence: