Create RBAC role to allow kubeadm to get nodes #6241
Conversation
kubermatic-bot
added
release-note
|
/lgtm |
|
LGTM label has been added. Git tree hash: fb66672022d3074527a11fceadf09b1076024343
|
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: aborilov, xmudrii The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
kubermatic-bot
added
the
approved
|
/test pre-kubermatic-e2e-aws-flatcar-1.17 |
|
/cherrypick release/v2.15 |
|
@xmudrii: new pull request created: #6244 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/cherrypick release/v2.14 |
|
@xmudrii: new pull request created: #6245 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
What this PR does / why we need it:
As of Kubernetes 1.18+, kubeadm verifies that there is no node with the same name before joining a new node to a cluster.
This PR adds a new manifest to the RBAC addon to grant kubeadm permissions to get nodes. Without this PR, nodes can't join kubeadm clusters running Kubernetes 1.18+
This manifest has been copied from the Kubernetes documentation and tested manually.
Reference: https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/troubleshooting-kubeadm/#not-possible-to-join-a-v1-18-node-to-a-v1-17-cluster-due-to-missing-rbac
This PR should be cherry-picked to branches with Kubernetes 1.18+ support.
Does this PR introduce a user-facing change?:
/assign @aborilov