fix some kubeadm init phase constants

2025-07-23 11:50:44 +00:00 · 2021-11-09 10:30:01 +08:00 · 2021-11-09 10:30:01 +08:00 · c5c9429d0e
commit c5c9429d0e
parent 731dc8cf74
2 changed files with 12 additions and 6 deletions
--- a/cmd/kubeadm/app/phases/addons/proxy/proxy.go
+++ b/cmd/kubeadm/app/phases/addons/proxy/proxy.go
@ -45,6 +45,12 @@ const (

 	// KubeProxyServiceAccountName describes the name of the ServiceAccount for the kube-proxy addon
 	KubeProxyServiceAccountName = "kube-proxy"
+
+	// KubeProxyClusterRoleBindingName sets the name for the kube-proxy CluterRoleBinding
+	KubeProxyClusterRoleBindingName = "kubeam:node-proxier"
+
+	// KubeProxyConfigMapRoleName sets the name of ClusterRole for ConfigMap
+	KubeProxyConfigMapRoleName = "kube-proxy"
 )

 // EnsureProxyAddon creates the kube-proxy addons
@ -157,7 +163,7 @@ func createKubeProxyAddon(cfg *kubeadmapi.ClusterConfiguration, client clientset
 func createClusterRoleBindings(client clientset.Interface) error {
 	if err := apiclient.CreateOrUpdateClusterRoleBinding(client, &rbac.ClusterRoleBinding{
 		ObjectMeta: metav1.ObjectMeta{
-			Name: "kubeadm:node-proxier",
+			Name: KubeProxyClusterRoleBindingName,
 		},
 		RoleRef: rbac.RoleRef{
 			APIGroup: rbac.GroupName,
@ -178,7 +184,7 @@ func createClusterRoleBindings(client clientset.Interface) error {
 	// Create a role for granting read only access to the kube-proxy component config ConfigMap
 	if err := apiclient.CreateOrUpdateRole(client, &rbac.Role{
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      constants.KubeProxyConfigMap,
+			Name:      KubeProxyConfigMapRoleName,
 			Namespace: metav1.NamespaceSystem,
 		},
 		Rules: []rbac.PolicyRule{
@ -196,13 +202,13 @@ func createClusterRoleBindings(client clientset.Interface) error {
 	// Bind the role to bootstrap tokens for allowing fetchConfiguration during join
 	return apiclient.CreateOrUpdateRoleBinding(client, &rbac.RoleBinding{
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      constants.KubeProxyConfigMap,
+			Name:      KubeProxyConfigMapRoleName,
 			Namespace: metav1.NamespaceSystem,
 		},
 		RoleRef: rbac.RoleRef{
 			APIGroup: rbac.GroupName,
 			Kind:     "Role",
-			Name:     constants.KubeProxyConfigMap,
+			Name:     KubeProxyConfigMapRoleName,
 		},
 		Subjects: []rbac.Subject{
 			{
--- a/cmd/kubeadm/app/phases/bootstraptoken/node/tlsbootstrap.go
+++ b/cmd/kubeadm/app/phases/bootstraptoken/node/tlsbootstrap.go
@ -125,7 +125,7 @@ func AutoApproveNodeBootstrapTokens(client clientset.Interface) error {
 		},
 		Subjects: []rbac.Subject{
 			{
-				Kind: "Group",
+				Kind: rbac.GroupKind,
 				Name: constants.NodeBootstrapTokenAuthGroup,
 			},
 		},
@ -147,7 +147,7 @@ func AutoApproveNodeCertificateRotation(client clientset.Interface) error {
 		},
 		Subjects: []rbac.Subject{
 			{
-				Kind: "Group",
+				Kind: rbac.GroupKind,
 				Name: constants.NodesGroup,
 			},
 		},