Skip to content

Commit

Permalink
Merge pull request #9582 from johngmyers/automated-cherry-pick-of-#95…
Browse files Browse the repository at this point in the history 
…81-upstream-release-1.18

Automated cherry pick of #9581: Use fixed UID for etcd user and restrict to legacy provider
  • Loading branch information
@k8s-ci-robot
k8s-ci-robot authored Jul 16, 2020
2 parents 2dbce9b + 067704e commit 053644c
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 2 deletions.
5 changes: 3 additions & 2 deletions nodeup/pkg/model/etcd.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ package model

import (
"k8s.io/kops/nodeup/pkg/distros"
"k8s.io/kops/pkg/wellknownusers"
"k8s.io/kops/upup/pkg/fi"
"k8s.io/kops/upup/pkg/fi/nodeup/nodetasks"

Expand All @@ -33,7 +34,7 @@ var _ fi.ModelBuilder = &EtcdBuilder{}

// Build is responsible for creating the etcd user
func (b *EtcdBuilder) Build(c *fi.ModelBuilderContext) error {
if !b.IsMaster {
if !b.IsMaster || b.UseEtcdManager() {
return nil
}

Expand All @@ -50,8 +51,8 @@ func (b *EtcdBuilder) Build(c *fi.ModelBuilderContext) error {
// TODO: Do we actually use the user anywhere?

c.AddTask(&nodetasks.UserTask{
// TODO: Should we set a consistent UID in case we remount?
Name: "user",
UID: wellknownusers.LegacyEtcd,
Shell: "/sbin/nologin",
Home: "/var/etcd",
})
Expand Down
3 changes: 3 additions & 0 deletions pkg/wellknownusers/wellknownusers.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,9 @@ const (
// Used by e.g. dns-controller, kops-controller
Generic = 10001

// LegacyEtcd is the user id for the etcd user under the legacy provider
LegacyEtcd = 10002

// AWSAuthenticator is the user-id for the aws-iam-authenticator (built externally)
AWSAuthenticator = 10000

Expand Down

0 comments on commit 053644c

Please sign in to comment.