Remove MinimumCSRAutoApprovalClusterRolesVersion in 1.9 cycle.
This commit is contained in:
xiangpengzhao
parent
7f9f847ce9
commit
df81ecf396
@ -201,10 +201,6 @@ var (
|
|||||||
// MinimumControlPlaneVersion specifies the minimum control plane version kubeadm can deploy
|
// MinimumControlPlaneVersion specifies the minimum control plane version kubeadm can deploy
|
||||||
MinimumControlPlaneVersion = version.MustParseSemantic("v1.8.0")
|
MinimumControlPlaneVersion = version.MustParseSemantic("v1.8.0")
|
||||||
|
|
||||||
// MinimumCSRAutoApprovalClusterRolesVersion defines whether kubeadm can rely on the built-in CSR approval ClusterRole or not (note, the binding is always created by kubeadm!)
|
|
||||||
// TODO: Remove this when the v1.9 cycle starts and we bump the minimum supported version to v1.8.0
|
|
||||||
MinimumCSRAutoApprovalClusterRolesVersion = version.MustParseSemantic("v1.8.0-alpha.3")
|
|
||||||
|
|
||||||
// MinimumKubeletVersion specifies the minimum version of kubelet which kubeadm supports
|
// MinimumKubeletVersion specifies the minimum version of kubelet which kubeadm supports
|
||||||
MinimumKubeletVersion = version.MustParseSemantic("v1.8.0")
|
MinimumKubeletVersion = version.MustParseSemantic("v1.8.0")
|
||||||
)
|
)
|
||||||
|
|||||||
@ -95,27 +95,22 @@ func AutoApproveNodeBootstrapTokens(client clientset.Interface, k8sVersion *vers
|
|||||||
|
|
||||||
// AutoApproveNodeCertificateRotation creates RBAC rules in a way that makes Node certificate rotation CSR auto-approved by the csrapprover controller
|
// AutoApproveNodeCertificateRotation creates RBAC rules in a way that makes Node certificate rotation CSR auto-approved by the csrapprover controller
|
||||||
func AutoApproveNodeCertificateRotation(client clientset.Interface, k8sVersion *version.Version) error {
|
func AutoApproveNodeCertificateRotation(client clientset.Interface, k8sVersion *version.Version) error {
|
||||||
|
fmt.Println("[bootstraptoken] Configured RBAC rules to allow certificate rotation for all node client certificates in the cluster")
|
||||||
|
|
||||||
// Create autorotation cluster role binding only if we deploying or upgrading to version that supports it.
|
return apiclient.CreateOrUpdateClusterRoleBinding(client, &rbac.ClusterRoleBinding{
|
||||||
if k8sVersion.AtLeast(constants.MinimumCSRAutoApprovalClusterRolesVersion) {
|
ObjectMeta: metav1.ObjectMeta{
|
||||||
fmt.Println("[bootstraptoken] Configured RBAC rules to allow certificate rotation for all node client certificates in the cluster")
|
Name: NodeAutoApproveCertificateRotationClusterRoleBinding,
|
||||||
|
},
|
||||||
return apiclient.CreateOrUpdateClusterRoleBinding(client, &rbac.ClusterRoleBinding{
|
RoleRef: rbac.RoleRef{
|
||||||
ObjectMeta: metav1.ObjectMeta{
|
APIGroup: rbac.GroupName,
|
||||||
Name: NodeAutoApproveCertificateRotationClusterRoleBinding,
|
Kind: "ClusterRole",
|
||||||
|
Name: NodeSelfCSRAutoApprovalClusterRoleName,
|
||||||
|
},
|
||||||
|
Subjects: []rbac.Subject{
|
||||||
|
{
|
||||||
|
Kind: "Group",
|
||||||
|
Name: constants.NodesGroup,
|
||||||
},
|
},
|
||||||
RoleRef: rbac.RoleRef{
|
},
|
||||||
APIGroup: rbac.GroupName,
|
})
|
||||||
Kind: "ClusterRole",
|
|
||||||
Name: NodeSelfCSRAutoApprovalClusterRoleName,
|
|
||||||
},
|
|
||||||
Subjects: []rbac.Subject{
|
|
||||||
{
|
|
||||||
Kind: "Group",
|
|
||||||
Name: constants.NodesGroup,
|
|
||||||
},
|
|
||||||
},
|
|
||||||
})
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user