Ensure profile flag is respected

Problem: the --profile was not being respecting, causing things like the etcd pod not being ran as the etcd user. This is because we were shadowing a variable declation. Fixing this also exposed that a CIS related flag, `--protect-kernel-defaults` was improperly set. Solution: Removing the shadowed declaration of the cisMode variable. The global variable of the same name that is properly assigned a value earlier on in the logic will now be used. To fix protect-kernel-defaults, remove superfluous `--`. Signed-off-by: Craig Jellick <[email protected]>
rancher · Sep 27, 2020 · a9303c1 · a9303c1
1 parent e4a6a91
commit a9303c1
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 2 deletions.
diff --git a/pkg/cli/defaults/defaults.go b/pkg/cli/defaults/defaults.go
@@ -48,7 +48,7 @@ func Set(clx *cli.Context, images images.Images, dataDir string, cisMode bool) e
 	if cisMode {
 		cmds.AgentConfig.ExtraKubeletArgs = append(
 			[]string{
-				"--protect-kernel-defaults=true",
+				"protect-kernel-defaults=true",
 			},
 			cmds.AgentConfig.ExtraKubeletArgs...)
 	}

diff --git a/pkg/rke2/rke2.go b/pkg/rke2/rke2.go
@@ -91,7 +91,6 @@ func setup(clx *cli.Context, cfg Config) error {
 
 	agentManifestsDir := filepath.Join(dataDir, "agent", config.DefaultPodManifestPath)
 	agentImagesDir := filepath.Join(dataDir, "agent", "images")
-	cisMode := clx.String("profile") != ""
 
 	managed.RegisterDriver(&etcd.ETCD{})