From 9d725da4c38ddbce5f8aec6b881df1e2f310c457 Mon Sep 17 00:00:00 2001 From: Serguei Bezverkhi Date: Fri, 15 Sep 2017 09:26:43 -0400 Subject: [PATCH] Switching to rbac/v1 Closes https://github.com/kubernetes/kubeadm/issues/398 --- cmd/kubeadm/app/BUILD | 1 - cmd/kubeadm/app/cmd/BUILD | 1 - cmd/kubeadm/app/cmd/init.go | 5 -- cmd/kubeadm/app/phases/addons/proxy/BUILD | 2 +- cmd/kubeadm/app/phases/addons/proxy/proxy.go | 2 +- cmd/kubeadm/app/phases/apiconfig/BUILD | 39 ----------- .../app/phases/apiconfig/clusterroles.go | 69 ------------------- .../app/phases/apiconfig/clusterroles_test.go | 17 ----- .../phases/bootstraptoken/clusterinfo/BUILD | 4 +- .../bootstraptoken/clusterinfo/clusterinfo.go | 4 +- .../app/phases/bootstraptoken/node/BUILD | 4 +- .../bootstraptoken/node/tlsbootstrap.go | 4 +- cmd/kubeadm/app/phases/upgrade/BUILD | 1 - cmd/kubeadm/app/phases/upgrade/postupgrade.go | 6 -- .../app/phases/upgrade/postupgrade_v17_v18.go | 6 +- cmd/kubeadm/app/util/apiclient/BUILD | 4 +- .../app/util/apiclient/dryrunclient_test.go | 4 +- cmd/kubeadm/app/util/apiclient/idempotency.go | 18 ++--- .../app/util/apiclient/init_dryrun_test.go | 2 +- 19 files changed, 27 insertions(+), 166 deletions(-) delete mode 100644 cmd/kubeadm/app/phases/apiconfig/BUILD delete mode 100644 cmd/kubeadm/app/phases/apiconfig/clusterroles.go delete mode 100644 cmd/kubeadm/app/phases/apiconfig/clusterroles_test.go diff --git a/cmd/kubeadm/app/BUILD b/cmd/kubeadm/app/BUILD index e1936654c5f..c99cb59934f 100644 --- a/cmd/kubeadm/app/BUILD +++ b/cmd/kubeadm/app/BUILD @@ -35,7 +35,6 @@ filegroup( "//cmd/kubeadm/app/node:all-srcs", "//cmd/kubeadm/app/phases/addons/dns:all-srcs", "//cmd/kubeadm/app/phases/addons/proxy:all-srcs", - "//cmd/kubeadm/app/phases/apiconfig:all-srcs", "//cmd/kubeadm/app/phases/bootstraptoken/clusterinfo:all-srcs", "//cmd/kubeadm/app/phases/bootstraptoken/node:all-srcs", "//cmd/kubeadm/app/phases/certs:all-srcs", diff --git a/cmd/kubeadm/app/cmd/BUILD b/cmd/kubeadm/app/cmd/BUILD index fba65c86023..b46c9f4f60f 100644 --- a/cmd/kubeadm/app/cmd/BUILD +++ b/cmd/kubeadm/app/cmd/BUILD @@ -32,7 +32,6 @@ go_library( "//cmd/kubeadm/app/node:go_default_library", "//cmd/kubeadm/app/phases/addons/dns:go_default_library", "//cmd/kubeadm/app/phases/addons/proxy:go_default_library", - "//cmd/kubeadm/app/phases/apiconfig:go_default_library", "//cmd/kubeadm/app/phases/bootstraptoken/clusterinfo:go_default_library", "//cmd/kubeadm/app/phases/bootstraptoken/node:go_default_library", "//cmd/kubeadm/app/phases/certs:go_default_library", diff --git a/cmd/kubeadm/app/cmd/init.go b/cmd/kubeadm/app/cmd/init.go index 4d7e9a0a47e..f431b60d1a5 100644 --- a/cmd/kubeadm/app/cmd/init.go +++ b/cmd/kubeadm/app/cmd/init.go @@ -40,7 +40,6 @@ import ( "k8s.io/kubernetes/cmd/kubeadm/app/images" dnsaddonphase "k8s.io/kubernetes/cmd/kubeadm/app/phases/addons/dns" proxyaddonphase "k8s.io/kubernetes/cmd/kubeadm/app/phases/addons/proxy" - apiconfigphase "k8s.io/kubernetes/cmd/kubeadm/app/phases/apiconfig" clusterinfophase "k8s.io/kubernetes/cmd/kubeadm/app/phases/bootstraptoken/clusterinfo" nodebootstraptokenphase "k8s.io/kubernetes/cmd/kubeadm/app/phases/bootstraptoken/node" certsphase "k8s.io/kubernetes/cmd/kubeadm/app/phases/certs" @@ -391,10 +390,6 @@ func (i *Init) Run(out io.Writer) error { // PHASE 6: Install and deploy all addons, and configure things as necessary - if err := apiconfigphase.CreateRBACRules(client, k8sVersion); err != nil { - return err - } - if err := dnsaddonphase.EnsureDNSAddon(i.cfg, client); err != nil { return err } diff --git a/cmd/kubeadm/app/phases/addons/proxy/BUILD b/cmd/kubeadm/app/phases/addons/proxy/BUILD index f0cff8d9eb8..2c021dcbeb6 100644 --- a/cmd/kubeadm/app/phases/addons/proxy/BUILD +++ b/cmd/kubeadm/app/phases/addons/proxy/BUILD @@ -35,7 +35,7 @@ go_library( "//plugin/pkg/scheduler/algorithm:go_default_library", "//vendor/k8s.io/api/apps/v1beta2:go_default_library", "//vendor/k8s.io/api/core/v1:go_default_library", - "//vendor/k8s.io/api/rbac/v1beta1:go_default_library", + "//vendor/k8s.io/api/rbac/v1:go_default_library", "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library", "//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library", "//vendor/k8s.io/client-go/kubernetes:go_default_library", diff --git a/cmd/kubeadm/app/phases/addons/proxy/proxy.go b/cmd/kubeadm/app/phases/addons/proxy/proxy.go index 22154b1cfe9..086de21cde9 100644 --- a/cmd/kubeadm/app/phases/addons/proxy/proxy.go +++ b/cmd/kubeadm/app/phases/addons/proxy/proxy.go @@ -22,7 +22,7 @@ import ( apps "k8s.io/api/apps/v1beta2" "k8s.io/api/core/v1" - rbac "k8s.io/api/rbac/v1beta1" + rbac "k8s.io/api/rbac/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" kuberuntime "k8s.io/apimachinery/pkg/runtime" clientset "k8s.io/client-go/kubernetes" diff --git a/cmd/kubeadm/app/phases/apiconfig/BUILD b/cmd/kubeadm/app/phases/apiconfig/BUILD deleted file mode 100644 index b93c7d34bbd..00000000000 --- a/cmd/kubeadm/app/phases/apiconfig/BUILD +++ /dev/null @@ -1,39 +0,0 @@ -package(default_visibility = ["//visibility:public"]) - -load( - "@io_bazel_rules_go//go:def.bzl", - "go_library", - "go_test", -) - -go_test( - name = "go_default_test", - srcs = ["clusterroles_test.go"], - library = ":go_default_library", -) - -go_library( - name = "go_default_library", - srcs = ["clusterroles.go"], - deps = [ - "//cmd/kubeadm/app/constants:go_default_library", - "//pkg/util/version:go_default_library", - "//vendor/k8s.io/api/rbac/v1beta1:go_default_library", - "//vendor/k8s.io/apimachinery/pkg/api/errors:go_default_library", - "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library", - "//vendor/k8s.io/client-go/kubernetes:go_default_library", - ], -) - -filegroup( - name = "package-srcs", - srcs = glob(["**"]), - tags = ["automanaged"], - visibility = ["//visibility:private"], -) - -filegroup( - name = "all-srcs", - srcs = [":package-srcs"], - tags = ["automanaged"], -) diff --git a/cmd/kubeadm/app/phases/apiconfig/clusterroles.go b/cmd/kubeadm/app/phases/apiconfig/clusterroles.go deleted file mode 100644 index daad591faaa..00000000000 --- a/cmd/kubeadm/app/phases/apiconfig/clusterroles.go +++ /dev/null @@ -1,69 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package apiconfig - -import ( - "fmt" - - rbac "k8s.io/api/rbac/v1beta1" - apierrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - clientset "k8s.io/client-go/kubernetes" - kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants" - "k8s.io/kubernetes/pkg/util/version" -) - -// CreateRBACRules creates the essential RBAC rules for a minimally set-up cluster -// TODO: This function and phase package is DEPRECATED. -// When the v1.9 cycle starts and deletePermissiveNodesBindingWhenUsingNodeAuthorization can be removed, this package will be removed with it. -func CreateRBACRules(client clientset.Interface, k8sVersion *version.Version) error { - if err := deletePermissiveNodesBindingWhenUsingNodeAuthorization(client, k8sVersion); err != nil { - return fmt.Errorf("failed to remove the permissive 'system:nodes' Group Subject in the 'system:node' ClusterRoleBinding: %v", err) - } - return nil -} - -func deletePermissiveNodesBindingWhenUsingNodeAuthorization(client clientset.Interface, k8sVersion *version.Version) error { - - // TODO: When the v1.9 cycle starts (targeting v1.9 at HEAD) and v1.8.0 is the minimum supported version, we can remove this function as the ClusterRoleBinding won't exist - // or already have no such permissive subject - nodesRoleBinding, err := client.RbacV1beta1().ClusterRoleBindings().Get(kubeadmconstants.NodesClusterRoleBinding, metav1.GetOptions{}) - if err != nil { - if apierrors.IsNotFound(err) { - // Nothing to do; the RoleBinding doesn't exist - return nil - } - return err - } - - newSubjects := []rbac.Subject{} - for _, subject := range nodesRoleBinding.Subjects { - // Skip the subject that binds to the system:nodes group - if subject.Name == kubeadmconstants.NodesGroup && subject.Kind == "Group" { - continue - } - newSubjects = append(newSubjects, subject) - } - - nodesRoleBinding.Subjects = newSubjects - - if _, err := client.RbacV1beta1().ClusterRoleBindings().Update(nodesRoleBinding); err != nil { - return err - } - - return nil -} diff --git a/cmd/kubeadm/app/phases/apiconfig/clusterroles_test.go b/cmd/kubeadm/app/phases/apiconfig/clusterroles_test.go deleted file mode 100644 index 101948f2ec1..00000000000 --- a/cmd/kubeadm/app/phases/apiconfig/clusterroles_test.go +++ /dev/null @@ -1,17 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package apiconfig diff --git a/cmd/kubeadm/app/phases/bootstraptoken/clusterinfo/BUILD b/cmd/kubeadm/app/phases/bootstraptoken/clusterinfo/BUILD index 6377b70aed5..a4db64bff37 100644 --- a/cmd/kubeadm/app/phases/bootstraptoken/clusterinfo/BUILD +++ b/cmd/kubeadm/app/phases/bootstraptoken/clusterinfo/BUILD @@ -24,10 +24,10 @@ go_library( srcs = ["clusterinfo.go"], deps = [ "//cmd/kubeadm/app/util/apiclient:go_default_library", - "//pkg/apis/rbac/v1beta1:go_default_library", + "//pkg/apis/rbac/v1:go_default_library", "//pkg/bootstrap/api:go_default_library", "//vendor/k8s.io/api/core/v1:go_default_library", - "//vendor/k8s.io/api/rbac/v1beta1:go_default_library", + "//vendor/k8s.io/api/rbac/v1:go_default_library", "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library", "//vendor/k8s.io/apiserver/pkg/authentication/user:go_default_library", "//vendor/k8s.io/client-go/kubernetes:go_default_library", diff --git a/cmd/kubeadm/app/phases/bootstraptoken/clusterinfo/clusterinfo.go b/cmd/kubeadm/app/phases/bootstraptoken/clusterinfo/clusterinfo.go index ea5c2c7c087..b1295c8552f 100644 --- a/cmd/kubeadm/app/phases/bootstraptoken/clusterinfo/clusterinfo.go +++ b/cmd/kubeadm/app/phases/bootstraptoken/clusterinfo/clusterinfo.go @@ -20,14 +20,14 @@ import ( "fmt" "k8s.io/api/core/v1" - rbac "k8s.io/api/rbac/v1beta1" + rbac "k8s.io/api/rbac/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apiserver/pkg/authentication/user" clientset "k8s.io/client-go/kubernetes" "k8s.io/client-go/tools/clientcmd" clientcmdapi "k8s.io/client-go/tools/clientcmd/api" "k8s.io/kubernetes/cmd/kubeadm/app/util/apiclient" - rbachelper "k8s.io/kubernetes/pkg/apis/rbac/v1beta1" + rbachelper "k8s.io/kubernetes/pkg/apis/rbac/v1" bootstrapapi "k8s.io/kubernetes/pkg/bootstrap/api" ) diff --git a/cmd/kubeadm/app/phases/bootstraptoken/node/BUILD b/cmd/kubeadm/app/phases/bootstraptoken/node/BUILD index 5a999c0fe39..883e3fb76cc 100644 --- a/cmd/kubeadm/app/phases/bootstraptoken/node/BUILD +++ b/cmd/kubeadm/app/phases/bootstraptoken/node/BUILD @@ -23,11 +23,11 @@ go_library( "//cmd/kubeadm/app/constants:go_default_library", "//cmd/kubeadm/app/util/apiclient:go_default_library", "//cmd/kubeadm/app/util/token:go_default_library", - "//pkg/apis/rbac/v1beta1:go_default_library", + "//pkg/apis/rbac/v1:go_default_library", "//pkg/bootstrap/api:go_default_library", "//pkg/util/version:go_default_library", "//vendor/k8s.io/api/core/v1:go_default_library", - "//vendor/k8s.io/api/rbac/v1beta1:go_default_library", + "//vendor/k8s.io/api/rbac/v1:go_default_library", "//vendor/k8s.io/apimachinery/pkg/api/errors:go_default_library", "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library", "//vendor/k8s.io/client-go/kubernetes:go_default_library", diff --git a/cmd/kubeadm/app/phases/bootstraptoken/node/tlsbootstrap.go b/cmd/kubeadm/app/phases/bootstraptoken/node/tlsbootstrap.go index 82125f5604e..cfa592afac2 100644 --- a/cmd/kubeadm/app/phases/bootstraptoken/node/tlsbootstrap.go +++ b/cmd/kubeadm/app/phases/bootstraptoken/node/tlsbootstrap.go @@ -19,12 +19,12 @@ package node import ( "fmt" - rbac "k8s.io/api/rbac/v1beta1" + rbac "k8s.io/api/rbac/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" clientset "k8s.io/client-go/kubernetes" "k8s.io/kubernetes/cmd/kubeadm/app/constants" "k8s.io/kubernetes/cmd/kubeadm/app/util/apiclient" - rbachelper "k8s.io/kubernetes/pkg/apis/rbac/v1beta1" + rbachelper "k8s.io/kubernetes/pkg/apis/rbac/v1" "k8s.io/kubernetes/pkg/util/version" ) diff --git a/cmd/kubeadm/app/phases/upgrade/BUILD b/cmd/kubeadm/app/phases/upgrade/BUILD index 5290f85f5fa..731da4a1dd5 100644 --- a/cmd/kubeadm/app/phases/upgrade/BUILD +++ b/cmd/kubeadm/app/phases/upgrade/BUILD @@ -23,7 +23,6 @@ go_library( "//cmd/kubeadm/app/images:go_default_library", "//cmd/kubeadm/app/phases/addons/dns:go_default_library", "//cmd/kubeadm/app/phases/addons/proxy:go_default_library", - "//cmd/kubeadm/app/phases/apiconfig:go_default_library", "//cmd/kubeadm/app/phases/bootstraptoken/clusterinfo:go_default_library", "//cmd/kubeadm/app/phases/bootstraptoken/node:go_default_library", "//cmd/kubeadm/app/phases/controlplane:go_default_library", diff --git a/cmd/kubeadm/app/phases/upgrade/postupgrade.go b/cmd/kubeadm/app/phases/upgrade/postupgrade.go index 5b33251bb01..2fbfec3383f 100644 --- a/cmd/kubeadm/app/phases/upgrade/postupgrade.go +++ b/cmd/kubeadm/app/phases/upgrade/postupgrade.go @@ -22,7 +22,6 @@ import ( kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm" "k8s.io/kubernetes/cmd/kubeadm/app/phases/addons/dns" "k8s.io/kubernetes/cmd/kubeadm/app/phases/addons/proxy" - "k8s.io/kubernetes/cmd/kubeadm/app/phases/apiconfig" "k8s.io/kubernetes/cmd/kubeadm/app/phases/bootstraptoken/clusterinfo" nodebootstraptoken "k8s.io/kubernetes/cmd/kubeadm/app/phases/bootstraptoken/node" "k8s.io/kubernetes/cmd/kubeadm/app/phases/uploadconfig" @@ -77,11 +76,6 @@ func PerformPostUpgradeTasks(client clientset.Interface, cfg *kubeadmapi.MasterC errs = append(errs, err) } - // TODO: This call is deprecated - if err := apiconfig.CreateRBACRules(client, k8sVersion); err != nil { - errs = append(errs, err) - } - // Upgrade kube-dns and kube-proxy if err := dns.EnsureDNSAddon(cfg, client); err != nil { errs = append(errs, err) diff --git a/cmd/kubeadm/app/phases/upgrade/postupgrade_v17_v18.go b/cmd/kubeadm/app/phases/upgrade/postupgrade_v17_v18.go index 5465a24b41d..8a584bdb0ef 100644 --- a/cmd/kubeadm/app/phases/upgrade/postupgrade_v17_v18.go +++ b/cmd/kubeadm/app/phases/upgrade/postupgrade_v17_v18.go @@ -45,7 +45,7 @@ func deleteOldApprovalClusterRoleBindingIfExists(client clientset.Interface, k8s // Gate this upgrade behavior for new clusters above v1.9.0-alpha.3 where this change took place if k8sVersion.AtLeast(constants.MinimumCSRAutoApprovalClusterRolesVersion) { - err := client.RbacV1beta1().ClusterRoleBindings().Delete(nodebootstraptoken.NodeAutoApproveBootstrapClusterRoleBinding, &metav1.DeleteOptions{}) + err := client.RbacV1().ClusterRoleBindings().Delete(nodebootstraptoken.NodeAutoApproveBootstrapClusterRoleBinding, &metav1.DeleteOptions{}) // If the binding was not found, happily continue if apierrors.IsNotFound(err) { return nil @@ -80,7 +80,7 @@ func deleteWronglyNamedClusterInfoRBACRules(client clientset.Interface, k8sVersi } func removeOldRole(client clientset.Interface) error { - err := client.RbacV1beta1().Roles(metav1.NamespacePublic).Delete(oldClusterInfoRole, &metav1.DeleteOptions{}) + err := client.RbacV1().Roles(metav1.NamespacePublic).Delete(oldClusterInfoRole, &metav1.DeleteOptions{}) // If the binding was not found, happily continue if apierrors.IsNotFound(err) { return nil @@ -94,7 +94,7 @@ func removeOldRole(client clientset.Interface) error { } func removeOldRoleBinding(client clientset.Interface) error { - err := client.RbacV1beta1().RoleBindings(metav1.NamespacePublic).Delete(clusterinfo.BootstrapSignerClusterRoleName, &metav1.DeleteOptions{}) + err := client.RbacV1().RoleBindings(metav1.NamespacePublic).Delete(clusterinfo.BootstrapSignerClusterRoleName, &metav1.DeleteOptions{}) // If the binding was not found, happily continue if apierrors.IsNotFound(err) { return nil diff --git a/cmd/kubeadm/app/util/apiclient/BUILD b/cmd/kubeadm/app/util/apiclient/BUILD index c40b167ffd3..218bf81d183 100644 --- a/cmd/kubeadm/app/util/apiclient/BUILD +++ b/cmd/kubeadm/app/util/apiclient/BUILD @@ -20,7 +20,7 @@ go_library( "//pkg/registry/core/service/ipallocator:go_default_library", "//vendor/k8s.io/api/apps/v1beta2:go_default_library", "//vendor/k8s.io/api/core/v1:go_default_library", - "//vendor/k8s.io/api/rbac/v1beta1:go_default_library", + "//vendor/k8s.io/api/rbac/v1:go_default_library", "//vendor/k8s.io/apimachinery/pkg/api/errors:go_default_library", "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library", "//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library", @@ -59,7 +59,7 @@ go_test( library = ":go_default_library", deps = [ "//vendor/k8s.io/api/core/v1:go_default_library", - "//vendor/k8s.io/api/rbac/v1beta1:go_default_library", + "//vendor/k8s.io/api/rbac/v1:go_default_library", "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library", "//vendor/k8s.io/apimachinery/pkg/runtime/schema:go_default_library", "//vendor/k8s.io/client-go/testing:go_default_library", diff --git a/cmd/kubeadm/app/util/apiclient/dryrunclient_test.go b/cmd/kubeadm/app/util/apiclient/dryrunclient_test.go index f3c4a7fec9d..47e96b2501b 100644 --- a/cmd/kubeadm/app/util/apiclient/dryrunclient_test.go +++ b/cmd/kubeadm/app/util/apiclient/dryrunclient_test.go @@ -21,7 +21,7 @@ import ( "testing" "k8s.io/api/core/v1" - rbac "k8s.io/api/rbac/v1beta1" + rbac "k8s.io/api/rbac/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime/schema" core "k8s.io/client-go/testing" @@ -41,7 +41,7 @@ func TestLogDryRunAction(t *testing.T) { }, { action: core.NewRootGetAction(schema.GroupVersionResource{Group: rbac.GroupName, Version: rbac.SchemeGroupVersion.Version, Resource: "clusterrolebindings"}, "system:node"), - expectedBytes: []byte(`[dryrun] Would perform action GET on resource "clusterrolebindings" in API group "rbac.authorization.k8s.io/v1beta1" + expectedBytes: []byte(`[dryrun] Would perform action GET on resource "clusterrolebindings" in API group "rbac.authorization.k8s.io/v1" [dryrun] Resource name: "system:node" `), }, diff --git a/cmd/kubeadm/app/util/apiclient/idempotency.go b/cmd/kubeadm/app/util/apiclient/idempotency.go index 8804fa4160e..a2f11a74459 100644 --- a/cmd/kubeadm/app/util/apiclient/idempotency.go +++ b/cmd/kubeadm/app/util/apiclient/idempotency.go @@ -21,7 +21,7 @@ import ( apps "k8s.io/api/apps/v1beta2" "k8s.io/api/core/v1" - rbac "k8s.io/api/rbac/v1beta1" + rbac "k8s.io/api/rbac/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" clientset "k8s.io/client-go/kubernetes" @@ -109,12 +109,12 @@ func DeleteDaemonSetForeground(client clientset.Interface, namespace, name strin // CreateOrUpdateRole creates a Role if the target resource doesn't exist. If the resource exists already, this function will update the resource instead. func CreateOrUpdateRole(client clientset.Interface, role *rbac.Role) error { - if _, err := client.RbacV1beta1().Roles(role.ObjectMeta.Namespace).Create(role); err != nil { + if _, err := client.RbacV1().Roles(role.ObjectMeta.Namespace).Create(role); err != nil { if !apierrors.IsAlreadyExists(err) { return fmt.Errorf("unable to create RBAC role: %v", err) } - if _, err := client.RbacV1beta1().Roles(role.ObjectMeta.Namespace).Update(role); err != nil { + if _, err := client.RbacV1().Roles(role.ObjectMeta.Namespace).Update(role); err != nil { return fmt.Errorf("unable to update RBAC role: %v", err) } } @@ -123,12 +123,12 @@ func CreateOrUpdateRole(client clientset.Interface, role *rbac.Role) error { // CreateOrUpdateRoleBinding creates a RoleBinding if the target resource doesn't exist. If the resource exists already, this function will update the resource instead. func CreateOrUpdateRoleBinding(client clientset.Interface, roleBinding *rbac.RoleBinding) error { - if _, err := client.RbacV1beta1().RoleBindings(roleBinding.ObjectMeta.Namespace).Create(roleBinding); err != nil { + if _, err := client.RbacV1().RoleBindings(roleBinding.ObjectMeta.Namespace).Create(roleBinding); err != nil { if !apierrors.IsAlreadyExists(err) { return fmt.Errorf("unable to create RBAC rolebinding: %v", err) } - if _, err := client.RbacV1beta1().RoleBindings(roleBinding.ObjectMeta.Namespace).Update(roleBinding); err != nil { + if _, err := client.RbacV1().RoleBindings(roleBinding.ObjectMeta.Namespace).Update(roleBinding); err != nil { return fmt.Errorf("unable to update RBAC rolebinding: %v", err) } } @@ -137,12 +137,12 @@ func CreateOrUpdateRoleBinding(client clientset.Interface, roleBinding *rbac.Rol // CreateOrUpdateClusterRole creates a ClusterRole if the target resource doesn't exist. If the resource exists already, this function will update the resource instead. func CreateOrUpdateClusterRole(client clientset.Interface, clusterRole *rbac.ClusterRole) error { - if _, err := client.RbacV1beta1().ClusterRoles().Create(clusterRole); err != nil { + if _, err := client.RbacV1().ClusterRoles().Create(clusterRole); err != nil { if !apierrors.IsAlreadyExists(err) { return fmt.Errorf("unable to create RBAC clusterrole: %v", err) } - if _, err := client.RbacV1beta1().ClusterRoles().Update(clusterRole); err != nil { + if _, err := client.RbacV1().ClusterRoles().Update(clusterRole); err != nil { return fmt.Errorf("unable to update RBAC clusterrole: %v", err) } } @@ -151,12 +151,12 @@ func CreateOrUpdateClusterRole(client clientset.Interface, clusterRole *rbac.Clu // CreateOrUpdateClusterRoleBinding creates a ClusterRoleBinding if the target resource doesn't exist. If the resource exists already, this function will update the resource instead. func CreateOrUpdateClusterRoleBinding(client clientset.Interface, clusterRoleBinding *rbac.ClusterRoleBinding) error { - if _, err := client.RbacV1beta1().ClusterRoleBindings().Create(clusterRoleBinding); err != nil { + if _, err := client.RbacV1().ClusterRoleBindings().Create(clusterRoleBinding); err != nil { if !apierrors.IsAlreadyExists(err) { return fmt.Errorf("unable to create RBAC clusterrolebinding: %v", err) } - if _, err := client.RbacV1beta1().ClusterRoleBindings().Update(clusterRoleBinding); err != nil { + if _, err := client.RbacV1().ClusterRoleBindings().Update(clusterRoleBinding); err != nil { return fmt.Errorf("unable to update RBAC clusterrolebinding: %v", err) } } diff --git a/cmd/kubeadm/app/util/apiclient/init_dryrun_test.go b/cmd/kubeadm/app/util/apiclient/init_dryrun_test.go index 9e681b52187..fbcc7199352 100644 --- a/cmd/kubeadm/app/util/apiclient/init_dryrun_test.go +++ b/cmd/kubeadm/app/util/apiclient/init_dryrun_test.go @@ -21,7 +21,7 @@ import ( "encoding/json" "testing" - rbac "k8s.io/api/rbac/v1beta1" + rbac "k8s.io/api/rbac/v1" "k8s.io/apimachinery/pkg/runtime/schema" core "k8s.io/client-go/testing" )