Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kubeadm: add missing RBAC for getting nodes on "upgrade apply" #89537

Merged
merged 1 commit into from
Mar 27, 2020
Merged

kubeadm: add missing RBAC for getting nodes on "upgrade apply" #89537

merged 1 commit into from
Mar 27, 2020

Conversation

neolit123
Copy link
Member

What this PR does / why we need it:

b117a92 added a new check during "join" whether a Node with
the same name exists in the cluster.

When upgrading from 1.17 to 1.18 make sure the required RBAC
by this check is added. Otherwise "kubeadm join" will complain that
it lacks permissions to GET a Node.

Which issue(s) this PR fixes:

Refs kubernetes/kubeadm#2079

Special notes for your reviewer:
NONE

Does this PR introduce a user-facing change?:

kubeadm: fix a bug where post upgrade to 1.18.x, nodes cannot join the cluster due to missing RBAC

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

/assign @rosti @randomvariable
/priority critical-urgent
/kind bug

@neolit123
kubeadm: add missing RBAC for getting nodes on "upgrade apply"
6f99791 
b117a92 added a new check during "join" whether a Node with
the same name exists in the cluster.

When upgrading from 1.17 to 1.18 make sure the required RBAC
by this check is added. Otherwise "kubeadm join" will complain that
it lacks permissions to GET a Node.
@k8s-ci-robot k8s-ci-robot added the release-note Denotes a PR that will be considered when it comes time to generate release notes. label Mar 26, 2020
@k8s-ci-robot k8s-ci-robot added priority/critical-urgent Highest priority. Must be actively worked on as someone's top priority right now. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. kind/bug Categorizes issue or PR as related to a bug. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Mar 26, 2020
@k8s-ci-robot k8s-ci-robot requested review from kad and yastij March 26, 2020 20:07
@neolit123 neolit123 mentioned this pull request Mar 26, 2020
Closed
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: neolit123

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added approved Indicates a PR has been approved by an approver from all required OWNERS files. area/kubeadm sig/cluster-lifecycle Categorizes an issue or PR as relevant to SIG Cluster Lifecycle. and removed needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Mar 26, 2020
@neolit123
Copy link
Member Author

@kubernetes/sig-cluster-lifecycle-pr-reviews

@randomvariable
Copy link
Member

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 26, 2020
@neolit123 neolit123 mentioned this pull request Mar 26, 2020
Merged
@neolit123
Copy link
Member Author

/retest

@fejta-bot
Copy link

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to fejta).

Review the full test history for this PR.

Silence the bot with an /lgtm cancel or /hold comment for consistent failures.

@k8s-ci-robot k8s-ci-robot merged commit 903f1e6 into kubernetes:master Mar 27, 2020
@k8s-ci-robot k8s-ci-robot added this to the v1.19 milestone Mar 27, 2020
@neolit123 neolit123 mentioned this pull request Mar 27, 2020
Merged
k8s-ci-robot added a commit that referenced this pull request Mar 28, 2020
@k8s-ci-robot
Merge pull request #89577 from neolit123/automated-cherry-pick-of-#89…
d11ad21 
…537-origin-release-1.18

Automated cherry pick of #89537: kubeadm: add missing RBAC for getting nodes on "upgrade
@yogeek
Copy link

yogeek commented Nov 24, 2020
edited
Loading

Hello @neolit123

Thanks for this fix. We just had the issue in our 1.17 => 1.18 upgrade : is the fix only for 1.19 kubeadm version (I see "1.19 milestone") or can it be backport to previous versions too please ?

@neolit123
Copy link
Member Author

@yogeek

there is no need for this to be backported to earlier versions.

this current PR was for 1.19.

this was the cherry pick for 1.18, so the fix should be in the latest 1.18.x PATCH version:
#89577

@yogeek
Copy link

yogeek commented Nov 30, 2020

@neolit123 oh ok. In our case, we faced the issue when using kubeadm 1.18 to upgrade a 1.17 cluster to 1.18 so you say it is normal because the fix was in 1.18 and 1.19 right ?

@neolit123
Copy link
Member Author

@neolit123 oh ok. In our case, we faced the issue when using kubeadm 1.18 to upgrade a 1.17 cluster to 1.18 so you say it is normal because the fix was in 1.18 and 1.19 right ?

you may have used the 1.18.0 binary which had the problem. but if you use the kubeadm 1.18.<latest> binary it should work.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kad kad Awaiting requested review from kad

@yastij yastij Awaiting requested review from yastij

Assignees

@rosti rosti

@randomvariable randomvariable

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/kubeadm cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. lgtm "Looks good to me", indicates that a PR is ready to be merged. priority/critical-urgent Highest priority. Must be actively worked on as someone's top priority right now. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/cluster-lifecycle Categorizes an issue or PR as relevant to SIG Cluster Lifecycle. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
v1.19
Development

Successfully merging this pull request may close these issues.
6 participants
@neolit123 @k8s-ci-robot @randomvariable @fejta-bot @yogeek @rosti