diff --git a/cmd/kubeadm/app/cmd/phases/join/kubelet.go b/cmd/kubeadm/app/cmd/phases/join/kubelet.go index b1e84321973..1a3c420c426 100644 --- a/cmd/kubeadm/app/cmd/phases/join/kubelet.go +++ b/cmd/kubeadm/app/cmd/phases/join/kubelet.go @@ -93,13 +93,16 @@ func getKubeletStartJoinData(c workflow.RunData) (*kubeadmapi.JoinConfiguration, // runKubeletStartJoinPhase executes the kubelet TLS bootstrap process. // This process is executed by the kubelet and completes with the node joining the cluster // with a dedicates set of credentials as required by the node authorizer -func runKubeletStartJoinPhase(c workflow.RunData) error { +func runKubeletStartJoinPhase(c workflow.RunData) (returnErr error) { cfg, initCfg, tlsBootstrapCfg, err := getKubeletStartJoinData(c) if err != nil { return err } bootstrapKubeConfigFile := kubeadmconstants.GetBootstrapKubeletKubeConfigPath() + // Deletes the bootstrapKubeConfigFile, so the credential used for TLS bootstrap is removed from disk + defer os.Remove(bootstrapKubeConfigFile) + // Write the bootstrap kubelet config file or the TLS-Bootstrapped kubelet config file down to disk klog.V(1).Infof("[kubelet-start] writing bootstrap kubelet config file at %s", bootstrapKubeConfigFile) if err := kubeconfigutil.WriteToDisk(bootstrapKubeConfigFile, tlsBootstrapCfg); err != nil { @@ -167,11 +170,6 @@ func runKubeletStartJoinPhase(c workflow.RunData) error { return errors.Wrap(err, "error uploading crisocket") } - // Deletes the bootstrapKubeConfigFile, so the credential used for TLS bootstrap are removed from disk - if err := os.Remove(bootstrapKubeConfigFile); err != nil { - return errors.Wrapf(err, "error deleting %s", bootstrapKubeConfigFile) - } - return nil }