fix: make cp-1 init detection and join token generation robust

2026-03-01 21:56:49 +00:00
parent 9baf35d886
commit f9e7356f94
1 changed files with 12 additions and 3 deletions
--- a/nixos/kubeadm/scripts/rebuild-and-bootstrap.sh
+++ b/nixos/kubeadm/scripts/rebuild-and-bootstrap.sh
@@ -145,8 +145,12 @@ cluster_has_node() {
  remote "$PRIMARY_CP_IP" "sudo kubectl --kubeconfig /etc/kubernetes/admin.conf get node $node_name >/dev/null 2>&1"
 }

+has_admin_conf() {
+  remote "$PRIMARY_CP_IP" "test -f /etc/kubernetes/admin.conf"
+}
+
 cluster_ready() {
-  remote "$PRIMARY_CP_IP" "test -f /etc/kubernetes/admin.conf && sudo kubectl --kubeconfig /etc/kubernetes/admin.conf get nodes >/dev/null 2>&1"
+  remote "$PRIMARY_CP_IP" "test -f /etc/kubernetes/admin.conf && sudo kubectl --kubeconfig /etc/kubernetes/admin.conf get --raw=/readyz >/dev/null 2>&1"
 }

 rebuild_node() {
@@ -272,8 +276,13 @@ else
 fi

 echo "==> Building kubeadm join commands"
-JOIN_CMD="$(remote "$PRIMARY_CP_IP" "sudo kubeadm token create --print-join-command")"
-CERT_KEY="$(remote "$PRIMARY_CP_IP" "sudo kubeadm init phase upload-certs --upload-certs | tail -n 1")"
+if ! has_admin_conf; then
+  echo "==> admin.conf missing on $PRIMARY_CONTROL_PLANE; running kubeadm init"
+  remote "$PRIMARY_CP_IP" "sudo th-kubeadm-init"
+fi
+
+JOIN_CMD="$(remote "$PRIMARY_CP_IP" "sudo KUBECONFIG=/etc/kubernetes/admin.conf kubeadm token create --print-join-command")"
+CERT_KEY="$(remote "$PRIMARY_CP_IP" "sudo KUBECONFIG=/etc/kubernetes/admin.conf kubeadm init phase upload-certs --upload-certs | tail -n 1")"
 CP_JOIN_CMD="$JOIN_CMD --control-plane --certificate-key $CERT_KEY"

 join_control_plane() {