github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-25 12:43:23 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #80820 from mattmelgard/defer-delete-kubelet-bootstrap

Browse Source 
kubeadm: add a defer to kubelet bootstrap token deletion
This commit is contained in:
Kubernetes Prow Robot 2019-08-05 02:57:48 -07:00 committed by GitHub
commit 040ce52a43
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
cmd/kubeadm/app/cmd/phases/join/kubelet.go
View File

@ -93,13 +93,16 @@ func getKubeletStartJoinData(c workflow.RunData) (*kubeadmapi.JoinConfiguration,
// runKubeletStartJoinPhase executes the kubelet TLS bootstrap process. // runKubeletStartJoinPhase executes the kubelet TLS bootstrap process.
// This process is executed by the kubelet and completes with the node joining the cluster // This process is executed by the kubelet and completes with the node joining the cluster
// with a dedicates set of credentials as required by the node authorizer // with a dedicates set of credentials as required by the node authorizer
func runKubeletStartJoinPhase(c workflow.RunData) error { func runKubeletStartJoinPhase(c workflow.RunData) (returnErr error) {
cfg, initCfg, tlsBootstrapCfg, err := getKubeletStartJoinData(c) cfg, initCfg, tlsBootstrapCfg, err := getKubeletStartJoinData(c)
if err != nil { if err != nil {
return err return err
} }
bootstrapKubeConfigFile := kubeadmconstants.GetBootstrapKubeletKubeConfigPath() bootstrapKubeConfigFile := kubeadmconstants.GetBootstrapKubeletKubeConfigPath()
// Deletes the bootstrapKubeConfigFile, so the credential used for TLS bootstrap is removed from disk
defer os.Remove(bootstrapKubeConfigFile)
// Write the bootstrap kubelet config file or the TLS-Bootstrapped kubelet config file down to disk // Write the bootstrap kubelet config file or the TLS-Bootstrapped kubelet config file down to disk
klog.V(1).Infof("[kubelet-start] writing bootstrap kubelet config file at %s", bootstrapKubeConfigFile) klog.V(1).Infof("[kubelet-start] writing bootstrap kubelet config file at %s", bootstrapKubeConfigFile)
if err := kubeconfigutil.WriteToDisk(bootstrapKubeConfigFile, tlsBootstrapCfg); err != nil { if err := kubeconfigutil.WriteToDisk(bootstrapKubeConfigFile, tlsBootstrapCfg); err != nil {
@ -167,11 +170,6 @@ func runKubeletStartJoinPhase(c workflow.RunData) error {
return errors.Wrap(err, "error uploading crisocket") return errors.Wrap(err, "error uploading crisocket")
} }
// Deletes the bootstrapKubeConfigFile, so the credential used for TLS bootstrap are removed from disk
if err := os.Remove(bootstrapKubeConfigFile); err != nil {
return errors.Wrapf(err, "error deleting %s", bootstrapKubeConfigFile)
}
return nil return nil
} }