From c5c9429d0eeb3b958d0204d04d791205b831e47c Mon Sep 17 00:00:00 2001
From: calvin <wen.chen@daocloud.io>
Date: Tue, 9 Nov 2021 10:30:01 +0800
Subject: [PATCH] fix some kubeadm init phase constants

---
 cmd/kubeadm/app/phases/addons/proxy/proxy.go       | 14 ++++++++++----
 .../app/phases/bootstraptoken/node/tlsbootstrap.go |  4 ++--
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/cmd/kubeadm/app/phases/addons/proxy/proxy.go b/cmd/kubeadm/app/phases/addons/proxy/proxy.go
index af213cd3345..ba6d932016c 100644
--- a/cmd/kubeadm/app/phases/addons/proxy/proxy.go
+++ b/cmd/kubeadm/app/phases/addons/proxy/proxy.go
@@ -45,6 +45,12 @@ const (
 
 	// KubeProxyServiceAccountName describes the name of the ServiceAccount for the kube-proxy addon
 	KubeProxyServiceAccountName = "kube-proxy"
+
+	// KubeProxyClusterRoleBindingName sets the name for the kube-proxy CluterRoleBinding
+	KubeProxyClusterRoleBindingName = "kubeam:node-proxier"
+
+	// KubeProxyConfigMapRoleName sets the name of ClusterRole for ConfigMap
+	KubeProxyConfigMapRoleName = "kube-proxy"
 )
 
 // EnsureProxyAddon creates the kube-proxy addons
@@ -157,7 +163,7 @@ func createKubeProxyAddon(cfg *kubeadmapi.ClusterConfiguration, client clientset
 func createClusterRoleBindings(client clientset.Interface) error {
 	if err := apiclient.CreateOrUpdateClusterRoleBinding(client, &rbac.ClusterRoleBinding{
 		ObjectMeta: metav1.ObjectMeta{
-			Name: "kubeadm:node-proxier",
+			Name: KubeProxyClusterRoleBindingName,
 		},
 		RoleRef: rbac.RoleRef{
 			APIGroup: rbac.GroupName,
@@ -178,7 +184,7 @@ func createClusterRoleBindings(client clientset.Interface) error {
 	// Create a role for granting read only access to the kube-proxy component config ConfigMap
 	if err := apiclient.CreateOrUpdateRole(client, &rbac.Role{
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      constants.KubeProxyConfigMap,
+			Name:      KubeProxyConfigMapRoleName,
 			Namespace: metav1.NamespaceSystem,
 		},
 		Rules: []rbac.PolicyRule{
@@ -196,13 +202,13 @@ func createClusterRoleBindings(client clientset.Interface) error {
 	// Bind the role to bootstrap tokens for allowing fetchConfiguration during join
 	return apiclient.CreateOrUpdateRoleBinding(client, &rbac.RoleBinding{
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      constants.KubeProxyConfigMap,
+			Name:      KubeProxyConfigMapRoleName,
 			Namespace: metav1.NamespaceSystem,
 		},
 		RoleRef: rbac.RoleRef{
 			APIGroup: rbac.GroupName,
 			Kind:     "Role",
-			Name:     constants.KubeProxyConfigMap,
+			Name:     KubeProxyConfigMapRoleName,
 		},
 		Subjects: []rbac.Subject{
 			{
diff --git a/cmd/kubeadm/app/phases/bootstraptoken/node/tlsbootstrap.go b/cmd/kubeadm/app/phases/bootstraptoken/node/tlsbootstrap.go
index 1c48f638bca..e2a38e6e44b 100644
--- a/cmd/kubeadm/app/phases/bootstraptoken/node/tlsbootstrap.go
+++ b/cmd/kubeadm/app/phases/bootstraptoken/node/tlsbootstrap.go
@@ -125,7 +125,7 @@ func AutoApproveNodeBootstrapTokens(client clientset.Interface) error {
 		},
 		Subjects: []rbac.Subject{
 			{
-				Kind: "Group",
+				Kind: rbac.GroupKind,
 				Name: constants.NodeBootstrapTokenAuthGroup,
 			},
 		},
@@ -147,7 +147,7 @@ func AutoApproveNodeCertificateRotation(client clientset.Interface) error {
 		},
 		Subjects: []rbac.Subject{
 			{
-				Kind: "Group",
+				Kind: rbac.GroupKind,
 				Name: constants.NodesGroup,
 			},
 		},