Fix multi-node cluster not working after restarting docker

images/base/files/usr/local/bin/entrypoint

@@ -29,7 +29,12 @@ fi
 
 grep_allow_nomatch() {
   # grep exits 0 on match, 1 on no match, 2 on error
-  grep "$@" || [[ $? == 1 ]]
+  grep "$@"|| [[ $? == 1 ]]
+}
+
+# regex_escape_ip converts IP address string $1 to a regex-escaped literal
+regex_escape_ip(){
+  sed -e 's#\.#\\.#g' -e 's#\[#\\[#g' -e 's#\]#\\]#g' <<<"$1"
 }
 
 validate_userns() {
@@ -378,6 +383,22 @@ select_iptables() {
   update-alternatives --set ip6tables "/usr/sbin/ip6tables-${mode}" > /dev/null
 }
 
+fix_certificate() {
+  local apiserver_crt_file="/etc/kubernetes/pki/apiserver.crt"
+  local apiserver_key_file="/etc/kubernetes/pki/apiserver.key"
+
+  # Skip if this Node doesn't run kube-apiserver
+  if [[ ! -f ${apiserver_crt_file} ]] || [[ ! -f ${apiserver_key_file} ]]; then
+    return
+  fi
+
+  # Deletes the certificate for kube-apiserver and generates a new one.
+  # This is necessary because the old one doesn't match the current IP.
+  echo 'INFO: clearing and regenerating the certificate for serving the Kubernetes API' >&2
+  rm -f ${apiserver_crt_file} ${apiserver_key_file}
+  kubeadm init phase certs apiserver --config /kind/kubeadm.conf
+}
+
 enable_network_magic(){
   # well-known docker embedded DNS is at 127.0.0.11:53
   local docker_embedded_dns_ip='127.0.0.11'
@@ -416,10 +437,18 @@ enable_network_magic(){
         echo "ERROR: Have an old IPv4 address but no current IPv4 address (!)" >&2
         exit 1
       fi
-      # kubernetes manifests are only present on control-plane nodes
-      sed -i "s#${old_ipv4}#${curr_ipv4}#" /etc/kubernetes/manifests/*.yaml || true
-      # this is no longer required with autodiscovery
-      sed -i "s#${old_ipv4}#${curr_ipv4}#" /var/lib/kubelet/kubeadm-flags.env || true
+      if [[ "${old_ipv4}" != "${curr_ipv4}" ]]; then
+        # kubernetes manifests are only present on control-plane nodes
+        sed_ipv4_command="s#$(regex_escape_ip "${old_ipv4}")#${curr_ipv4}#g"
+        sed -i "${sed_ipv4_command}" /etc/kubernetes/manifests/*.yaml || true
+        sed -i "${sed_ipv4_command}" /etc/kubernetes/controller-manager.conf || true
+        sed -i "${sed_ipv4_command}" /etc/kubernetes/scheduler.conf || true
+        sed -i "${sed_ipv4_command}" /kind/kubeadm.conf || true
+        # this is no longer required with autodiscovery
+        sed -i "${sed_ipv4_command}" /var/lib/kubelet/kubeadm-flags.env || true
+        # certificate must match the new IP
+        fix_certificate || true
+      fi
   fi
   if [[ -n $curr_ipv4 ]]; then
     echo -n "${curr_ipv4}" >/kind/old-ipv4
@@ -435,10 +464,18 @@ enable_network_magic(){
       if [[ -z $curr_ipv6 ]]; then
         echo "ERROR: Have an old IPv6 address but no current IPv6 address (!)" >&2
       fi
-      # kubernetes manifests are only present on control-plane nodes
-      sed -i "s#${old_ipv6}#${curr_ipv6}#" /etc/kubernetes/manifests/*.yaml || true
-      # this is no longer required with autodiscovery
-      sed -i "s#${old_ipv6}#${curr_ipv6}#" /var/lib/kubelet/kubeadm-flags.env || true
+      if [[ "${old_ipv6}" != "${curr_ipv6}" ]]; then
+        sed_ipv6_command="s#$(regex_escape_ip "${old_ipv6}")#${curr_ipv6}#g"
+        # kubernetes manifests are only present on control-plane nodes
+        sed -i "${sed_ipv6_command}" /etc/kubernetes/manifests/*.yaml || true
+        sed -i "${sed_ipv6_command}" /etc/kubernetes/controller-manager.conf || true
+        sed -i "${sed_ipv6_command}" /etc/kubernetes/scheduler.conf || true
+        sed -i "${sed_ipv6_command}" /kind/kubeadm.conf || true
+        # this is no longer required with autodiscovery
+        sed -i "${sed_ipv6_command}" /var/lib/kubelet/kubeadm-flags.env || true
+        # certificate must match the new IP
+        fix_certificate || true
+      fi
   fi
   if [[ -n $curr_ipv6 ]]; then
     echo -n "${curr_ipv6}" >/kind/old-ipv6