github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-29 06:27:05 +00:00
Code Issues Projects Releases Wiki Activity

kubeadm: use current-context when validating kubelet kubeconfig

Browse Source 
During initialization `kubeadm init` creates kubelet.conf with
specified name and during finalize phase validates that
this kubeconfig is not corrupted by checking for presence of specific
authinfo

However:
* kubelet doesn't require a specific name for this context
* in external CA mode this kubeconfig can be created outside of
  `kubeadm init`

This change updates kubeadm finalize stage to avoid overly strict
context check.
This commit is contained in:
Vadim Rutkovsky 2024-02-07 14:08:20 +01:00
parent 052bce26f4
commit fc610f0941
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
cmd/kubeadm/app/cmd/phases/init/kubeletfinalize.go
View File

@ -114,7 +114,17 @@ func runKubeletFinalizeCertRotation(c workflow.RunData) error {
}
// Perform basic validation. The errors here can only happen if the kubelet.conf was corrupted.
userName := fmt.Sprintf("%s%s", kubeadmconstants.NodesUserPrefix, cfg.NodeRegistration.Name)
if len(kubeconfig.CurrentContext) == 0 {
return errors.Errorf("the file %q does not have current context set", kubeconfigPath)
}
currentContext, ok := kubeconfig.Contexts[kubeconfig.CurrentContext]
if !ok {
return errors.Errorf("the file %q is not a valid kubeconfig: %q set as current-context, but not found in context list", kubeconfigPath, kubeconfig.CurrentContext)
}
userName := currentContext.AuthInfo
if len(userName) == 0 {
return errors.Errorf("the file %q is not a valid kubeconfig: empty username for current context", kubeconfigPath)
}
info, ok := kubeconfig.AuthInfos[userName]
if !ok {
return errors.Errorf("the file %q does not contain authentication for user %q", kubeconfigPath, cfg.NodeRegistration.Name)