From 2085f77e27ba7ab626db2cd0ba5fbc34c4d36bc7 Mon Sep 17 00:00:00 2001 From: Jordan Liggitt Date: Thu, 2 Feb 2017 13:04:10 -0500 Subject: [PATCH] Remove 'get node' call during bootstrapping --- cmd/kubeadm/app/node/BUILD | 2 -- cmd/kubeadm/app/node/bootstrap.go | 15 --------------- cmd/kubeadm/app/node/csr.go | 5 ----- .../authorizer/rbac/bootstrappolicy/policy.go | 2 -- .../bootstrappolicy/testdata/cluster-roles.yaml | 6 ------ 5 files changed, 30 deletions(-) diff --git a/cmd/kubeadm/app/node/BUILD b/cmd/kubeadm/app/node/BUILD index fd4790896de..5bb16a3871a 100644 --- a/cmd/kubeadm/app/node/BUILD +++ b/cmd/kubeadm/app/node/BUILD @@ -24,8 +24,6 @@ go_library( "//pkg/client/clientset_generated/clientset:go_default_library", "//pkg/kubelet/util/csr:go_default_library", "//vendor:github.com/square/go-jose", - "//vendor:k8s.io/apimachinery/pkg/api/errors", - "//vendor:k8s.io/apimachinery/pkg/apis/meta/v1", "//vendor:k8s.io/apimachinery/pkg/types", "//vendor:k8s.io/apimachinery/pkg/util/wait", "//vendor:k8s.io/client-go/tools/clientcmd", diff --git a/cmd/kubeadm/app/node/bootstrap.go b/cmd/kubeadm/app/node/bootstrap.go index 94a315b3687..1e085615077 100644 --- a/cmd/kubeadm/app/node/bootstrap.go +++ b/cmd/kubeadm/app/node/bootstrap.go @@ -22,8 +22,6 @@ import ( "sync" "time" - apierrs "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/wait" "k8s.io/client-go/tools/clientcmd" @@ -124,19 +122,6 @@ func createClients(caCert []byte, endpoint, token string, nodeName types.NodeNam return ac, nil } -// checkForNodeNameDuplicates checks whether there are other nodes in the cluster with identical node names. -func checkForNodeNameDuplicates(clientSet *clientset.Clientset) error { - hostName, err := os.Hostname() - if err != nil { - return fmt.Errorf("Failed to get node hostname [%v]", err) - } - _, err = clientSet.Nodes().Get(hostName, metav1.GetOptions{}) - if err != nil && !apierrs.IsNotFound(err) { - return err - } - return nil -} - // checks the connection requirements for a specific API endpoint func checkAPIEndpoint(clientSet *clientset.Clientset, endpoint string) error { // check general connectivity diff --git a/cmd/kubeadm/app/node/csr.go b/cmd/kubeadm/app/node/csr.go index 8771c31e8d9..a8f69246a6b 100644 --- a/cmd/kubeadm/app/node/csr.go +++ b/cmd/kubeadm/app/node/csr.go @@ -51,11 +51,6 @@ func PerformTLSBootstrap(cfg *clientcmdapi.Config) error { return fmt.Errorf("failed to generate private key [%v]", err) } - // Make sure there are no other nodes in the cluster with identical node name. - if err := checkForNodeNameDuplicates(c); err != nil { - return err - } - cert, err := csr.RequestNodeCertificate(c.Certificates().CertificateSigningRequests(), key, name) if err != nil { return fmt.Errorf("failed to request signed certificate from the API server [%v]", err) diff --git a/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go b/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go index 5c726d1121b..d7da6660af6 100644 --- a/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go +++ b/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go @@ -244,8 +244,6 @@ func ClusterRoles() []rbac.ClusterRole { // a role to use for bootstrapping a node's client certificates ObjectMeta: metav1.ObjectMeta{Name: "system:node-bootstrapper"}, Rules: []rbac.PolicyRule{ - // used to check if the node already exists - rbac.NewRule("get").Groups(legacyGroup).Resources("nodes").RuleOrDie(), // used to create a certificatesigningrequest for a node-specific client certificate, and watch for it to be signed rbac.NewRule("create", "get", "list", "watch").Groups(certificatesGroup).Resources("certificatesigningrequests").RuleOrDie(), }, diff --git a/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml b/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml index 780680dbc50..00f6102b081 100644 --- a/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml +++ b/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml @@ -577,12 +577,6 @@ items: kubernetes.io/bootstrapping: rbac-defaults name: system:node-bootstrapper rules: - - apiGroups: - - "" - resources: - - nodes - verbs: - - get - apiGroups: - certificates.k8s.io resources: