mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-08-29 13:24:42 +00:00
Merge pull request #59730 from hyperbolic2346/mwilson/auth-token-node-name
Automatic merge from submit-queue (batch tested with PRs 59767, 56454, 59237, 59730, 55479). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Requesting new credentials when node names change **What this PR does / why we need it**: Updating kubernetes-worker charm to request a new token when the node name changes due to a cloud provider change to kubelet-extra-args **Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*: Fixes # https://github.com/juju-solutions/bundle-canonical-kubernetes/issues/491 **Special notes for your reviewer**: **Release note**: ```release-note Updated kubernetes-worker to request new security tokens when the aws cloud provider changes the registered node name. ```
This commit is contained in:
Kubernetes Submit Queue
GitHub
commit
f0acb4f386
@ -927,6 +927,15 @@ def notify_master_gpu_not_enabled(kube_control):
|
|||||||
kube_control.set_gpu(False)
|
kube_control.set_gpu(False)
|
||||||
|
|
||||||
|
|
||||||
|
@when('kube-control.connected')
|
||||||
|
@when('config.changed.kubelet-extra-args')
|
||||||
|
def maybe_request_new_credentials(kube_control):
|
||||||
|
kubelet_extra_args = parse_extra_args('kubelet-extra-args')
|
||||||
|
cloud_provider = kubelet_extra_args.get('cloud-provider', '')
|
||||||
|
if data_changed('cloud_provider', cloud_provider):
|
||||||
|
request_kubelet_and_proxy_credentials(kube_control)
|
||||||
|
|
||||||
|
|
||||||
@when('kube-control.connected')
|
@when('kube-control.connected')
|
||||||
def request_kubelet_and_proxy_credentials(kube_control):
|
def request_kubelet_and_proxy_credentials(kube_control):
|
||||||
""" Request kubelet node authorization with a well formed kubelet user.
|
""" Request kubelet node authorization with a well formed kubelet user.
|
||||||
@ -935,14 +944,14 @@ def request_kubelet_and_proxy_credentials(kube_control):
|
|||||||
# The kube-cotrol interface is created to support RBAC.
|
# The kube-cotrol interface is created to support RBAC.
|
||||||
# At this point we might as well do the right thing and return the hostname
|
# At this point we might as well do the right thing and return the hostname
|
||||||
# even if it will only be used when we enable RBAC
|
# even if it will only be used when we enable RBAC
|
||||||
nodeuser = 'system:node:{}'.format(gethostname().lower())
|
nodeuser = 'system:node:{}'.format(get_node_name().lower())
|
||||||
kube_control.set_auth_request(nodeuser)
|
kube_control.set_auth_request(nodeuser)
|
||||||
|
|
||||||
|
|
||||||
@when('kube-control.connected')
|
@when('kube-control.connected')
|
||||||
def catch_change_in_creds(kube_control):
|
def catch_change_in_creds(kube_control):
|
||||||
"""Request a service restart in case credential updates were detected."""
|
"""Request a service restart in case credential updates were detected."""
|
||||||
nodeuser = 'system:node:{}'.format(gethostname().lower())
|
nodeuser = 'system:node:{}'.format(get_node_name().lower())
|
||||||
creds = kube_control.get_auth_credentials(nodeuser)
|
creds = kube_control.get_auth_credentials(nodeuser)
|
||||||
if creds \
|
if creds \
|
||||||
and data_changed('kube-control.creds', creds) \
|
and data_changed('kube-control.creds', creds) \
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user