Skip to content

Commit

Permalink
Revert "Remove untainting logic."
Browse files Browse the repository at this point in the history
This reverts a part of commit eec47aa.
  • Loading branch information
viteksafronov authored and dlorenc committed Aug 6, 2018
1 parent 685b792 commit 477ece9
Show file tree
Hide file tree
Showing 2 changed files with 63 additions and 1 deletion.
8 changes: 8 additions & 0 deletions pkg/minikube/bootstrapper/kubeadm/kubeadm.go
Original file line number Diff line number Diff line change
Expand Up @@ -135,6 +135,14 @@ func (k *KubeadmBootstrapper) StartCluster(k8s config.KubernetesConfig) error {
return errors.Wrapf(err, "kubeadm init error %s running command: %s", b.String(), out)
}

if version.LT(semver.MustParse("1.10.0-alpha.0")) {
//TODO(r2d4): get rid of global here
master = k8s.NodeName
if err := util.RetryAfter(200, unmarkMaster, time.Second*1); err != nil {
return errors.Wrap(err, "timed out waiting to unmark master")
}
}

if err := util.RetryAfter(100, elevateKubeSystemPrivileges, time.Millisecond*500); err != nil {
return errors.Wrap(err, "timed out waiting to elevate kube-system RBAC privileges")
}
Expand Down
56 changes: 55 additions & 1 deletion pkg/minikube/bootstrapper/kubeadm/util.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,24 +18,78 @@ package kubeadm

import (
"bytes"
"encoding/json"
"html/template"
"strings"

"github.com/golang/glog"
"github.com/pkg/errors"
clientv1 "k8s.io/api/core/v1"
rbacv1beta1 "k8s.io/api/rbac/v1beta1"
apierrs "k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/apis/meta/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/apimachinery/pkg/types"
"k8s.io/apimachinery/pkg/util/strategicpatch"
"k8s.io/minikube/pkg/minikube/config"
"k8s.io/minikube/pkg/minikube/service"
"k8s.io/minikube/pkg/util"
)

const (
rbacName = "minikube-rbac"
masterTaint = "node-role.kubernetes.io/master"
rbacName = "minikube-rbac"
)

var master = ""

func unmarkMaster() error {
k8s := service.K8s
client, err := k8s.GetCoreClient()
if err != nil {
return errors.Wrap(err, "getting core client")
}
n, err := client.Nodes().Get(master, v1.GetOptions{})
if err != nil {
return errors.Wrapf(err, "getting node %s", master)
}

oldData, err := json.Marshal(n)
if err != nil {
return errors.Wrap(err, "json marshalling data before patch")
}

newTaints := []clientv1.Taint{}
for _, taint := range n.Spec.Taints {
if taint.Key == masterTaint {
continue
}

newTaints = append(newTaints, taint)
}
n.Spec.Taints = newTaints

newData, err := json.Marshal(n)
if err != nil {
return errors.Wrapf(err, "json marshalling data after patch")
}

patchBytes, err := strategicpatch.CreateTwoWayMergePatch(oldData, newData, clientv1.Node{})
if err != nil {
return errors.Wrap(err, "creating strategic patch")
}

if _, err := client.Nodes().Patch(n.Name, types.StrategicMergePatchType, patchBytes); err != nil {
if apierrs.IsConflict(err) {
return errors.Wrap(err, "strategic patch conflict")
}
return errors.Wrap(err, "applying strategic patch")
}

return nil
}

// elevateKubeSystemPrivileges gives the kube-system service account
// cluster admin privileges to work with RBAC.
func elevateKubeSystemPrivileges() error {
Expand Down

0 comments on commit 477ece9

Please sign in to comment.