From 664a98919b74cfe48957b3ae51691a0032a42af6 Mon Sep 17 00:00:00 2001 From: Derek Nola Date: Wed, 2 Jun 2021 14:50:11 -0700 Subject: [PATCH] Fix RBAC cloud-controller-manager name 3308 (#3388) * Changed cloud-controller-manager user name in ccm.yaml Signed-off-by: dereknola * Changed RBAC name in server.go Signed-off-by: dereknola * Changed "k3s" string prefix to version.Program to prevent static hardcoding Signed-off-by: dereknola * Changed user in ccm.yaml to k3s-cloud-controller-manager Signed-off-by: dereknola --- manifests/ccm.yaml | 8 ++++---- pkg/daemons/control/deps/deps.go | 2 +- pkg/daemons/control/server.go | 2 +- pkg/deploy/zz_generated_bindata.go | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/manifests/ccm.yaml b/manifests/ccm.yaml index b0e9049c29..ecf5682930 100644 --- a/manifests/ccm.yaml +++ b/manifests/ccm.yaml @@ -1,7 +1,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: cloud-controller-manager + name: k3s-cloud-controller-manager rules: - apiGroups: - coordination.k8s.io @@ -69,12 +69,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: cloud-controller-manager + name: k3s-cloud-controller-manager roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: cloud-controller-manager + name: k3s-cloud-controller-manager subjects: - kind: User - name: cloud-controller-manager + name: k3s-cloud-controller-manager namespace: kube-system diff --git a/pkg/daemons/control/deps/deps.go b/pkg/daemons/control/deps/deps.go index 2e7729d0e4..6220f76cc0 100644 --- a/pkg/daemons/control/deps/deps.go +++ b/pkg/daemons/control/deps/deps.go @@ -294,7 +294,7 @@ func genClientCerts(config *config.Control, runtime *config.ControlRuntime) erro return err } - certGen, err = factory("cloud-controller-manager", nil, runtime.ClientCloudControllerCert, runtime.ClientCloudControllerKey) + certGen, err = factory(version.Program+"-cloud-controller-manager", nil, runtime.ClientCloudControllerCert, runtime.ClientCloudControllerKey) if err != nil { return err } diff --git a/pkg/daemons/control/server.go b/pkg/daemons/control/server.go index 9a287b0750..57ea62b008 100644 --- a/pkg/daemons/control/server.go +++ b/pkg/daemons/control/server.go @@ -427,7 +427,7 @@ func checkForCloudControllerPrivileges(runtime *config.ControlRuntime) error { return err } crb := rbac.NewFactoryFromConfigOrDie(restConfig).Rbac().V1().ClusterRoleBinding() - _, err = crb.Get("cloud-controller-manager", metav1.GetOptions{}) + _, err = crb.Get(version.Program+"-cloud-controller-manager", metav1.GetOptions{}) if err != nil { return err } diff --git a/pkg/deploy/zz_generated_bindata.go b/pkg/deploy/zz_generated_bindata.go index 3973207bba..78c6c89ffb 100644 --- a/pkg/deploy/zz_generated_bindata.go +++ b/pkg/deploy/zz_generated_bindata.go @@ -90,7 +90,7 @@ func (fi