github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-23 03:41:45 +00:00
Code Issues Projects Releases Wiki Activity

Add a defer to kubelet boostrap token deletion

Browse Source
This commit is contained in:
mattmelgard 2019-07-31 12:27:06 -06:00
parent c91761da0d
commit f03bbe1b6d
1 changed files with 4 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
cmd/kubeadm/app/cmd/phases/join/kubelet.go
View File

@ -93,13 +93,16 @@ func getKubeletStartJoinData(c workflow.RunData) (*kubeadmapi.JoinConfiguration,
// runKubeletStartJoinPhase executes the kubelet TLS bootstrap process.
// This process is executed by the kubelet and completes with the node joining the cluster
// with a dedicates set of credentials as required by the node authorizer
func runKubeletStartJoinPhase(c workflow.RunData) error {
func runKubeletStartJoinPhase(c workflow.RunData) (returnErr error) {
cfg, initCfg, tlsBootstrapCfg, err := getKubeletStartJoinData(c)
if err != nil {
return err
}
bootstrapKubeConfigFile := kubeadmconstants.GetBootstrapKubeletKubeConfigPath()
// Deletes the bootstrapKubeConfigFile, so the credential used for TLS bootstrap is removed from disk
defer os.Remove(bootstrapKubeConfigFile)
// Write the bootstrap kubelet config file or the TLS-Bootstrapped kubelet config file down to disk
klog.V(1).Infof("[kubelet-start] writing bootstrap kubelet config file at %s", bootstrapKubeConfigFile)
if err := kubeconfigutil.WriteToDisk(bootstrapKubeConfigFile, tlsBootstrapCfg); err != nil {
@ -167,11 +170,6 @@ func runKubeletStartJoinPhase(c workflow.RunData) error {
return errors.Wrap(err, "error uploading crisocket")
}
// Deletes the bootstrapKubeConfigFile, so the credential used for TLS bootstrap are removed from disk
if err := os.Remove(bootstrapKubeConfigFile); err != nil {
return errors.Wrapf(err, "error deleting %s", bootstrapKubeConfigFile)
}
return nil
}