github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-03 17:30:00 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #122906 from danwinship/kubeadm-kubeconfig-fix-2

Browse Source 
Fix to previous EnsureAdminClusterRoleBindingImpl fix
This commit is contained in:
Kubernetes Prow Robot 2024-01-23 05:17:52 +01:00 committed by GitHub
commit 3aa8c59fec
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 7 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
cmd/kubeadm/app/phases/kubeconfig/kubeconfig.go
View File

@ -610,7 +610,7 @@ func EnsureAdminClusterRoleBindingImpl(ctx context.Context, adminClient, superAd
var ( var (
err, lastError error err, lastError error
crbResult *rbac.ClusterRoleBinding crbExists bool
clusterRoleBinding = &rbac.ClusterRoleBinding{ clusterRoleBinding = &rbac.ClusterRoleBinding{
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Name: kubeadmconstants.ClusterAdminsGroupAndClusterRoleBinding, Name: kubeadmconstants.ClusterAdminsGroupAndClusterRoleBinding,
@ -637,15 +637,11 @@ func EnsureAdminClusterRoleBindingImpl(ctx context.Context, adminClient, superAd
retryInterval, retryInterval,
retryTimeout, retryTimeout,
true, func(ctx context.Context) (bool, error) { true, func(ctx context.Context) (bool, error) {
if crbResult, err = adminClient.RbacV1().ClusterRoleBindings().Create( if _, err := adminClient.RbacV1().ClusterRoleBindings().Create(
ctx, ctx,
clusterRoleBinding, clusterRoleBinding,
metav1.CreateOptions{}, metav1.CreateOptions{},
); err != nil { ); err != nil {
// (Create returns a non-nil object even on error, but the
// code after the poll uses `crbResult != nil` to
// determine success.)
crbResult = nil
if apierrors.IsForbidden(err) { if apierrors.IsForbidden(err) {
// If it encounters a forbidden error this means that the API server was reached // If it encounters a forbidden error this means that the API server was reached
// but the CRB is missing - i.e. the admin.conf user does not have permissions // but the CRB is missing - i.e. the admin.conf user does not have permissions
@ -654,6 +650,7 @@ func EnsureAdminClusterRoleBindingImpl(ctx context.Context, adminClient, superAd
} else if apierrors.IsAlreadyExists(err) { } else if apierrors.IsAlreadyExists(err) {
// If the CRB exists it means the admin.conf already has the right // If the CRB exists it means the admin.conf already has the right
// permissions; return. // permissions; return.
crbExists = true
return true, nil return true, nil
} else { } else {
// Retry on any other error type. // Retry on any other error type.
@ -661,14 +658,15 @@ func EnsureAdminClusterRoleBindingImpl(ctx context.Context, adminClient, superAd
return false, nil return false, nil
} }
} }
crbExists = true
return true, nil return true, nil
}) })
if err != nil { if err != nil {
return nil, lastError return nil, lastError
} }
// The CRB exists; return the admin.conf client. // The CRB was created or already existed; return the admin.conf client.
if crbResult != nil { if crbExists {
return adminClient, nil return adminClient, nil
} }

2
cmd/kubeadm/app/phases/kubeconfig/kubeconfig_test.go
View File

@ -850,7 +850,7 @@ func TestEnsureAdminClusterRoleBindingImpl(t *testing.T) {
schema.GroupResource{}, "name") schema.GroupResource{}, "name")
}) })
}, },
expectedError: true, expectedError: false,
}, },
{ {
name: "admin.conf: handle other errors, such as a server timeout", name: "admin.conf: handle other errors, such as a server timeout",