mirror of https://github.com/kubernetes/kops.git
Fix the issue described in #5412 where the authenticator is no longer able to read the K8s CAs.
This commit is contained in:
Rodrigo Menezes
parent
617ce047e6
commit
b296e6fcbf
|
|
@ -211,6 +211,15 @@ func (b *KubeAPIServerBuilder) writeAuthenticationConfig(c *fi.ModelBuilderConte
|
|||
})
|
||||
}
|
||||
|
||||
{
|
||||
c.AddTask(&nodetasks.UserTask{
|
||||
Name: "aws-iam-authenticator",
|
||||
UID: 10000,
|
||||
Shell: "/sbin/nologin",
|
||||
Home: "/srv/kubernetes/aws-iam-authenticator",
|
||||
})
|
||||
}
|
||||
|
||||
{
|
||||
certificate, err := b.NodeupModelContext.KeyStore.FindCert(id)
|
||||
if err != nil {
|
||||
|
|
@ -230,6 +239,8 @@ func (b *KubeAPIServerBuilder) writeAuthenticationConfig(c *fi.ModelBuilderConte
|
|||
Contents: fi.NewBytesResource(certificateData),
|
||||
Type: nodetasks.FileType_File,
|
||||
Mode: fi.String("600"),
|
||||
Owner: fi.String("aws-iam-authenticator"),
|
||||
Group: fi.String("aws-iam-authenticator"),
|
||||
})
|
||||
}
|
||||
|
||||
|
|
@ -252,6 +263,8 @@ func (b *KubeAPIServerBuilder) writeAuthenticationConfig(c *fi.ModelBuilderConte
|
|||
Contents: fi.NewBytesResource(keyData),
|
||||
Type: nodetasks.FileType_File,
|
||||
Mode: fi.String("600"),
|
||||
Owner: fi.String("aws-iam-authenticator"),
|
||||
Group: fi.String("aws-iam-authenticator"),
|
||||
})
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -19,6 +19,7 @@ package nodetasks
|
|||
import (
|
||||
"fmt"
|
||||
"os/exec"
|
||||
"strconv"
|
||||
"strings"
|
||||
|
||||
"github.com/golang/glog"
|
||||
|
|
@ -32,6 +33,7 @@ import (
|
|||
type UserTask struct {
|
||||
Name string
|
||||
|
||||
UID int `json:"uid"`
|
||||
Shell string `json:"shell"`
|
||||
Home string `json:"home"`
|
||||
}
|
||||
|
|
@ -74,6 +76,7 @@ func (e *UserTask) Find(c *fi.Context) (*UserTask, error) {
|
|||
|
||||
actual := &UserTask{
|
||||
Name: e.Name,
|
||||
UID: info.Uid,
|
||||
Shell: info.Shell,
|
||||
Home: info.Home,
|
||||
}
|
||||
|
|
@ -91,6 +94,9 @@ func (_ *UserTask) CheckChanges(a, e, changes *UserTask) error {
|
|||
|
||||
func buildUseraddArgs(e *UserTask) []string {
|
||||
var args []string
|
||||
if e.UID != 0 {
|
||||
args = append(args, "-u", strconv.Itoa(e.UID))
|
||||
}
|
||||
if e.Shell != "" {
|
||||
args = append(args, "-s", e.Shell)
|
||||
}
|
||||
|
|
@ -114,6 +120,9 @@ func (_ *UserTask) RenderLocal(t *local.LocalTarget, a, e, changes *UserTask) er
|
|||
} else {
|
||||
var args []string
|
||||
|
||||
if changes.UID != 0 {
|
||||
args = append(args, "-u", strconv.Itoa(e.UID))
|
||||
}
|
||||
if changes.Shell != "" {
|
||||
args = append(args, "-s", e.Shell)
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue