yurthub verify bootstrap token on start and do cleanup if necessary

openyurtio · Nov 26, 2021 · 3fa1ecd · 3fa1ecd
1 parent 76bd622
commit 3fa1ecd
Showing 1 changed file with 40 additions and 0 deletions.
diff --git a/pkg/yurthub/certificate/hubself/cert_mgr.go b/pkg/yurthub/certificate/hubself/cert_mgr.go
@@ -27,6 +27,7 @@ import (
 	"path/filepath"
 	"strings"
 	"time"
+	"os"
 
 	certificates "k8s.io/api/certificates/v1beta1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -116,8 +117,47 @@ func NewYurtHubCertManager(cfg *config.YurtHubConfiguration) (interfaces.YurtCer
 	return ycm, nil
 }
 
+func removeDirContents(dir string) error {
+	files, err := ioutil.ReadDir(dir)
+	if err != nil {
+		return err
+	}
+	for _, d := range files {
+		err = os.RemoveAll(filepath.Join(dir, d.Name()))
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func (ycm *yurtHubCertManager) verifyOrCleanup() {
+	if len(ycm.joinToken) == 0 {
+		return
+	}
+
+	bcf := ycm.getBootstrapConfFile()
+	if existed, _ := util.FileExists(bcf); existed {
+		curKubeConfig, err := util.LoadKubeConfig(bcf)
+		if err == nil && curKubeConfig != nil {
+			if curKubeConfig.AuthInfos[bootstrapUser] != nil {
+				if curKubeConfig.AuthInfos[bootstrapUser].Token == ycm.joinToken {
+					klog.Infof("join token for %s bootstrap conf file is not changed", ycm.hubName)
+					return
+				}
+			}
+		}
+	}
+
+	klog.Infof("clean up any stale files")
+	removeDirContents(ycm.rootDir)
+}
+
 // Start init certificate manager and certs for hub agent
 func (ycm *yurtHubCertManager) Start() {
+	// 0. verify, cleanup if needed
+	ycm.verifyOrCleanup()
+
 	// 1. create ca file for hub certificate manager
 	err := ycm.initCaCert()
 	if err != nil {