From 97dc2beb71fe40a7b68e04dcfb9188e14d2f0c2f Mon Sep 17 00:00:00 2001
From: Rohith <gambol99@gmail.com>
Date: Mon, 1 Oct 2018 10:04:47 +0100
Subject: [PATCH] Node Authorizer Client Fix

- fixing up the client for reboots ... somewhat of a oversight on my part :-)
- added the reason to the node denial message
---
 node-authorizer/cmd/node-authorizer/client.go   | 2 +-
 node-authorizer/pkg/client/client.go            | 8 ++++++++
 node-authorizer/pkg/server/admission.go         | 3 ++-
 pkg/model/components/node-authorizer/options.go | 2 +-
 upup/pkg/fi/cloudup/bootstrapchannelbuilder.go  | 2 +-
 5 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/node-authorizer/cmd/node-authorizer/client.go b/node-authorizer/cmd/node-authorizer/client.go
index 6c866f9156..dd321fd3a1 100644
--- a/node-authorizer/cmd/node-authorizer/client.go
+++ b/node-authorizer/cmd/node-authorizer/client.go
@@ -51,7 +51,7 @@ func addClientCommand() cli.Command {
 				Name:   "kubeconfig",
 				Usage:  "location to write bootstrap token config `PATH`",
 				EnvVar: "KUBECONFIG_BOOTSTRAP",
-				Value:  "/var/run/kubelet/kubelet-bootstrap.yml",
+				Value:  "/var/lib/kubelet/bootstrap-kubeconfig",
 			},
 			cli.StringFlag{
 				Name:   "tls-client-ca",
diff --git a/node-authorizer/pkg/client/client.go b/node-authorizer/pkg/client/client.go
index f58b328321..34563ee629 100644
--- a/node-authorizer/pkg/client/client.go
+++ b/node-authorizer/pkg/client/client.go
@@ -43,6 +43,14 @@ func New(config *Config) error {
 		zap.String("kubeconfig", config.KubeConfigPath),
 		zap.String("registration-url", config.NodeURL))
 
+	// @step: if we have a kubecfg already we can skip it
+	if utils.FileExists(config.KubeConfigPath) {
+		utils.Logger.Info("skipping the client authorization as kubecfg found",
+			zap.String("kubecfg", config.KubeConfigPath))
+
+		return nil
+	}
+
 	// @step: create the verifier
 	verifier, err := newNodeVerifier(config.Authorizer)
 	if err != nil {
diff --git a/node-authorizer/pkg/server/admission.go b/node-authorizer/pkg/server/admission.go
index c32751769d..277d730819 100644
--- a/node-authorizer/pkg/server/admission.go
+++ b/node-authorizer/pkg/server/admission.go
@@ -80,7 +80,8 @@ func (n *NodeAuthorizer) authorizeNodeRequest(ctx context.Context, request *Node
 	if !request.IsAllowed() {
 		utils.Logger.Error("the node has been denied authorization",
 			zap.String("client", request.Spec.RemoteAddr),
-			zap.String("node", request.Spec.NodeName))
+			zap.String("node", request.Spec.NodeName),
+			zap.String("reason", request.Status.Reason))
 
 		nodeAuthorizationMetric.WithLabelValues("denied").Inc()
 
diff --git a/pkg/model/components/node-authorizer/options.go b/pkg/model/components/node-authorizer/options.go
index 34fcd7ba2c..54c6237649 100644
--- a/pkg/model/components/node-authorizer/options.go
+++ b/pkg/model/components/node-authorizer/options.go
@@ -100,5 +100,5 @@ func GetNodeAuthorizerImage() string {
 		return v
 	}
 
-	return "quay.io/gambol99/node-authorizer:v0.0.2@sha256:78c20c69187d3098e196e2b645d0571aeef377adc5cbd89684023ec668306268"
+	return "quay.io/gambol99/node-authorizer:v0.0.3@sha256:bc581658115e71d7a08bd5ca216368432d5b8d501ef70924ebd30627773bc134"
 }
diff --git a/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go b/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go
index 34430f27b4..7b319fb930 100644
--- a/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go
+++ b/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go
@@ -150,7 +150,7 @@ func (b *BootstrapChannelBuilder) buildManifest() (*channelsapi.Addons, map[stri
 	if b.cluster.Spec.NodeAuthorization != nil {
 		{
 			key := "node-authorizer.addons.k8s.io"
-			version := "v0.0.2"
+			version := "v0.0.3"
 
 			{
 				location := key + "/k8s-1.10.yaml"