github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-04 18:00:08 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #122893 from danwinship/kubeadm-rolebinding-failure

Browse Source 
Fix EnsureAdminClusterRoleBindingImpl error handling
This commit is contained in:
Kubernetes Prow Robot 2024-01-21 19:18:47 +01:00 committed by GitHub
commit a07b1aaa5b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
cmd/kubeadm/app/phases/kubeconfig/kubeconfig.go
View File

@ -642,15 +642,14 @@ func EnsureAdminClusterRoleBindingImpl(ctx context.Context, adminClient, superAd
clusterRoleBinding, clusterRoleBinding,
metav1.CreateOptions{}, metav1.CreateOptions{},
); err != nil { ); err != nil {
// (Create returns a non-nil object even on error, but the
// code after the poll uses `crbResult != nil` to
// determine success.)
crbResult = nil
if apierrors.IsForbidden(err) { if apierrors.IsForbidden(err) {
// If it encounters a forbidden error this means that the API server was reached // If it encounters a forbidden error this means that the API server was reached
// but the CRB is missing - i.e. the admin.conf user does not have permissions // but the CRB is missing - i.e. the admin.conf user does not have permissions
// to create its own permission RBAC yet. // to create its own permission RBAC yet.
//
// When a "create" call is made, but the resource is forbidden, a non-nil
// CRB will still be returned. Return true here, but update "crbResult" to nil,
// to ensure that the process continues with super-admin.conf.
crbResult = nil
return true, nil return true, nil
} else if apierrors.IsAlreadyExists(err) { } else if apierrors.IsAlreadyExists(err) {
// If the CRB exists it means the admin.conf already has the right // If the CRB exists it means the admin.conf already has the right