mirror of https://github.com/k3s-io/k3s
Rename k3s-controller based on the build-time program name
Since we're replacing the k3s rolebindings.yaml in rke2, we should allow renaming this so that we can use the white-labeled name downstream. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>pull/2266/head
parent
ae5519c047
commit
8c6d3567fe
|
@ -32,7 +32,8 @@ func Run(ctx context.Context, nodeConfig *config.Node) error {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
// retry backoff to wait for the clusterrolebinding of user "system:k3s-controller"
|
// retry backoff to wait for the clusterrolebinding for the k3s tunnel controller (system:k3s-controller or equivalent)
|
||||||
|
// which has to occur before it can bring up the connection to the API server.
|
||||||
retryBackoff := wait.Backoff{
|
retryBackoff := wait.Backoff{
|
||||||
Steps: 6,
|
Steps: 6,
|
||||||
Duration: 100 * time.Millisecond,
|
Duration: 100 * time.Millisecond,
|
||||||
|
|
|
@ -551,8 +551,8 @@ func genClientCerts(config *config.Control, runtime *config.ControlRuntime) erro
|
||||||
if _, err = factory("system:kube-proxy", nil, runtime.ClientKubeProxyCert, runtime.ClientKubeProxyKey); err != nil {
|
if _, err = factory("system:kube-proxy", nil, runtime.ClientKubeProxyCert, runtime.ClientKubeProxyKey); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
// this must be hardcoded to k3s-controller because it's hard coded in the rolebindings.yaml
|
// This user (system:k3s-controller by default) must be bound to a role in rolebindings.yaml or the downstream equivalent
|
||||||
if _, err = factory("system:k3s-controller", nil, runtime.ClientK3sControllerCert, runtime.ClientK3sControllerKey); err != nil {
|
if _, err = factory("system:"+version.Program+"-controller", nil, runtime.ClientK3sControllerCert, runtime.ClientK3sControllerKey); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue