kubeadm: add missing RBAC for getting nodes on "upgrade apply"

neolit123 · neolit123 · commit bd9b7920920c · 2020-03-27T16:53:56.000+02:00
b117a92 added a new check during "join" whether a Node with the same name exists in the cluster. When upgrading from 1.17 to 1.18 make sure the required RBAC by this check is added. Otherwise "kubeadm join" will complain that it lacks permissions to GET a Node.
diff --git a/cmd/kubeadm/app/phases/upgrade/postupgrade.go b/cmd/kubeadm/app/phases/upgrade/postupgrade.go
@@ -70,6 +70,11 @@ func PerformPostUpgradeTasks(client clientset.Interface, cfg *kubeadmapi.InitCon
 		errs = append(errs, errors.Wrap(err, "error uploading crisocket"))
 	}
 
+	// Create RBAC rules that makes the bootstrap tokens able to get nodes
+	if err := nodebootstraptoken.AllowBoostrapTokensToGetNodes(client); err != nil {
+		errs = append(errs, err)
+	}
+
 	// Create/update RBAC rules that makes the bootstrap tokens able to post CSRs
 	if err := nodebootstraptoken.AllowBootstrapTokensToPostCSRs(client); err != nil {
 		errs = append(errs, err)
