From f03bbe1b6da4b72a9e09db6b4de3452c9eb30a38 Mon Sep 17 00:00:00 2001 From: mattmelgard Date: Wed, 31 Jul 2019 12:27:06 -0600 Subject: [PATCH] Add a defer to kubelet boostrap token deletion --- cmd/kubeadm/app/cmd/phases/join/kubelet.go | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/cmd/kubeadm/app/cmd/phases/join/kubelet.go b/cmd/kubeadm/app/cmd/phases/join/kubelet.go index b1e84321973..1a3c420c426 100644 --- a/cmd/kubeadm/app/cmd/phases/join/kubelet.go +++ b/cmd/kubeadm/app/cmd/phases/join/kubelet.go @@ -93,13 +93,16 @@ func getKubeletStartJoinData(c workflow.RunData) (*kubeadmapi.JoinConfiguration, // runKubeletStartJoinPhase executes the kubelet TLS bootstrap process. // This process is executed by the kubelet and completes with the node joining the cluster // with a dedicates set of credentials as required by the node authorizer -func runKubeletStartJoinPhase(c workflow.RunData) error { +func runKubeletStartJoinPhase(c workflow.RunData) (returnErr error) { cfg, initCfg, tlsBootstrapCfg, err := getKubeletStartJoinData(c) if err != nil { return err } bootstrapKubeConfigFile := kubeadmconstants.GetBootstrapKubeletKubeConfigPath() + // Deletes the bootstrapKubeConfigFile, so the credential used for TLS bootstrap is removed from disk + defer os.Remove(bootstrapKubeConfigFile) + // Write the bootstrap kubelet config file or the TLS-Bootstrapped kubelet config file down to disk klog.V(1).Infof("[kubelet-start] writing bootstrap kubelet config file at %s", bootstrapKubeConfigFile) if err := kubeconfigutil.WriteToDisk(bootstrapKubeConfigFile, tlsBootstrapCfg); err != nil { @@ -167,11 +170,6 @@ func runKubeletStartJoinPhase(c workflow.RunData) error { return errors.Wrap(err, "error uploading crisocket") } - // Deletes the bootstrapKubeConfigFile, so the credential used for TLS bootstrap are removed from disk - if err := os.Remove(bootstrapKubeConfigFile); err != nil { - return errors.Wrapf(err, "error deleting %s", bootstrapKubeConfigFile) - } - return nil }