Apply the bootstraprbac stack directly

Don't write the manifests to disk, just use them directly in the Init method as a standalone stack. Flag the stack name as ignored in the applier manager. Signed-off-by: Tom Wieczorek <[email protected]>
k0sproject · Jan 31, 2025 · 7b1c25b · 7b1c25b
1 parent 1c0f7e1
commit 7b1c25b
Show file tree

Hide file tree

Showing 4 changed files with 58 additions and 19 deletions.
diff --git a/cmd/controller/controller.go b/cmd/controller/controller.go
@@ -323,6 +323,7 @@ func (c *command) start(ctx context.Context) error {
 			KubeClientFactory: adminClientFactory,
 			IgnoredStacks: []string{
 				controller.ClusterConfigStackName,
+				controller.SystemRBACStackName,
 			},
 			LeaderElector: leaderElector,
 		})
@@ -533,8 +534,8 @@ func (c *command) start(ctx context.Context) error {
 		clusterComponents.Add(ctx, reconciler)
 	}
 
-	if !slices.Contains(c.DisableComponents, constant.SystemRbacComponentName) {
-		clusterComponents.Add(ctx, controller.NewSystemRBAC(c.K0sVars.ManifestsDir))
+	if !slices.Contains(c.DisableComponents, constant.SystemRBACComponentName) {
+		clusterComponents.Add(ctx, &controller.SystemRBAC{Clients: adminClientFactory})
 	}
 
 	if !slices.Contains(c.DisableComponents, constant.NodeRoleComponentName) {

diff --git a/pkg/component/controller/systemrbac.go b/pkg/component/controller/systemrbac.go
@@ -17,37 +17,75 @@ limitations under the License.
 package controller
 
 import (
+	"bytes"
+	"cmp"
 	"context"
 	_ "embed"
-	"path"
-	"path/filepath"
+	"fmt"
 
-	"github.com/k0sproject/k0s/internal/pkg/dir"
-	"github.com/k0sproject/k0s/internal/pkg/file"
+	"github.com/k0sproject/k0s/pkg/applier"
 	"github.com/k0sproject/k0s/pkg/component/manager"
 	"github.com/k0sproject/k0s/pkg/constant"
+	"github.com/k0sproject/k0s/pkg/kubernetes"
+
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	"k8s.io/cli-runtime/pkg/resource"
+
+	"github.com/avast/retry-go"
+	"github.com/sirupsen/logrus"
 )
 
+const SystemRBACStackName = "bootstraprbac"
+
 // SystemRBAC implements system RBAC reconciler
 type SystemRBAC struct {
-	manifestDir string
+	Clients kubernetes.ClientFactoryInterface
 }
 
 var _ manager.Component = (*SystemRBAC)(nil)
 
-// NewSystemRBAC creates new system level RBAC reconciler
-func NewSystemRBAC(manifestDir string) *SystemRBAC {
-	return &SystemRBAC{manifestDir}
-}
-
-// Writes the bootstrap RBAC manifests into the manifests folder.
-func (s *SystemRBAC) Init(context.Context) error {
-	rbacDir := path.Join(s.manifestDir, "bootstraprbac")
-	if err := dir.Init(rbacDir, constant.ManifestsDirMode); err != nil {
+// Applies the system RBAC manifests to the cluster.
+func (s *SystemRBAC) Init(ctx context.Context) error {
+	infos, err := resource.NewLocalBuilder().
+		Unstructured().
+		Stream(bytes.NewReader(systemRBAC), SystemRBACStackName).
+		Flatten().
+		Do().
+		Infos()
+	if err != nil {
 		return err
 	}
 
-	return file.WriteContentAtomically(filepath.Join(rbacDir, "bootstrap-rbac.yaml"), systemRBAC, 0644)
+	resources := make([]*unstructured.Unstructured, len(infos))
+	for i := range infos {
+		resources[i] = infos[i].Object.(*unstructured.Unstructured)
+	}
+
+	var lastErr error
+	if err := retry.Do(
+		func() error {
+			stack := applier.Stack{
+				Name:      SystemRBACStackName,
+				Resources: resources,
+				Clients:   s.Clients,
+			}
+			lastErr := stack.Apply(ctx, true)
+			return lastErr
+		},
+		retry.Context(ctx),
+		retry.LastErrorOnly(true),
+		retry.OnRetry(func(attempt uint, err error) {
+			logrus.WithFields(logrus.Fields{
+				"component": constant.SystemRBACComponentName,
+				"stack":     SystemRBACStackName,
+				"attempt":   attempt + 1,
+			}).WithError(err).Debug("Failed to apply stack, retrying after backoff")
+		}),
+	); err != nil {
+		return fmt.Errorf("failed to apply system RBAC stack: %w", cmp.Or(lastErr, err))
+	}
+
+	return nil
 }
 
 func (s *SystemRBAC) Start(context.Context) error { return nil }

diff --git a/pkg/config/cli.go b/pkg/config/cli.go
@@ -262,7 +262,7 @@ var availableComponents = []string{
 	constant.MetricsServerComponentName,
 	constant.NetworkProviderComponentName,
 	constant.NodeRoleComponentName,
-	constant.SystemRbacComponentName,
+	constant.SystemRBACComponentName,
 	constant.WindowsNodeComponentName,
 	constant.WorkerConfigComponentName,
 }

diff --git a/pkg/constant/constant.go b/pkg/constant/constant.go
@@ -118,7 +118,7 @@ const (
 	WorkerConfigComponentName          = "worker-config"
 	MetricsServerComponentName         = "metrics-server"
 	NetworkProviderComponentName       = "network-provider"
-	SystemRbacComponentName            = "system-rbac"
+	SystemRBACComponentName            = "system-rbac"
 	NodeRoleComponentName              = "node-role"
 	WindowsNodeComponentName           = "windows-node"
 	AutopilotComponentName             = "autopilot"