kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use fixed UID for etcd user and restrict to legacy provider

This commit is contained in:
John Gardiner Myers 2020-07-15 23:48:19 -07:00
parent 45d2359025
commit ef1765b734
2 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
nodeup/pkg/model/etcd.go
View File

@ -18,6 +18,7 @@ package model
import (
"k8s.io/kops/nodeup/pkg/distros"
"k8s.io/kops/pkg/wellknownusers"
"k8s.io/kops/upup/pkg/fi"
"k8s.io/kops/upup/pkg/fi/nodeup/nodetasks"
@ -33,7 +34,7 @@ var _ fi.ModelBuilder = &EtcdBuilder{}
// Build is responsible for creating the etcd user
func (b *EtcdBuilder) Build(c *fi.ModelBuilderContext) error {
if !b.IsMaster {
if !b.IsMaster || b.UseEtcdManager() {
return nil
}
@ -50,8 +51,8 @@ func (b *EtcdBuilder) Build(c *fi.ModelBuilderContext) error {
// TODO: Do we actually use the user anywhere?
c.AddTask(&nodetasks.UserTask{
// TODO: Should we set a consistent UID in case we remount?
Name: "user",
UID: wellknownusers.LegacyEtcd,
Shell: "/sbin/nologin",
Home: "/var/etcd",
})

3
pkg/wellknownusers/wellknownusers.go
View File

@ -24,6 +24,9 @@ const (
// Used by e.g. dns-controller, kops-controller
Generic = 10001
// LegacyEtcd is the user id for the etcd user under the legacy provider
LegacyEtcd = 10002
// AWSAuthenticator is the user-id for the aws-iam-authenticator (built externally)
AWSAuthenticator = 10000