k3s/cluster/common.sh

#!/bin/bash

# Copyright 2015 Google Inc. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Common utilites for kube-up/kube-down

set -o errexit
set -o nounset
set -o pipefail

KUBE_ROOT=$(dirname "${BASH_SOURCE}")/..

DEFAULT_KUBECONFIG="${HOME}/.kube/config"

# Generate kubeconfig data for the created cluster.
# Assumed vars:
#   KUBE_USER
#   KUBE_PASSWORD
#   KUBE_MASTER_IP
#   KUBECONFIG
#   CONTEXT
#
# The following can be omitted for --insecure-skip-tls-verify
#   KUBE_CERT
#   KUBE_KEY
#   CA_CERT
function create-kubeconfig() {
  local kubectl="${KUBE_ROOT}/cluster/kubectl.sh"

  export KUBECONFIG=${KUBECONFIG:-$DEFAULT_KUBECONFIG}
  # KUBECONFIG determines the file we write to, but it may not exist yet
  if [[ ! -e "${KUBECONFIG}" ]]; then
    mkdir -p $(dirname "${KUBECONFIG}")
    touch "${KUBECONFIG}"
  fi
  local cluster_args=(
      "--server=https://${KUBE_MASTER_IP}"
  )
  if [[ -z "${CA_CERT:-}" ]]; then
    cluster_args+=("--insecure-skip-tls-verify=true")
  else
    cluster_args+=(
      "--certificate-authority=${CA_CERT}"
      "--embed-certs=true"
    )
  fi
  local user_args=(
     "--username=${KUBE_USER}"
     "--password=${KUBE_PASSWORD}"
  )
  if [[ ! -z "${KUBE_CERT:-}" && ! -z "${KUBE_KEY:-}" ]]; then
    user_args+=(
     "--client-certificate=${KUBE_CERT}"
     "--client-key=${KUBE_KEY}"
     "--embed-certs=true"
    )
  fi

  "${kubectl}" config set-cluster "${CONTEXT}" "${cluster_args[@]}"
  "${kubectl}" config set-credentials "${CONTEXT}" "${user_args[@]}"
  "${kubectl}" config set-context "${CONTEXT}" --cluster="${CONTEXT}" --user="${CONTEXT}"
  "${kubectl}" config use-context "${CONTEXT}"  --cluster="${CONTEXT}"

   echo "Wrote config for ${CONTEXT} to ${KUBECONFIG}"
}

# Clear kubeconfig data for a context
# Assumed vars:
#   KUBECONFIG
#   CONTEXT
function clear-kubeconfig() {
  export KUBECONFIG=${KUBECONFIG:-$DEFAULT_KUBECONFIG}
  local kubectl="${KUBE_ROOT}/cluster/kubectl.sh"
  "${kubectl}" config unset "clusters.${CONTEXT}"
  "${kubectl}" config unset "users.${CONTEXT}"
  "${kubectl}" config unset "contexts.${CONTEXT}"

  local current
  current=$("${kubectl}" config view -o template --template='{{ index . "current-context" }}')
  if [[ "${current}" == "${CONTEXT}" ]]; then
    "${kubectl}" config unset current-context
  fi

  echo "Cleared config for ${CONTEXT} from ${KUBECONFIG}"
}

# Gets username, password for the current-context in kubeconfig, if they exist.
# Assumed vars:
#   KUBECONFIG  # if unset, defaults to global
#
# Vars set:
#   KUBE_USER
#   KUBE_PASSWORD
#
# KUBE_USER,KUBE_PASSWORD will be empty if no current-context is set, or
# the current-context user does not exist or contain basicauth entries.
function get-kubeconfig-basicauth() {
  export KUBECONFIG=${KUBECONFIG:-$DEFAULT_KUBECONFIG}
  # Templates to safely extract the username,password for the current-context
  # user.  The long chain of 'with' commands avoids indexing nil if any of the
  # entries ("current-context", "contexts"."current-context", "users", etc)
  # is missing.
  # Note: we save dot ('.') to $root because the 'with' action overrides it.
  # See http://golang.org/pkg/text/template/.
  local username='{{$dot := .}}{{with $ctx := index $dot "current-context"}}{{range $element := (index $dot "contexts")}}{{ if eq .name $ctx }}{{ with $user := .context.user }}{{range $element := (index $dot "users")}}{{ if eq .name $user }}{{ index . "user" "username" }}{{end}}{{end}}{{end}}{{end}}{{end}}{{end}}'
  local password='{{$dot := .}}{{with $ctx := index $dot "current-context"}}{{range $element := (index $dot "contexts")}}{{ if eq .name $ctx }}{{ with $user := .context.user }}{{range $element := (index $dot "users")}}{{ if eq .name $user }}{{ index . "user" "password" }}{{end}}{{end}}{{end}}{{end}}{{end}}{{end}}'
  KUBE_USER=$("${KUBE_ROOT}/cluster/kubectl.sh" config view -o template --template="${username}")
  KUBE_PASSWORD=$("${KUBE_ROOT}/cluster/kubectl.sh" config view -o template --template="${password}")
  # Handle empty/missing username|password
  if [[ "${KUBE_USER}" == '<no value>' || "$KUBE_PASSWORD" == '<no value>' ]]; then
    KUBE_USER=''
    KUBE_PASSWORD=''
  fi
}
Utilities to create and clear kubeconfig for use by kube-up scripts 2015-03-06 22:34:38 +00:00			`#!/bin/bash`

			`# Copyright 2015 Google Inc. All rights reserved.`
			`#`
			`# Licensed under the Apache License, Version 2.0 (the "License");`
			`# you may not use this file except in compliance with the License.`
			`# You may obtain a copy of the License at`
			`#`
			`# http://www.apache.org/licenses/LICENSE-2.0`
			`#`
			`# Unless required by applicable law or agreed to in writing, software`
			`# distributed under the License is distributed on an "AS IS" BASIS,`
			`# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`# See the License for the specific language governing permissions and`
			`# limitations under the License.`

			`# Common utilites for kube-up/kube-down`

			`set -o errexit`
			`set -o nounset`
			`set -o pipefail`

			`KUBE_ROOT=$(dirname "${BASH_SOURCE}")/..`

Retry Move KUBECONFIG to common.sh, change default to new location 2015-04-17 17:19:53 +00:00			`DEFAULT_KUBECONFIG="${HOME}/.kube/config"`

Utilities to create and clear kubeconfig for use by kube-up scripts 2015-03-06 22:34:38 +00:00			`# Generate kubeconfig data for the created cluster.`
			`# Assumed vars:`
			`# KUBE_USER`
			`# KUBE_PASSWORD`
			`# KUBE_MASTER_IP`
			`# KUBECONFIG`
Generate kubeconfig for all providers in cluster/ that use auth 2015-04-10 00:07:24 +00:00			`# CONTEXT`
Utilities to create and clear kubeconfig for use by kube-up scripts 2015-03-06 22:34:38 +00:00			`#`
Generate kubeconfig for all providers in cluster/ that use auth 2015-04-10 00:07:24 +00:00			`# The following can be omitted for --insecure-skip-tls-verify`
Utilities to create and clear kubeconfig for use by kube-up scripts 2015-03-06 22:34:38 +00:00			`# KUBE_CERT`
			`# KUBE_KEY`
			`# CA_CERT`
			`function create-kubeconfig() {`
			`local kubectl="${KUBE_ROOT}/cluster/kubectl.sh"`

export KUBECONFIG so callers of common.sh functions can use it 2015-04-17 23:22:07 +00:00			`export KUBECONFIG=${KUBECONFIG:-$DEFAULT_KUBECONFIG}`
Generate standalone kubeconfig on kube-up, clear on kube-down. Also tweaked the ginkgo tests to pull auth directly from a kubeconfig file instead of the legacy kubernetes_auth file. 2015-03-06 22:49:25 +00:00			`# KUBECONFIG determines the file we write to, but it may not exist yet`
			`if [[ ! -e "${KUBECONFIG}" ]]; then`
			`mkdir -p $(dirname "${KUBECONFIG}")`
			`touch "${KUBECONFIG}"`
			`fi`
Generate kubeconfig for all providers in cluster/ that use auth 2015-04-10 00:07:24 +00:00			`local cluster_args=(`
			`"--server=https://${KUBE_MASTER_IP}"`
			`)`
			`if [[ -z "${CA_CERT:-}" ]]; then`
			`cluster_args+=("--insecure-skip-tls-verify=true")`
			`else`
			`cluster_args+=(`
			`"--certificate-authority=${CA_CERT}"`
			`"--embed-certs=true"`
			`)`
			`fi`
			`local user_args=(`
			`"--username=${KUBE_USER}"`
			`"--password=${KUBE_PASSWORD}"`
			`)`
			`if [[ ! -z "${KUBE_CERT:-}" && ! -z "${KUBE_KEY:-}" ]]; then`
			`user_args+=(`
			`"--client-certificate=${KUBE_CERT}"`
			`"--client-key=${KUBE_KEY}"`
			`"--embed-certs=true"`
			`)`
			`fi`

			`"${kubectl}" config set-cluster "${CONTEXT}" "${cluster_args[@]}"`
			`"${kubectl}" config set-credentials "${CONTEXT}" "${user_args[@]}"`
Utilities to create and clear kubeconfig for use by kube-up scripts 2015-03-06 22:34:38 +00:00			`"${kubectl}" config set-context "${CONTEXT}" --cluster="${CONTEXT}" --user="${CONTEXT}"`
			`"${kubectl}" config use-context "${CONTEXT}" --cluster="${CONTEXT}"`

