From 8c6d3567fe1ec3de7be3f272019f90ab1b896f9d Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Tue, 15 Sep 2020 22:32:57 -0700 Subject: [PATCH] Rename k3s-controller based on the build-time program name Since we're replacing the k3s rolebindings.yaml in rke2, we should allow renaming this so that we can use the white-labeled name downstream. Signed-off-by: Brad Davidson --- pkg/agent/netpol/network_policy.go | 3 ++- pkg/daemons/control/server.go | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/pkg/agent/netpol/network_policy.go b/pkg/agent/netpol/network_policy.go index 04b3cb9b53..9615dcce4e 100644 --- a/pkg/agent/netpol/network_policy.go +++ b/pkg/agent/netpol/network_policy.go @@ -32,7 +32,8 @@ func Run(ctx context.Context, nodeConfig *config.Node) error { return err } - // retry backoff to wait for the clusterrolebinding of user "system:k3s-controller" + // retry backoff to wait for the clusterrolebinding for the k3s tunnel controller (system:k3s-controller or equivalent) + // which has to occur before it can bring up the connection to the API server. retryBackoff := wait.Backoff{ Steps: 6, Duration: 100 * time.Millisecond, diff --git a/pkg/daemons/control/server.go b/pkg/daemons/control/server.go index e5932b5b41..6f8f221d00 100644 --- a/pkg/daemons/control/server.go +++ b/pkg/daemons/control/server.go @@ -551,8 +551,8 @@ func genClientCerts(config *config.Control, runtime *config.ControlRuntime) erro if _, err = factory("system:kube-proxy", nil, runtime.ClientKubeProxyCert, runtime.ClientKubeProxyKey); err != nil { return err } - // this must be hardcoded to k3s-controller because it's hard coded in the rolebindings.yaml - if _, err = factory("system:k3s-controller", nil, runtime.ClientK3sControllerCert, runtime.ClientK3sControllerKey); err != nil { + // This user (system:k3s-controller by default) must be bound to a role in rolebindings.yaml or the downstream equivalent + if _, err = factory("system:"+version.Program+"-controller", nil, runtime.ClientK3sControllerCert, runtime.ClientK3sControllerKey); err != nil { return err }