|
|
|
package cluster
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
"crypto/tls"
|
|
|
|
"net"
|
|
|
|
"net/http"
|
|
|
|
"path/filepath"
|
|
|
|
|
|
|
|
"github.com/rancher/dynamiclistener"
|
|
|
|
"github.com/rancher/dynamiclistener/factory"
|
|
|
|
"github.com/rancher/dynamiclistener/storage/file"
|
|
|
|
"github.com/rancher/dynamiclistener/storage/kubernetes"
|
|
|
|
"github.com/rancher/dynamiclistener/storage/memory"
|
|
|
|
"github.com/rancher/k3s/pkg/daemons/config"
|
|
|
|
"github.com/rancher/wrangler-api/pkg/generated/controllers/core"
|
|
|
|
"github.com/sirupsen/logrus"
|
|
|
|
)
|
|
|
|
|
|
|
|
func (c *Cluster) newListener(ctx context.Context) (net.Listener, http.Handler, error) {
|
|
|
|
tcp, err := dynamiclistener.NewTCPListener(c.config.BindAddress, c.config.HTTPSPort)
|
|
|
|
if err != nil {
|
|
|
|
return nil, nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
cert, key, err := factory.LoadCerts(c.runtime.ServerCA, c.runtime.ServerCAKey)
|
|
|
|
if err != nil {
|
|
|
|
return nil, nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
storage := tlsStorage(ctx, c.config.DataDir, c.runtime)
|
|
|
|
return dynamiclistener.NewListener(tcp, storage, cert, key, dynamiclistener.Config{
|
|
|
|
CN: "k3s",
|
|
|
|
Organization: []string{"k3s"},
|
|
|
|
TLSConfig: tls.Config{
|
|
|
|
ClientAuth: tls.RequestClientCert,
|
|
|
|
},
|
|
|
|
SANs: append(c.config.SANs, "localhost", "kubernetes", "kubernetes.default", "kubernetes.default.svc."+c.config.ClusterDomain),
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *Cluster) startClusterAndHTTPS(ctx context.Context) error {
|
|
|
|
l, handler, err := c.newListener(ctx)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
handler, err = c.getHandler(handler)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
l, handler, err = c.initClusterDB(ctx, l, handler)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
server := http.Server{
|
|
|
|
Handler: handler,
|
|
|
|
}
|
|
|
|
|
|
|
|
go func() {
|
|
|
|
err := server.Serve(l)
|
|
|
|
logrus.Fatalf("server stopped: %v", err)
|
|
|
|
}()
|
|
|
|
|
|
|
|
go func() {
|
|
|
|
<-ctx.Done()
|
|
|
|
server.Shutdown(context.Background())
|
|
|
|
}()
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func tlsStorage(ctx context.Context, dataDir string, runtime *config.ControlRuntime) dynamiclistener.TLSStorage {
|
|
|
|
fileStorage := file.New(filepath.Join(dataDir, "tls/dynamic-cert.json"))
|
|
|
|
cache := memory.NewBacked(fileStorage)
|
|
|
|
return kubernetes.New(ctx, func() *core.Factory {
|
|
|
|
return runtime.Core
|
|
|
|
}, "kube-system", "k3s-serving", cache)
|
|
|
|
}
|