bindataFileInfo) Sys() interface{} { return nil } -var _ccmYaml = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x9c\x93\x3f\x6f\xe3\x30\x0c\xc5\x77\x7d\x0a\x21\x4b\x80\x03\x9c\xe0\xb6\x83\xc7\xeb\xd0\x3d\x40\xbb\xd3\x12\x9b\xa8\x91\x45\x81\xa4\x1c\xb4\x9f\xbe\x70\x9c\x16\x81\xdd\xfc\x71\x36\xc2\x20\x7f\xef\xd1\xd4\x83\x1c\x5e\x91\x25\x50\xaa\x2d\x37\xe0\x56\x50\x74\x47\x1c\x3e\x41\x03\xa5\xd5\xfe\x9f\xac\x02\xad\xbb\xbf\x66\x1f\x92\xaf\xed\x53\x2c\xa2\xc8\x1b\x8a\x68\x5a\x54\xf0\xa0\x50\x1b\x6b\x13\xb4\x58\x5b\x17\xa9\xf8\xca\x51\x52\xa6\x18\x91\xab\x16\x12\x6c\x91\x0d\x97\x88\x52\x9b\xca\x42\x0e\xcf\x4c\x25\x4b\x3f\x54\x59\x47\xc4\x3e\xa4\x73\x2d\x63\x2d\xa3\x50\x61\x87\xa7\xa6\x88\x20\x28\xc6\xda\x0e\xb9\x39\x7d\xdb\xa2\x0e\x00\x46\x50\x3c\x96\x25\xfb\xbe\x9c\x68\x2c\x16\x53\x24\x76\x98\x74\x84\x3c\x43\x65\x50\xb7\x9b\x0d\x4d\xe4\xc7\x36\x97\x7f\x96\x33\x66\xd7\xa2\xa0\x65\x84\x18\xbc\xdc\x05\x11\xe4\x2e\xb8\xb1\x87\x18\x44\x7f\xdf\xaa\x2f\x0f\xb3\xf1\xe0\x1c\x95\x4b\x7f\xef\x2e\x50\xee\x1f\x9c\x28\x26\xed\x28\x96\xf6\xd2\x6d\x7f\x8c\x3f\x66\x17\x93\xcf\x14\xae\x9d\x79\x22\x74\x98\xdc\xbd\xaa\xcc\xe3\x09\xf9\x1f\x92\x0f\x69\x3b\x2b\x28\x14\x71\x83\x6f\x7d\xe7\xf7\x8a\x57\x54\x8d\xb5\xd3\x58\xde\xd4\x90\xd2\xbc\xa3\xd3\x63\x1e\x87\xf1\x17\x41\xbe\x3d\x37\x34\x48\x06\x87\xb5\xdd\x97\x06\x2b\xf9\x10\xc5\xd6\x7c\x05\x00\x00\xff\xff\xff\xea\xf1\x4c\x44\x04\x00\x00") +var _ccmYaml = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x9c\x93\xc1\xab\xdb\x30\x0c\xc6\xef\xfe\x2b\x4c\x2f\x85\x81\x5b\xc6\x2e\x23\xc7\xed\xb0\x7b\x61\xbb\x2b\xb6\xd6\x7a\x75\x2c\x23\xc9\x29\xdb\x5f\x3f\xd2\xf4\x3d\x4a\xf2\x5a\x92\xde\x44\x90\x7e\xdf\xa7\xc8\x1f\x94\xf8\x0b\x59\x22\xe5\xc6\x72\x0b\x7e\x07\x55\x4f\xc4\xf1\x1f\x68\xa4\xbc\x3b\x7f\x95\x5d\xa4\x7d\xff\xd9\x9c\x63\x0e\x8d\xfd\x9e\xaa\x28\xf2\x81\x12\x9a\x0e\x15\x02\x28\x34\xc6\xda\x0c\x1d\x36\xf6\xfc\x45\x9c\x4f\x54\x83\xf3\x94\x95\x29\x25\x64\xd7\x41\x86\x23\xb2\xe1\x9a\x50\x1a\xe3\x2c\x94\xf8\x83\xa9\x16\x19\x06\x9d\xf5\x44\x1c\x62\xbe\xd7\x33\xd6\x32\x0a\x55\xf6\x78\x6b\x4a\x08\x82\x62\xac\xed\x91\xdb\xdb\xb7\x23\xea\x08\x60\x04\xc5\x6b\x59\x4b\x18\xca\x99\xc6\x66\x33\x47\x62\x8f\x59\x27\xc8\x3b\x54\x01\xf5\xa7\xd5\xd0\x4c\x61\x6a\x73\xfb\x69\xbb\x62\x76\x2f\x0a\x5a\x27\x88\xd1\xcb\x22\x88\x20\xf7\xd1\x4f\x3d\xa4\x28\xfa\xf1\x56\x43\x79\x59\x8d\x07\xef\xa9\x3e\xfa\x7b\x8b\x40\x65\x78\x74\xa2\x98\xb5\xa7\x54\xbb\x47\xb7\x7d\x37\xfe\x9a\x5d\xcc\xa1\x50\x7c\x76\xe6\x99\xd0\x65\x76\x77\xe7\xcc\xeb\x29\xf9\x16\x73\x88\xf9\xb8\x3a\x2c\x94\xf0\x80\xbf\x87\xee\xb7\x35\x9f\x28\x1b\x6b\xe7\xf1\x5c\xa4\x23\xb5\xfd\x83\x5e\xaf\xb9\x1c\x11\x3f\x05\x79\xd9\xec\xd8\x24\x05\xfc\xd0\x59\x5b\x74\xf2\x57\x14\x3b\xf3\x3f\x00\x00\xff\xff\x37\xa3\x5f\x88\x54\x04\x00\x00") func ccmYamlBytes() ([]byte, error) { return bindataRead(