github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-23 03:41:45 +00:00
Code Issues Projects Releases Wiki Activity

kubeadm: add missing RBAC for getting nodes on "upgrade apply"

Browse Source 
b117a928 added a new check during "join" whether a Node with
the same name exists in the cluster.

When upgrading from 1.17 to 1.18 make sure the required RBAC
by this check is added. Otherwise "kubeadm join" will complain that
it lacks permissions to GET a Node.
This commit is contained in:
Lubomir I. Ivanov 2020-03-26 22:02:55 +02:00
parent 9a4b30099e
commit 6f99791021
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
cmd/kubeadm/app/phases/upgrade/postupgrade.go
View File

@ -70,6 +70,11 @@ func PerformPostUpgradeTasks(client clientset.Interface, cfg *kubeadmapi.InitCon
errs = append(errs, errors.Wrap(err, "error uploading crisocket"))
}
// Create RBAC rules that makes the bootstrap tokens able to get nodes
if err := nodebootstraptoken.AllowBoostrapTokensToGetNodes(client); err != nil {
errs = append(errs, err)
}
// Create/update RBAC rules that makes the bootstrap tokens able to post CSRs
if err := nodebootstraptoken.AllowBootstrapTokensToPostCSRs(client); err != nil {
errs = append(errs, err)