From d4aaa88643d06c41d3ed3b0c88cc693f4a01b0f7 Mon Sep 17 00:00:00 2001
From: Stefan Reimer <stefan@zero-downtime.net>
Date: Fri, 16 Jul 2021 22:41:02 +0200
Subject: [PATCH] fix: all upgrade_120.sh to run more than once

---
 charts/kubeadm/templates/ClusterConfiguration.yaml | 2 ++
 scripts/upgrade_120.sh                             | 1 +
 2 files changed, 3 insertions(+)

diff --git a/charts/kubeadm/templates/ClusterConfiguration.yaml b/charts/kubeadm/templates/ClusterConfiguration.yaml
index 9d424bc..985b048 100644
--- a/charts/kubeadm/templates/ClusterConfiguration.yaml
+++ b/charts/kubeadm/templates/ClusterConfiguration.yaml
@@ -68,6 +68,8 @@ apiServer:
     api-audiences: "istio-ca"
     {{- end }}
     feature-gates: {{ include "kubeadm.featuregates" ( dict "return" "csv" "platform" .Values.platform ) | trimSuffix "," | quote }}
+    # for 1.21
+    # enable-admission-plugins: DenyServiceExternalIPs,NodeRestriction,EventRateLimit
     enable-admission-plugins: NodeRestriction,EventRateLimit
     # {{- if .Values.highAvailable }}
     # goaway-chance: ".001"
diff --git a/scripts/upgrade_120.sh b/scripts/upgrade_120.sh
index eef12c9..a4dcb30 100755
--- a/scripts/upgrade_120.sh
+++ b/scripts/upgrade_120.sh
@@ -79,6 +79,7 @@ spec:
 
           echo "Patching ClusterConfig to re-create new etcd server certificates"
           yq w /etc/kubezero/kubeadm/templates/ClusterConfiguration.yaml etcd.local.serverCertSANs[+] $nodename > /etc/kubernetes/kubeadm-recert.yaml
+          yq w -i /etc/kubernetes/kubeadm-recert.yaml etcd.local.serverCertSANs[+] $nodename.$zone_name
           rm -f /etc/kubernetes/pki/etcd/server.*
           kubeadm init phase certs etcd-server --config=/etc/kubernetes/kubeadm-recert.yaml 2>/dev/null
           kill -s HUP $(ps -e | grep etcd | awk '{print $1}')