From c394d0fd80cbf0b41a3d2b7b59fec6f0ebef2c95 Mon Sep 17 00:00:00 2001 From: "Rostislav M. Georgiev" Date: Fri, 14 Jun 2019 14:08:31 +0300 Subject: [PATCH] kubeadm: Don't use RBAC helpers RBAC construction helpers are part of the Kubernetes internal APIs. As such, we cannot use them once we move to staging. Hence, replace their use with manual RBAC rule construction. Signed-off-by: Rostislav M. Georgiev --- cmd/kubeadm/app/phases/addons/proxy/BUILD | 1 - cmd/kubeadm/app/phases/addons/proxy/proxy.go | 8 ++++++-- cmd/kubeadm/app/phases/bootstraptoken/clusterinfo/BUILD | 1 - .../app/phases/bootstraptoken/clusterinfo/clusterinfo.go | 8 ++++++-- cmd/kubeadm/app/phases/copycerts/BUILD | 1 - cmd/kubeadm/app/phases/copycerts/copycerts.go | 8 ++++++-- cmd/kubeadm/app/phases/kubelet/BUILD | 1 - cmd/kubeadm/app/phases/kubelet/config.go | 8 ++++++-- cmd/kubeadm/app/phases/uploadconfig/BUILD | 1 - cmd/kubeadm/app/phases/uploadconfig/uploadconfig.go | 8 ++++++-- 10 files changed, 30 insertions(+), 15 deletions(-) diff --git a/cmd/kubeadm/app/phases/addons/proxy/BUILD b/cmd/kubeadm/app/phases/addons/proxy/BUILD index 3d561308aad..44950086eaa 100644 --- a/cmd/kubeadm/app/phases/addons/proxy/BUILD +++ b/cmd/kubeadm/app/phases/addons/proxy/BUILD @@ -42,7 +42,6 @@ go_library( "//cmd/kubeadm/app/images:go_default_library", "//cmd/kubeadm/app/util:go_default_library", "//cmd/kubeadm/app/util/apiclient:go_default_library", - "//pkg/apis/rbac/v1:go_default_library", "//staging/src/k8s.io/api/apps/v1:go_default_library", "//staging/src/k8s.io/api/core/v1:go_default_library", "//staging/src/k8s.io/api/rbac/v1:go_default_library", diff --git a/cmd/kubeadm/app/phases/addons/proxy/proxy.go b/cmd/kubeadm/app/phases/addons/proxy/proxy.go index 9118e098651..b319cfa044c 100644 --- a/cmd/kubeadm/app/phases/addons/proxy/proxy.go +++ b/cmd/kubeadm/app/phases/addons/proxy/proxy.go @@ -34,7 +34,6 @@ import ( "k8s.io/kubernetes/cmd/kubeadm/app/images" kubeadmutil "k8s.io/kubernetes/cmd/kubeadm/app/util" "k8s.io/kubernetes/cmd/kubeadm/app/util/apiclient" - rbachelper "k8s.io/kubernetes/pkg/apis/rbac/v1" ) const ( @@ -163,7 +162,12 @@ func createClusterRoleBindings(client clientset.Interface) error { Namespace: metav1.NamespaceSystem, }, Rules: []rbac.PolicyRule{ - rbachelper.NewRule("get").Groups("").Resources("configmaps").Names(constants.KubeProxyConfigMap).RuleOrDie(), + { + Verbs: []string{"get"}, + APIGroups: []string{""}, + Resources: []string{"configmaps"}, + ResourceNames: []string{constants.KubeProxyConfigMap}, + }, }, }); err != nil { return err diff --git a/cmd/kubeadm/app/phases/bootstraptoken/clusterinfo/BUILD b/cmd/kubeadm/app/phases/bootstraptoken/clusterinfo/BUILD index 41d801a6980..0b892569d97 100644 --- a/cmd/kubeadm/app/phases/bootstraptoken/clusterinfo/BUILD +++ b/cmd/kubeadm/app/phases/bootstraptoken/clusterinfo/BUILD @@ -25,7 +25,6 @@ go_library( importpath = "k8s.io/kubernetes/cmd/kubeadm/app/phases/bootstraptoken/clusterinfo", deps = [ "//cmd/kubeadm/app/util/apiclient:go_default_library", - "//pkg/apis/rbac/v1:go_default_library", "//staging/src/k8s.io/api/core/v1:go_default_library", "//staging/src/k8s.io/api/rbac/v1:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library", diff --git a/cmd/kubeadm/app/phases/bootstraptoken/clusterinfo/clusterinfo.go b/cmd/kubeadm/app/phases/bootstraptoken/clusterinfo/clusterinfo.go index c220636f2dd..278c319dd21 100644 --- a/cmd/kubeadm/app/phases/bootstraptoken/clusterinfo/clusterinfo.go +++ b/cmd/kubeadm/app/phases/bootstraptoken/clusterinfo/clusterinfo.go @@ -30,7 +30,6 @@ import ( bootstrapapi "k8s.io/cluster-bootstrap/token/api" "k8s.io/klog" "k8s.io/kubernetes/cmd/kubeadm/app/util/apiclient" - rbachelper "k8s.io/kubernetes/pkg/apis/rbac/v1" ) const ( @@ -84,7 +83,12 @@ func CreateClusterInfoRBACRules(client clientset.Interface) error { Namespace: metav1.NamespacePublic, }, Rules: []rbac.PolicyRule{ - rbachelper.NewRule("get").Groups("").Resources("configmaps").Names(bootstrapapi.ConfigMapClusterInfo).RuleOrDie(), + { + Verbs: []string{"get"}, + APIGroups: []string{""}, + Resources: []string{"configmaps"}, + ResourceNames: []string{bootstrapapi.ConfigMapClusterInfo}, + }, }, }) if err != nil { diff --git a/cmd/kubeadm/app/phases/copycerts/BUILD b/cmd/kubeadm/app/phases/copycerts/BUILD index 661ad17aae3..e1cab76b3de 100644 --- a/cmd/kubeadm/app/phases/copycerts/BUILD +++ b/cmd/kubeadm/app/phases/copycerts/BUILD @@ -11,7 +11,6 @@ go_library( "//cmd/kubeadm/app/phases/bootstraptoken/node:go_default_library", "//cmd/kubeadm/app/util/apiclient:go_default_library", "//cmd/kubeadm/app/util/crypto:go_default_library", - "//pkg/apis/rbac/v1:go_default_library", "//staging/src/k8s.io/api/core/v1:go_default_library", "//staging/src/k8s.io/api/rbac/v1:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/api/errors:go_default_library", diff --git a/cmd/kubeadm/app/phases/copycerts/copycerts.go b/cmd/kubeadm/app/phases/copycerts/copycerts.go index 07f9472570c..10c3aafae60 100644 --- a/cmd/kubeadm/app/phases/copycerts/copycerts.go +++ b/cmd/kubeadm/app/phases/copycerts/copycerts.go @@ -41,7 +41,6 @@ import ( nodebootstraptokenphase "k8s.io/kubernetes/cmd/kubeadm/app/phases/bootstraptoken/node" "k8s.io/kubernetes/cmd/kubeadm/app/util/apiclient" cryptoutil "k8s.io/kubernetes/cmd/kubeadm/app/util/crypto" - rbachelper "k8s.io/kubernetes/pkg/apis/rbac/v1" ) const ( @@ -127,7 +126,12 @@ func createRBAC(client clientset.Interface) error { Namespace: metav1.NamespaceSystem, }, Rules: []rbac.PolicyRule{ - rbachelper.NewRule("get").Groups("").Resources("secrets").Names(kubeadmconstants.KubeadmCertsSecret).RuleOrDie(), + { + Verbs: []string{"get"}, + APIGroups: []string{""}, + Resources: []string{"secrets"}, + ResourceNames: []string{kubeadmconstants.KubeadmCertsSecret}, + }, }, }) if err != nil { diff --git a/cmd/kubeadm/app/phases/kubelet/BUILD b/cmd/kubeadm/app/phases/kubelet/BUILD index 6215de46da0..a200a4c1b36 100644 --- a/cmd/kubeadm/app/phases/kubelet/BUILD +++ b/cmd/kubeadm/app/phases/kubelet/BUILD @@ -17,7 +17,6 @@ go_library( "//cmd/kubeadm/app/images:go_default_library", "//cmd/kubeadm/app/util:go_default_library", "//cmd/kubeadm/app/util/apiclient:go_default_library", - "//pkg/apis/rbac/v1:go_default_library", "//pkg/kubelet/apis/config:go_default_library", "//pkg/util/initsystem:go_default_library", "//pkg/util/node:go_default_library", diff --git a/cmd/kubeadm/app/phases/kubelet/config.go b/cmd/kubeadm/app/phases/kubelet/config.go index 86ddaf50915..95b5d4acd9d 100644 --- a/cmd/kubeadm/app/phases/kubelet/config.go +++ b/cmd/kubeadm/app/phases/kubelet/config.go @@ -33,7 +33,6 @@ import ( "k8s.io/kubernetes/cmd/kubeadm/app/componentconfigs" kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants" "k8s.io/kubernetes/cmd/kubeadm/app/util/apiclient" - rbachelper "k8s.io/kubernetes/pkg/apis/rbac/v1" kubeletconfig "k8s.io/kubernetes/pkg/kubelet/apis/config" ) @@ -91,7 +90,12 @@ func createConfigMapRBACRules(client clientset.Interface, k8sVersion *version.Ve Namespace: metav1.NamespaceSystem, }, Rules: []rbac.PolicyRule{ - rbachelper.NewRule("get").Groups("").Resources("configmaps").Names(kubeadmconstants.GetKubeletConfigMapName(k8sVersion)).RuleOrDie(), + { + Verbs: []string{"get"}, + APIGroups: []string{""}, + Resources: []string{"configmaps"}, + ResourceNames: []string{kubeadmconstants.GetKubeletConfigMapName(k8sVersion)}, + }, }, }); err != nil { return err diff --git a/cmd/kubeadm/app/phases/uploadconfig/BUILD b/cmd/kubeadm/app/phases/uploadconfig/BUILD index a8a7a8ecec1..98f5a856c47 100644 --- a/cmd/kubeadm/app/phases/uploadconfig/BUILD +++ b/cmd/kubeadm/app/phases/uploadconfig/BUILD @@ -15,7 +15,6 @@ go_library( "//cmd/kubeadm/app/constants:go_default_library", "//cmd/kubeadm/app/util/apiclient:go_default_library", "//cmd/kubeadm/app/util/config:go_default_library", - "//pkg/apis/rbac/v1:go_default_library", "//staging/src/k8s.io/api/core/v1:go_default_library", "//staging/src/k8s.io/api/rbac/v1:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library", diff --git a/cmd/kubeadm/app/phases/uploadconfig/uploadconfig.go b/cmd/kubeadm/app/phases/uploadconfig/uploadconfig.go index 17a66159509..39da3b63e96 100644 --- a/cmd/kubeadm/app/phases/uploadconfig/uploadconfig.go +++ b/cmd/kubeadm/app/phases/uploadconfig/uploadconfig.go @@ -29,7 +29,6 @@ import ( kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants" "k8s.io/kubernetes/cmd/kubeadm/app/util/apiclient" configutil "k8s.io/kubernetes/cmd/kubeadm/app/util/config" - rbachelper "k8s.io/kubernetes/pkg/apis/rbac/v1" ) const ( @@ -127,7 +126,12 @@ func UploadConfiguration(cfg *kubeadmapi.InitConfiguration, client clientset.Int Namespace: metav1.NamespaceSystem, }, Rules: []rbac.PolicyRule{ - rbachelper.NewRule("get").Groups("").Resources("configmaps").Names(kubeadmconstants.KubeadmConfigConfigMap).RuleOrDie(), + { + Verbs: []string{"get"}, + APIGroups: []string{""}, + Resources: []string{"configmaps"}, + ResourceNames: []string{kubeadmconstants.KubeadmConfigConfigMap}, + }, }, }) if err != nil {