github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
40a60cd42e
kubernetes/cmd/kubeadm/app
History
Kubernetes Submit Queue 2bcd3d1a01 Merge pull request #46879 from luxas/kubeadm_enable_node_authorizer 
Automatic merge from submit-queue

kubeadm: Enable the Node Authorizer/Admission plugin in v1.7

**What this PR does / why we need it**:

This is similar to https://github.com/kubernetes/kubernetes/pull/46796, but for kubeadm.
Basically it was a part of https://github.com/kubernetes/kubernetes/pull/46796, but there were some other upgradability and compability concerns for kubeadm I took care of while working today.

Example:

```console
$ kubeadm init --kubernetes-version v1.7.0-beta.0
[kubeadm] WARNING: kubeadm is in beta, please do not use it for production clusters.
[init] Using Kubernetes version: v1.7.0-beta.0
[init] Using Authorization mode: [RBAC Node]
...
$ sudo kubectl --kubeconfig=/etc/kubernetes/kubelet.conf get secret foo
Error from server (Forbidden): User "system:node:thegopher" cannot get secrets in the namespace "default".: "no path found to object" (get secrets foo)

$ echo '{"apiVersion":"v1","kind":"Node","metadata":{"name":"foo"}}' | sudo kubectl create -f - --kubeconfig=/etc/kubernetes/kubelet.conf
Error from server (Forbidden): error when creating "STDIN": nodes "foo" is forbidden: node thegopher cannot modify node foo
```

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #

**Special notes for your reviewer**:

Depends on https://github.com/kubernetes/kubernetes/pull/46864 (uses that PR as a base, will rebase once it's merged)

Please only review the second commit. Will also fix tests in a minute.

**Release note**:

```release-note
kubeadm: Enable the Node Authorizer/Admission plugin in v1.7 
```
@mikedanese @liggitt @pipejakob @roberthbailey @jbeda @timothysc
2017-06-08 05:26:58 -07:00
..
apis/kubeadm move labels to components which own the APIs 2017-05-31 10:32:06 -04:00
cmd Merge pull request #46879 from luxas/kubeadm_enable_node_authorizer 2017-06-08 05:26:58 -07:00
constants kubeadm: Enable the Node Authorizer in v1.7 and fix some small bugs related to the enablement 2017-06-07 21:07:49 +03:00
discovery autogenerated 2017-04-14 10:40:57 -07:00
images Release 3.0.17 etcd image 2017-02-27 16:23:44 +01:00
master kubeadm: Enable the Node Authorizer in v1.7 and fix some small bugs related to the enablement 2017-06-07 21:07:49 +03:00
node autogenerated 2017-04-14 10:40:57 -07:00
phases Merge pull request #46879 from luxas/kubeadm_enable_node_authorizer 2017-06-08 05:26:58 -07:00
preflight 1. Fix create volume of CertificatesDir. 2017-06-01 09:17:10 +08:00
util kubeadm: add api validation exit code 2017-04-18 11:41:53 -07:00
BUILD autogenerated 2017-04-14 10:40:57 -07:00
kubeadm.go Refactor the whole binary, a lot of changes in one commit I know, but I just hacked on this and modified everything I thought was messy or could be done better. 2016-12-09 12:48:12 +02:00