Generate standalone kubeconfig on kube-up, clear on kube-down. Also tweaked the ginkgo tests to pull auth directly from a kubeconfig file instead of the legacy kubernetes_auth file. 2015-03-06 22:49:25 +00:00			`echo "Wrote config for ${CONTEXT} to ${KUBECONFIG}"`
Utilities to create and clear kubeconfig for use by kube-up scripts 2015-03-06 22:34:38 +00:00			`}`

			`# Clear kubeconfig data for a context`
			`# Assumed vars:`
			`# KUBECONFIG`
			`# CONTEXT`
			`function clear-kubeconfig() {`
export KUBECONFIG so callers of common.sh functions can use it 2015-04-17 23:22:07 +00:00			`export KUBECONFIG=${KUBECONFIG:-$DEFAULT_KUBECONFIG}`
Utilities to create and clear kubeconfig for use by kube-up scripts 2015-03-06 22:34:38 +00:00			`local kubectl="${KUBE_ROOT}/cluster/kubectl.sh"`
			`"${kubectl}" config unset "clusters.${CONTEXT}"`
			`"${kubectl}" config unset "users.${CONTEXT}"`
			`"${kubectl}" config unset "contexts.${CONTEXT}"`

			`local current`
			`current=$("${kubectl}" config view -o template --template='{{ index . "current-context" }}')`
			`if [[ "${current}" == "${CONTEXT}" ]]; then`
			`"${kubectl}" config unset current-context`
			`fi`

Generate standalone kubeconfig on kube-up, clear on kube-down. Also tweaked the ginkgo tests to pull auth directly from a kubeconfig file instead of the legacy kubernetes_auth file. 2015-03-06 22:49:25 +00:00			`echo "Cleared config for ${CONTEXT} from ${KUBECONFIG}"`
Utilities to create and clear kubeconfig for use by kube-up scripts 2015-03-06 22:34:38 +00:00			`}`
Make get-password robust against invalid kubeconfig entries 2015-03-13 19:22:49 +00:00
			`# Gets username, password for the current-context in kubeconfig, if they exist.`
			`# Assumed vars:`
			`# KUBECONFIG # if unset, defaults to global`
			`#`
			`# Vars set:`
			`# KUBE_USER`
			`# KUBE_PASSWORD`
			`#`
			`# KUBE_USER,KUBE_PASSWORD will be empty if no current-context is set, or`
			`# the current-context user does not exist or contain basicauth entries.`
			`function get-kubeconfig-basicauth() {`
export KUBECONFIG so callers of common.sh functions can use it 2015-04-17 23:22:07 +00:00			`export KUBECONFIG=${KUBECONFIG:-$DEFAULT_KUBECONFIG}`
Make get-password robust against invalid kubeconfig entries 2015-03-13 19:22:49 +00:00			`# Templates to safely extract the username,password for the current-context`
			`# user. The long chain of 'with' commands avoids indexing nil if any of the`
			`# entries ("current-context", "contexts"."current-context", "users", etc)`
			`# is missing.`
			`# Note: we save dot ('.') to $root because the 'with' action overrides it.`
			`# See http://golang.org/pkg/text/template/.`
update scripts with correct templates 2015-04-06 18:56:13 +00:00			`local username='{{$dot := .}}{{with $ctx := index $dot "current-context"}}{{range $element := (index $dot "contexts")}}{{ if eq .name $ctx }}{{ with $user := .context.user }}{{range $element := (index $dot "users")}}{{ if eq .name $user }}{{ index . "user" "username" }}{{end}}{{end}}{{end}}{{end}}{{end}}{{end}}'`
			`local password='{{$dot := .}}{{with $ctx := index $dot "current-context"}}{{range $element := (index $dot "contexts")}}{{ if eq .name $ctx }}{{ with $user := .context.user }}{{range $element := (index $dot "users")}}{{ if eq .name $user }}{{ index . "user" "password" }}{{end}}{{end}}{{end}}{{end}}{{end}}{{end}}'`
Make get-password robust against invalid kubeconfig entries 2015-03-13 19:22:49 +00:00			`KUBE_USER=$("${KUBE_ROOT}/cluster/kubectl.sh" config view -o template --template="${username}")`
			`KUBE_PASSWORD=$("${KUBE_ROOT}/cluster/kubectl.sh" config view -o template --template="${password}")`
			`# Handle empty/missing username\|password`
			`if [[ "${KUBE_USER}" == '<no value>' \|\| "$KUBE_PASSWORD" == '<no value>' ]]; then`
			`KUBE_USER=''`
			`KUBE_PASSWORD=''`
			`fi`
			`}`