github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-24 20:24:09 +00:00
Code Issues Projects Releases Wiki Activity

Create etcd user in cloud-init master.yaml rather than in configure-helper.sh

Browse Source 
An etcd unix user is currently created in configure-helper.sh if it does not exist
on the master.

cloud-init is the only supported mechanism to add users on COS VMs. If an attempt
is made to add a key using OS Login or the instance metadata mechanism the
google_accounts_daemon will race with useradd and potentially attempt to use
the same UID. This will lock out any attempt to SSH into the VM. We therefore
migrate to using cloud-init to create this user and prevent this issue from occurring.
This commit is contained in:
yaseenhamdulay 2020-03-05 16:12:47 +00:00 committed by Yaseen Hamdulay
parent 21d4d13d98
commit 5de3c64ad0
2 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
cluster/gce/gci/configure-helper.sh
View File

@ -445,9 +445,6 @@ function mount-master-pd {
mkdir -p "${mount_point}/srv/sshproxy" mkdir -p "${mount_point}/srv/sshproxy"
ln -s -f "${mount_point}/srv/sshproxy" /etc/srv/sshproxy ln -s -f "${mount_point}/srv/sshproxy" /etc/srv/sshproxy
if ! id etcd &>/dev/null; then
useradd -s /sbin/nologin -d /var/etcd etcd
fi
chown -R etcd "${mount_point}/var/etcd" chown -R etcd "${mount_point}/var/etcd"
chgrp -R etcd "${mount_point}/var/etcd" chgrp -R etcd "${mount_point}/var/etcd"
} }

5
cluster/gce/gci/master.yaml
View File

@ -1,5 +1,10 @@
#cloud-config #cloud-config
users:
- name: etcd
homedir: /var/etcd
lock_passwd: true
write_files: write_files:
- path: /etc/systemd/system/kube-master-installation.service - path: /etc/systemd/system/kube-master-installation.service
permissions: 0644 permissions: 0644