mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-23 03:41:45 +00:00
Merge pull request #85014 from dekkagaijin/master
let standalone npd use kubelet credentials
This commit is contained in:
commit
c213196f0a
@ -0,0 +1,15 @@
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: kubelet-user-npd-binding
|
||||
labels:
|
||||
kubernetes.io/cluster-service: "true"
|
||||
addonmanager.kubernetes.io/mode: Reconcile
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: system:node-problem-detector
|
||||
subjects:
|
||||
- apiGroup: rbac.authorization.k8s.io
|
||||
kind: User
|
||||
name: kubelet
|
@ -1245,6 +1245,12 @@ current-context: service-account-context
|
||||
EOF
|
||||
}
|
||||
|
||||
function create-node-problem-detector-kubeconfig-from-kubelet {
|
||||
echo "Creating node-problem-detector kubeconfig from /var/lib/kubelet/kubeconfig"
|
||||
mkdir -p /var/lib/node-problem-detector
|
||||
cp /var/lib/kubelet/kubeconfig /var/lib/node-problem-detector/kubeconfig
|
||||
}
|
||||
|
||||
function create-master-etcd-auth {
|
||||
if [[ -n "${ETCD_CA_CERT:-}" && -n "${ETCD_PEER_KEY:-}" && -n "${ETCD_PEER_CERT:-}" ]]; then
|
||||
local -r auth_dir="/etc/srv/kubernetes"
|
||||
@ -2464,8 +2470,11 @@ EOF
|
||||
setup-addon-manifests "addons" "node-problem-detector"
|
||||
fi
|
||||
if [[ "${ENABLE_NODE_PROBLEM_DETECTOR:-}" == "standalone" ]]; then
|
||||
# Setup role binding for standalone node problem detector.
|
||||
setup-addon-manifests "addons" "node-problem-detector/standalone" "node-problem-detector"
|
||||
# Setup role binding(s) for standalone node problem detector.
|
||||
if [[ -n "${NODE_PROBLEM_DETECTOR_TOKEN:-}" ]]; then
|
||||
setup-addon-manifests "addons" "node-problem-detector/standalone"
|
||||
fi
|
||||
setup-addon-manifests "addons" "node-problem-detector/kubelet-user-standalone" "node-problem-detector"
|
||||
fi
|
||||
if echo "${ADMISSION_CONTROL:-}" | grep -q "LimitRanger"; then
|
||||
setup-addon-manifests "admission-controls" "limit-range" "gce"
|
||||
@ -2825,7 +2834,14 @@ function main() {
|
||||
create-kubeproxy-user-kubeconfig
|
||||
fi
|
||||
if [[ "${ENABLE_NODE_PROBLEM_DETECTOR:-}" == "standalone" ]]; then
|
||||
create-node-problem-detector-kubeconfig ${KUBERNETES_MASTER_NAME}
|
||||
if [[ -n "${NODE_PROBLEM_DETECTOR_TOKEN:-}" ]]; then
|
||||
create-node-problem-detector-kubeconfig ${KUBERNETES_MASTER_NAME}
|
||||
elif [[ -f "/var/lib/kubelet/kubeconfig" ]]; then
|
||||
create-node-problem-detector-kubeconfig-from-kubelet
|
||||
else
|
||||
echo "Either NODE_PROBLEM_DETECTOR_TOKEN or /var/lib/kubelet/kubeconfig must be set"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user