-
Notifications
You must be signed in to change notification settings - Fork 155
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create RBAC role to allow kubeadm to get nodes #6241
Conversation
/lgtm |
LGTM label has been added. Git tree hash: fb66672022d3074527a11fceadf09b1076024343
|
/approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: aborilov, xmudrii The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/test pre-kubermatic-e2e-aws-flatcar-1.17 |
/cherrypick release/v2.15 |
@xmudrii: new pull request created: #6244 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/cherrypick release/v2.14 |
@xmudrii: new pull request created: #6245 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
What this PR does / why we need it:
As of Kubernetes 1.18+, kubeadm verifies that there is no node with the same name before joining a new node to a cluster.
This PR adds a new manifest to the RBAC addon to grant kubeadm permissions to get nodes. Without this PR, nodes can't join kubeadm clusters running Kubernetes 1.18+
This manifest has been copied from the Kubernetes documentation and tested manually.
Reference: https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/troubleshooting-kubeadm/#not-possible-to-join-a-v1-18-node-to-a-v1-17-cluster-due-to-missing-rbac
This PR should be cherry-picked to branches with Kubernetes 1.18+ support.
Does this PR introduce a user-facing change?:
/assign @aborilov