github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-03 09:22:44 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #121609 from neolit123/1.29-super-admin-conf

Browse Source 
kubeadm: poll additional CRB create calls for kubeadm:cluster-admins
This commit is contained in:
Kubernetes Prow Robot 2023-10-30 21:12:00 +01:00 committed by GitHub
commit 5cb83d1cd2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 40 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
cmd/kubeadm/app/phases/kubeconfig/kubeconfig.go
View File

@ -683,13 +683,31 @@ func EnsureAdminClusterRoleBindingImpl(ctx context.Context, adminClient, superAd
kubeadmconstants.ClusterAdminsGroupAndClusterRoleBinding, kubeadmconstants.ClusterAdminsGroupAndClusterRoleBinding,
kubeadmconstants.SuperAdminKubeConfigFileName) kubeadmconstants.SuperAdminKubeConfigFileName)
if _, err := superAdminClient.RbacV1().ClusterRoleBindings().Create( err = wait.PollUntilContextTimeout(
ctx, ctx,
clusterRoleBinding, retryInterval,
metav1.CreateOptions{}, retryTimeout,
); err != nil { true, func(ctx context.Context) (bool, error) {
return nil, errors.Wrapf(err, "unable to create the %s ClusterRoleBinding", if _, err := superAdminClient.RbacV1().ClusterRoleBindings().Create(
kubeadmconstants.ClusterAdminsGroupAndClusterRoleBinding) ctx,
clusterRoleBinding,
metav1.CreateOptions{},
); err != nil {
lastError = err
if apierrors.IsAlreadyExists(err) {
// This should not happen, as the previous "create" call that uses
// the admin.conf should have passed. Return the error.
return true, err
}
// Retry on any other type of error.
return false, nil
}
return true, nil
})
if err != nil {
return nil, errors.Wrapf(lastError, "unable to create the %s ClusterRoleBinding by using %s",
kubeadmconstants.ClusterAdminsGroupAndClusterRoleBinding,
kubeadmconstants.SuperAdminKubeConfigFileName)
} }
// Once the CRB is in place, start using the admin.conf client. // Once the CRB is in place, start using the admin.conf client.

16
cmd/kubeadm/app/phases/kubeconfig/kubeconfig_test.go
View File

@ -902,6 +902,22 @@ func TestEnsureAdminClusterRoleBindingImpl(t *testing.T) {
}, },
expectedError: false, expectedError: false,
}, },
{
name: "super-admin.conf: admin.conf cannot create CRB, try to create CRB with super-admin.conf, encounter 'already exists' error",
setupAdminClient: func(client *clientsetfake.Clientset) {
client.PrependReactor("create", "clusterrolebindings", func(action clientgotesting.Action) (bool, runtime.Object, error) {
return true, nil, apierrors.NewForbidden(
schema.GroupResource{}, "name", errors.New(""))
})
},
setupSuperAdminClient: func(client *clientsetfake.Clientset) {
client.PrependReactor("create", "clusterrolebindings", func(action clientgotesting.Action) (bool, runtime.Object, error) {
return true, nil, apierrors.NewAlreadyExists(
schema.GroupResource{}, "name")
})
},
expectedError: true,
},
} }
for _, tc := range tests { for _, tc := range tests {