Seed kubelet-client-ca certificate for kubeadm (#897)

* Seed kubelet-client-ca certificate for kubeadm * Concatenate kubelet CAs for kubeadm
sapcc · Mar 25, 2024 · 152f6f4 · 152f6f4
1 parent cf8902c
commit 152f6f4
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 4 deletions.
diff --git a/charts/seed/templates/kubeadm.yaml b/charts/seed/templates/kubeadm.yaml
@@ -169,7 +169,7 @@ data:
     apiVersion: v1
     clusters:
     - cluster:
-        certificate-authority-data: {{ .Values.tlsCaCert | b64enc }}
+        certificate-authority-data: {{ printf "%s%s" .Values.tlsCaCert .Values.kubeletClientsCaCert | b64enc }}
         server: https://{{ .Values.api.apiserverHost }}
       name: ""
     contexts: null

diff --git a/pkg/controller/ground/reconciler.go b/pkg/controller/ground/reconciler.go
@@ -103,6 +103,7 @@ func (sr *SeedReconciler) EnrichHelmValuesForSeed(client project.ProjectClient,
 		values["shortName"] = kluster.Spec.Name[:idx]
 	}
 	values["tlsCaCert"] = secret.TLSCACertificate
+	values["kubeletClientsCaCert"] = secret.KubeletClientsCACertificate
 	return nil
 }
 
@@ -417,9 +418,6 @@ func (sr *SeedReconciler) createOrUpdateObjects(client dynamic.Interface, mapper
 		} else if err != nil {
 			return err
 		}
-		if err != nil {
-			return err
-		}
 		if oneDiff.deployed == nil {
 			err = sr.createPlanned(client, mapping, &oneDiff.planned)
 			if err != nil {