Skip to content

Commit

Permalink
bugfix(yurtctl): ensure the join token of yurthub has right usages an…
Browse files Browse the repository at this point in the history
…d groups (openyurtio#510)
  • Loading branch information
DrmagicE authored Sep 30, 2021
1 parent 10ebaaa commit 5cb0cc9
Showing 1 changed file with 33 additions and 3 deletions.
36 changes: 33 additions & 3 deletions pkg/yurtctl/util/kubernetes/util.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,11 +26,12 @@ import (
"os/exec"
"path/filepath"
"runtime"
"sort"
"strings"
"sync"
"time"

v1beta1 "k8s.io/api/admissionregistration/v1beta1"
"k8s.io/api/admissionregistration/v1beta1"
appsv1 "k8s.io/api/apps/v1"
batchv1 "k8s.io/api/batch/v1"
corev1 "k8s.io/api/core/v1"
Expand Down Expand Up @@ -58,12 +59,13 @@ import (
kubeadmcontants "k8s.io/kubernetes/cmd/kubeadm/app/constants"
tokenphase "k8s.io/kubernetes/cmd/kubeadm/app/phases/bootstraptoken/node"

"github.com/spf13/pflag"

"github.com/openyurtio/openyurt/pkg/yurtctl/constants"
"github.com/openyurtio/openyurt/pkg/yurtctl/util"
"github.com/openyurtio/openyurt/pkg/yurtctl/util/edgenode"
strutil "github.com/openyurtio/openyurt/pkg/yurtctl/util/strings"
tmplutil "github.com/openyurtio/openyurt/pkg/yurtctl/util/templates"
"github.com/spf13/pflag"
)

const (
Expand Down Expand Up @@ -594,6 +596,10 @@ func GetOrCreateJoinTokenString(cliSet *kubernetes.Clientset) (string, error) {
klog.Warningf("%v", err)
continue
}
if !usagesAndGroupsAreValid(token) {
continue
}

return token.Token.String(), nil
// Get the human-friendly string representation for the token
}
Expand All @@ -608,12 +614,36 @@ func GetOrCreateJoinTokenString(cliSet *kubernetes.Clientset) (string, error) {
}

klog.V(1).Infoln("[token] creating token")
if err := tokenphase.CreateNewTokens(cliSet, []kubeadmapi.BootstrapToken{{Token: token, Usages: kubeadmcontants.DefaultTokenUsages, Groups: kubeadmcontants.DefaultTokenGroups}}); err != nil {
if err := tokenphase.CreateNewTokens(cliSet,
[]kubeadmapi.BootstrapToken{{
Token: token,
Usages: kubeadmcontants.DefaultTokenUsages,
Groups: kubeadmcontants.DefaultTokenGroups,
}}); err != nil {
return "", err
}
return tokenStr, nil
}

// usagesAndGroupsAreValid checks if the usages and groups in the given bootstrap token are valid
func usagesAndGroupsAreValid(token *kubeadmapi.BootstrapToken) bool {
sliceEqual := func(a, b []string) bool {
if len(a) != len(b) {
return false
}
sort.Strings(a)
sort.Strings(b)
for k, v := range b {
if a[k] != v {
return false
}
}
return true
}

return sliceEqual(token.Usages, kubeadmcontants.DefaultTokenUsages) && sliceEqual(token.Groups, kubeadmcontants.DefaultTokenGroups)
}

// find kube-controller-manager deployed through static file
func GetKubeControllerManagerHANodes(cliSet *kubernetes.Clientset) ([]string, error) {
var kcmNodeNames []string
Expand Down

0 comments on commit 5cb0cc9

Please sign in to comment.