mirror of https://github.com/k3s-io/k3s
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
120 lines
3.5 KiB
120 lines
3.5 KiB
6 months ago
|
package s3
|
||
|
|
||
|
import (
|
||
|
"encoding/base64"
|
||
|
"fmt"
|
||
|
"strconv"
|
||
|
"strings"
|
||
|
"time"
|
||
|
|
||
|
"github.com/k3s-io/k3s/pkg/daemons/config"
|
||
|
"github.com/k3s-io/k3s/pkg/util"
|
||
|
"github.com/sirupsen/logrus"
|
||
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||
|
)
|
||
|
|
||
|
var ErrNoConfigSecret = errNoConfigSecret()
|
||
|
|
||
|
type secretError struct {
|
||
|
err error
|
||
|
}
|
||
|
|
||
|
func (e *secretError) Error() string {
|
||
|
return fmt.Sprintf("failed to get etcd S3 config secret: %v", e.err)
|
||
|
}
|
||
|
|
||
|
func (e *secretError) Is(target error) bool {
|
||
|
switch target {
|
||
|
case ErrNoConfigSecret:
|
||
|
return true
|
||
|
}
|
||
|
return false
|
||
|
}
|
||
|
|
||
|
func errNoConfigSecret() error { return &secretError{} }
|
||
|
|
||
|
func (c *Controller) getConfigFromSecret(secretName string) (*config.EtcdS3, error) {
|
||
|
if c.core == nil {
|
||
|
return nil, &secretError{err: util.ErrCoreNotReady}
|
||
|
}
|
||
|
|
||
|
secret, err := c.core.V1().Secret().Get(metav1.NamespaceSystem, secretName, metav1.GetOptions{})
|
||
|
if err != nil {
|
||
|
return nil, &secretError{err: err}
|
||
|
}
|
||
|
|
||
|
etcdS3 := &config.EtcdS3{
|
||
|
AccessKey: string(secret.Data["etcd-s3-access-key"]),
|
||
|
Bucket: string(secret.Data["etcd-s3-bucket"]),
|
||
|
Endpoint: defaultEtcdS3.Endpoint,
|
||
|
Folder: string(secret.Data["etcd-s3-folder"]),
|
||
|
Proxy: string(secret.Data["etcd-s3-proxy"]),
|
||
|
Region: defaultEtcdS3.Region,
|
||
|
SecretKey: string(secret.Data["etcd-s3-secret-key"]),
|
||
|
Timeout: *defaultEtcdS3.Timeout.DeepCopy(),
|
||
|
}
|
||
|
|
||
|
// Set endpoint from secret if set
|
||
|
if v, ok := secret.Data["etcd-s3-endpoint"]; ok {
|
||
|
etcdS3.Endpoint = string(v)
|
||
|
}
|
||
|
|
||
|
// Set region from secret if set
|
||
|
if v, ok := secret.Data["etcd-s3-region"]; ok {
|
||
|
etcdS3.Region = string(v)
|
||
|
}
|
||
|
|
||
|
// Set timeout from secret if set
|
||
|
if v, ok := secret.Data["etcd-s3-timeout"]; ok {
|
||
|
if duration, err := time.ParseDuration(string(v)); err != nil {
|
||
|
logrus.Warnf("Failed to parse etcd-s3-timeout value from S3 config secret %s: %v", secretName, err)
|
||
|
} else {
|
||
|
etcdS3.Timeout.Duration = duration
|
||
|
}
|
||
|
}
|
||
|
|
||
|
// configure ssl verification, if value can be parsed
|
||
|
if v, ok := secret.Data["etcd-s3-skip-ssl-verify"]; ok {
|
||
|
if b, err := strconv.ParseBool(string(v)); err != nil {
|
||
|
logrus.Warnf("Failed to parse etcd-s3-skip-ssl-verify value from S3 config secret %s: %v", secretName, err)
|
||
|
} else {
|
||
|
etcdS3.SkipSSLVerify = b
|
||
|
}
|
||
|
}
|
||
|
|
||
|
// configure insecure http, if value can be parsed
|
||
|
if v, ok := secret.Data["etcd-s3-insecure"]; ok {
|
||
|
if b, err := strconv.ParseBool(string(v)); err != nil {
|
||
|
logrus.Warnf("Failed to parse etcd-s3-insecure value from S3 config secret %s: %v", secretName, err)
|
||
|
} else {
|
||
|
etcdS3.Insecure = b
|
||
|
}
|
||
|
}
|
||
|
|
||
|
// encode CA bundles from value, and keys in configmap if one is named
|
||
|
caBundles := []string{}
|
||
|
// Add inline CA bundle if set
|
||
|
if len(secret.Data["etcd-s3-endpoint-ca"]) > 0 {
|
||
|
caBundles = append(caBundles, base64.StdEncoding.EncodeToString(secret.Data["etcd-s3-endpoint-ca"]))
|
||
|
}
|
||
|
|
||
|
// Add CA bundles from named configmap if set
|
||
|
if caConfigMapName := string(secret.Data["etcd-s3-endpoint-ca-name"]); caConfigMapName != "" {
|
||
|
configMap, err := c.core.V1().ConfigMap().Get(metav1.NamespaceSystem, caConfigMapName, metav1.GetOptions{})
|
||
|
if err != nil {
|
||
|
logrus.Warnf("Failed to get ConfigMap %s for etcd-s3-endpoint-ca-name value from S3 config secret %s: %v", caConfigMapName, secretName, err)
|
||
|
} else {
|
||
|
for _, v := range configMap.Data {
|
||
|
caBundles = append(caBundles, base64.StdEncoding.EncodeToString([]byte(v)))
|
||
|
}
|
||
|
for _, v := range configMap.BinaryData {
|
||
|
caBundles = append(caBundles, base64.StdEncoding.EncodeToString(v))
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
// Concatenate all requested CA bundle strings into config var
|
||
|
etcdS3.EndpointCA = strings.Join(caBundles, " ")
|
||
|
return etcdS3, nil
|
||
|
}
|