From a9303c1c929bc346375e1ef5fcb89cc36f692df8 Mon Sep 17 00:00:00 2001 From: Craig Jellick Date: Sun, 27 Sep 2020 10:09:46 -0700 Subject: [PATCH] Ensure profile flag is respected Problem: the --profile was not being respecting, causing things like the etcd pod not being ran as the etcd user. This is because we were shadowing a variable declation. Fixing this also exposed that a CIS related flag, `--protect-kernel-defaults` was improperly set. Solution: Removing the shadowed declaration of the cisMode variable. The global variable of the same name that is properly assigned a value earlier on in the logic will now be used. To fix protect-kernel-defaults, remove superfluous `--`. Signed-off-by: Craig Jellick --- pkg/cli/defaults/defaults.go | 2 +- pkg/rke2/rke2.go | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/pkg/cli/defaults/defaults.go b/pkg/cli/defaults/defaults.go index 84854336a6..5bcbbf6c2c 100644 --- a/pkg/cli/defaults/defaults.go +++ b/pkg/cli/defaults/defaults.go @@ -48,7 +48,7 @@ func Set(clx *cli.Context, images images.Images, dataDir string, cisMode bool) e if cisMode { cmds.AgentConfig.ExtraKubeletArgs = append( []string{ - "--protect-kernel-defaults=true", + "protect-kernel-defaults=true", }, cmds.AgentConfig.ExtraKubeletArgs...) } diff --git a/pkg/rke2/rke2.go b/pkg/rke2/rke2.go index a86e6a0744..b9088036db 100644 --- a/pkg/rke2/rke2.go +++ b/pkg/rke2/rke2.go @@ -91,7 +91,6 @@ func setup(clx *cli.Context, cfg Config) error { agentManifestsDir := filepath.Join(dataDir, "agent", config.DefaultPodManifestPath) agentImagesDir := filepath.Join(dataDir, "agent", "images") - cisMode := clx.String("profile") != "" managed.RegisterDriver(&etcd.ETCD{})