Node Authorizer Client Fix

- fixing up the client for reboots ... somewhat of a oversight on my part :-) - added the reason to the node denial message
2018-10-01 10:04:47 +01:00 · 2018-10-01 10:04:47 +01:00 · 97dc2beb71
parent 0959412fa4
commit 97dc2beb71
5 changed files with 13 additions and 4 deletions
--- a/node-authorizer/cmd/node-authorizer/client.go
+++ b/node-authorizer/cmd/node-authorizer/client.go
@ -51,7 +51,7 @@ func addClientCommand() cli.Command {
 				Name:   "kubeconfig",
 				Usage:  "location to write bootstrap token config `PATH`",
 				EnvVar: "KUBECONFIG_BOOTSTRAP",
-				Value:  "/var/run/kubelet/kubelet-bootstrap.yml",
+				Value:  "/var/lib/kubelet/bootstrap-kubeconfig",
 			},
 			cli.StringFlag{
 				Name:   "tls-client-ca",
--- a/node-authorizer/pkg/client/client.go
+++ b/node-authorizer/pkg/client/client.go
@ -43,6 +43,14 @@ func New(config *Config) error {
 		zap.String("kubeconfig", config.KubeConfigPath),
 		zap.String("registration-url", config.NodeURL))

+	// @step: if we have a kubecfg already we can skip it
+	if utils.FileExists(config.KubeConfigPath) {
+		utils.Logger.Info("skipping the client authorization as kubecfg found",
+			zap.String("kubecfg", config.KubeConfigPath))
+
+		return nil
+	}
+
 	// @step: create the verifier
 	verifier, err := newNodeVerifier(config.Authorizer)
 	if err != nil {
--- a/node-authorizer/pkg/server/admission.go
+++ b/node-authorizer/pkg/server/admission.go
@ -80,7 +80,8 @@ func (n *NodeAuthorizer) authorizeNodeRequest(ctx context.Context, request *Node
 	if !request.IsAllowed() {
 		utils.Logger.Error("the node has been denied authorization",
 			zap.String("client", request.Spec.RemoteAddr),
-			zap.String("node", request.Spec.NodeName))
+			zap.String("node", request.Spec.NodeName),
+			zap.String("reason", request.Status.Reason))

 		nodeAuthorizationMetric.WithLabelValues("denied").Inc()

--- a/pkg/model/components/node-authorizer/options.go
+++ b/pkg/model/components/node-authorizer/options.go
@ -100,5 +100,5 @@ func GetNodeAuthorizerImage() string {
 		return v
 	}

-	return "quay.io/gambol99/node-authorizer:v0.0.2@sha256:78c20c69187d3098e196e2b645d0571aeef377adc5cbd89684023ec668306268"
+	return "quay.io/gambol99/node-authorizer:v0.0.3@sha256:bc581658115e71d7a08bd5ca216368432d5b8d501ef70924ebd30627773bc134"
 }
--- a/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go
+++ b/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go
@ -150,7 +150,7 @@ func (b *BootstrapChannelBuilder) buildManifest() (*channelsapi.Addons, map[stri
 	if b.cluster.Spec.NodeAuthorization != nil {
 		{
 			key := "node-authorizer.addons.k8s.io"
-			version := "v0.0.2"
+			version := "v0.0.3"

 			{
 				location := key + "/k8s-1.10.yaml"