github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-25 20:53:33 +00:00
Code Issues Projects Releases Wiki Activity

fix some kubeadm init phase constants

Browse Source
This commit is contained in:
calvin 2021-11-09 10:30:01 +08:00
parent 731dc8cf74
commit c5c9429d0e
2 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
cmd/kubeadm/app/phases/addons/proxy/proxy.go
View File

@ -45,6 +45,12 @@ const (
// KubeProxyServiceAccountName describes the name of the ServiceAccount for the kube-proxy addon // KubeProxyServiceAccountName describes the name of the ServiceAccount for the kube-proxy addon
KubeProxyServiceAccountName = "kube-proxy" KubeProxyServiceAccountName = "kube-proxy"
// KubeProxyClusterRoleBindingName sets the name for the kube-proxy CluterRoleBinding
KubeProxyClusterRoleBindingName = "kubeam:node-proxier"
// KubeProxyConfigMapRoleName sets the name of ClusterRole for ConfigMap
KubeProxyConfigMapRoleName = "kube-proxy"
) )
// EnsureProxyAddon creates the kube-proxy addons // EnsureProxyAddon creates the kube-proxy addons
@ -157,7 +163,7 @@ func createKubeProxyAddon(cfg *kubeadmapi.ClusterConfiguration, client clientset
func createClusterRoleBindings(client clientset.Interface) error { func createClusterRoleBindings(client clientset.Interface) error {
if err := apiclient.CreateOrUpdateClusterRoleBinding(client, &rbac.ClusterRoleBinding{ if err := apiclient.CreateOrUpdateClusterRoleBinding(client, &rbac.ClusterRoleBinding{
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Name: "kubeadm:node-proxier", Name: KubeProxyClusterRoleBindingName,
}, },
RoleRef: rbac.RoleRef{ RoleRef: rbac.RoleRef{
APIGroup: rbac.GroupName, APIGroup: rbac.GroupName,
@ -178,7 +184,7 @@ func createClusterRoleBindings(client clientset.Interface) error {
// Create a role for granting read only access to the kube-proxy component config ConfigMap // Create a role for granting read only access to the kube-proxy component config ConfigMap
if err := apiclient.CreateOrUpdateRole(client, &rbac.Role{ if err := apiclient.CreateOrUpdateRole(client, &rbac.Role{
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Name: constants.KubeProxyConfigMap, Name: KubeProxyConfigMapRoleName,
Namespace: metav1.NamespaceSystem, Namespace: metav1.NamespaceSystem,
}, },
Rules: []rbac.PolicyRule{ Rules: []rbac.PolicyRule{
@ -196,13 +202,13 @@ func createClusterRoleBindings(client clientset.Interface) error {
// Bind the role to bootstrap tokens for allowing fetchConfiguration during join // Bind the role to bootstrap tokens for allowing fetchConfiguration during join
return apiclient.CreateOrUpdateRoleBinding(client, &rbac.RoleBinding{ return apiclient.CreateOrUpdateRoleBinding(client, &rbac.RoleBinding{
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Name: constants.KubeProxyConfigMap, Name: KubeProxyConfigMapRoleName,
Namespace: metav1.NamespaceSystem, Namespace: metav1.NamespaceSystem,
}, },
RoleRef: rbac.RoleRef{ RoleRef: rbac.RoleRef{
APIGroup: rbac.GroupName, APIGroup: rbac.GroupName,
Kind: "Role", Kind: "Role",
Name: constants.KubeProxyConfigMap, Name: KubeProxyConfigMapRoleName,
}, },
Subjects: []rbac.Subject{ Subjects: []rbac.Subject{
{ {

4
cmd/kubeadm/app/phases/bootstraptoken/node/tlsbootstrap.go
View File

@ -125,7 +125,7 @@ func AutoApproveNodeBootstrapTokens(client clientset.Interface) error {
}, },
Subjects: []rbac.Subject{ Subjects: []rbac.Subject{
{ {
Kind: "Group", Kind: rbac.GroupKind,
Name: constants.NodeBootstrapTokenAuthGroup, Name: constants.NodeBootstrapTokenAuthGroup,
}, },
}, },
@ -147,7 +147,7 @@ func AutoApproveNodeCertificateRotation(client clientset.Interface) error {
}, },
Subjects: []rbac.Subject{ Subjects: []rbac.Subject{
{ {
Kind: "Group", Kind: rbac.GroupKind,
Name: constants.NodesGroup, Name: constants.NodesGroup,
}, },
}, },