Merge pull request #54937 from xiangpengzhao/remove-kubeadm-const

Automatic merge from submit-queue (batch tested with PRs 49840, 54937, 54543). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Remove MinimumCSRAutoApprovalClusterRolesVersion in 1.9 cycle. **What this PR does / why we need it**: **Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*: Fixes # **Special notes for your reviewer**: Have we already bumped the minimum supported version to v1.8.0? /cc @luxas **Release note**: ```release-note NONE ```
2025-07-28 22:17:14 +00:00 · 2017-11-01 08:20:25 -07:00 · 2017-11-01 08:20:25 -07:00 · 746cc43f4b
commit 746cc43f4b
parent c119a60946 df81ecf396
2 changed files with 16 additions and 25 deletions
--- a/cmd/kubeadm/app/constants/constants.go
+++ b/cmd/kubeadm/app/constants/constants.go
@ -201,10 +201,6 @@ var (
 	// MinimumControlPlaneVersion specifies the minimum control plane version kubeadm can deploy
 	MinimumControlPlaneVersion = version.MustParseSemantic("v1.8.0")
 	// MinimumCSRAutoApprovalClusterRolesVersion defines whether kubeadm can rely on the built-in CSR approval ClusterRole or not (note, the binding is always created by kubeadm!)
 	// TODO: Remove this when the v1.9 cycle starts and we bump the minimum supported version to v1.8.0
 	MinimumCSRAutoApprovalClusterRolesVersion = version.MustParseSemantic("v1.8.0-alpha.3")
 	// MinimumKubeletVersion specifies the minimum version of kubelet which kubeadm supports
 	MinimumKubeletVersion = version.MustParseSemantic("v1.8.0")
 )
--- a/cmd/kubeadm/app/phases/bootstraptoken/node/tlsbootstrap.go
+++ b/cmd/kubeadm/app/phases/bootstraptoken/node/tlsbootstrap.go
@ -95,27 +95,22 @@ func AutoApproveNodeBootstrapTokens(client clientset.Interface, k8sVersion *vers
 // AutoApproveNodeCertificateRotation creates RBAC rules in a way that makes Node certificate rotation CSR auto-approved by the csrapprover controller
 func AutoApproveNodeCertificateRotation(client clientset.Interface, k8sVersion *version.Version) error {
 	fmt.Println("[bootstraptoken] Configured RBAC rules to allow certificate rotation for all node client certificates in the cluster")
-	// Create autorotation cluster role binding only if we deploying or upgrading to version that supports it.
+	return apiclient.CreateOrUpdateClusterRoleBinding(client, &rbac.ClusterRoleBinding{
-	if k8sVersion.AtLeast(constants.MinimumCSRAutoApprovalClusterRolesVersion) {
+		ObjectMeta: metav1.ObjectMeta{
-		fmt.Println("[bootstraptoken] Configured RBAC rules to allow certificate rotation for all node client certificates in the cluster")
+			Name: NodeAutoApproveCertificateRotationClusterRoleBinding,
-
+		},
-		return apiclient.CreateOrUpdateClusterRoleBinding(client, &rbac.ClusterRoleBinding{
+		RoleRef: rbac.RoleRef{
-			ObjectMeta: metav1.ObjectMeta{
+			APIGroup: rbac.GroupName,
-				Name: NodeAutoApproveCertificateRotationClusterRoleBinding,
+			Kind:     "ClusterRole",
 			Name:     NodeSelfCSRAutoApprovalClusterRoleName,
 		},
 		Subjects: []rbac.Subject{
 			{
 				Kind: "Group",
 				Name: constants.NodesGroup,
 			},
-			RoleRef: rbac.RoleRef{
+		},
-				APIGroup: rbac.GroupName,
+	})
 				Kind:     "ClusterRole",
 				Name:     NodeSelfCSRAutoApprovalClusterRoleName,
 			},
 			Subjects: []rbac.Subject{
 				{
 					Kind: "Group",
 					Name: constants.NodesGroup,
 				},
 			},
 		})
 	}
 	return nil
 }