github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fetch hacked easyrsa in kube-up instead of command run on master 

This is good because it removes an obstacle to using the
cluster/ubuntu scripting to install Kubernetes into a restricted
environment where the machines can not open connections to arbitrary
external locations.

Also add debuggability to make-ca-cert.sh

Resolves #21037
Resolves #21092
pull/6/head
Mike Spreitzer 2016-02-11 14:27:27 -05:00
parent 9d776d999d
commit 07d7cfd346
2 changed files with 19 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
cluster/saltbase/salt/generate-cert/make-ca-cert.sh
View File

@ -18,6 +18,10 @@ set -o errexit
set -o nounset set -o nounset
set -o pipefail set -o pipefail
if [ "${DEBUG}" == "true" ]; then
set -x
fi
cert_ip=$1 cert_ip=$1
extra_sans=${2:-} extra_sans=${2:-}
cert_dir=${CERT_DIR:-/srv/kubernetes} cert_dir=${CERT_DIR:-/srv/kubernetes}
@ -57,7 +61,14 @@ cd "${tmpdir}"
# #
# Due to GCS caching of public objects, it may take time for this to be widely # Due to GCS caching of public objects, it may take time for this to be widely
# distributed. # distributed.
curl -L -O https://storage.googleapis.com/kubernetes-release/easy-rsa/easy-rsa.tar.gz > /dev/null 2>&1 #
# Use ~/kube/easy-rsa.tar.gz if it exists, so that it can be
# pre-pushed in cases where an outgoing connection is not allowed.
if [ -f ~/kube/easy-rsa.tar.gz ]; then
ln -s ~/kube/easy-rsa.tar.gz .
else
curl -L -O https://storage.googleapis.com/kubernetes-release/easy-rsa/easy-rsa.tar.gz > /dev/null 2>&1
fi
tar xzf easy-rsa.tar.gz > /dev/null 2>&1 tar xzf easy-rsa.tar.gz > /dev/null 2>&1
cd easy-rsa-master/easyrsa3 cd easy-rsa-master/easyrsa3

9
cluster/ubuntu/util.sh
View File

@ -312,6 +312,9 @@ function kube-up() {
# downloading tarball release # downloading tarball release
"${KUBE_ROOT}/cluster/ubuntu/download-release.sh" "${KUBE_ROOT}/cluster/ubuntu/download-release.sh"
# Fetch the hacked easyrsa that make-ca-cert.sh will use
curl -L -O https://storage.googleapis.com/kubernetes-release/easy-rsa/easy-rsa.tar.gz > /dev/null 2>&1
setClusterInfo setClusterInfo
local ii=0 local ii=0
@ -357,6 +360,7 @@ function provision-master() {
# copy the binaries and scripts to the ~/kube directory on the master # copy the binaries and scripts to the ~/kube directory on the master
scp -r $SSH_OPTS \ scp -r $SSH_OPTS \
saltbase/salt/generate-cert/make-ca-cert.sh \ saltbase/salt/generate-cert/make-ca-cert.sh \
easy-rsa.tar.gz \
ubuntu/reconfDocker.sh \ ubuntu/reconfDocker.sh \
"${KUBE_CONFIG_FILE}" \ "${KUBE_CONFIG_FILE}" \
ubuntu/util.sh \ ubuntu/util.sh \
@ -404,7 +408,7 @@ function provision-master() {
cp ~/kube/init_scripts/* /etc/init.d/ cp ~/kube/init_scripts/* /etc/init.d/
groupadd -f -r kube-cert groupadd -f -r kube-cert
${PROXY_SETTING} ~/kube/make-ca-cert.sh \"${MASTER_IP}\" \"${EXTRA_SANS}\" ${PROXY_SETTING} DEBUG='${DEBUG}' ~/kube/make-ca-cert.sh \"${MASTER_IP}\" \"${EXTRA_SANS}\"
mkdir -p /opt/bin/ mkdir -p /opt/bin/
cp ~/kube/master/* /opt/bin/ cp ~/kube/master/* /opt/bin/
service etcd start service etcd start
@ -478,6 +482,7 @@ function provision-masterandnode() {
# scp order matters # scp order matters
scp -r $SSH_OPTS \ scp -r $SSH_OPTS \
saltbase/salt/generate-cert/make-ca-cert.sh \ saltbase/salt/generate-cert/make-ca-cert.sh \
easy-rsa.tar.gz \
"${KUBE_CONFIG_FILE}" \ "${KUBE_CONFIG_FILE}" \
ubuntu/util.sh \ ubuntu/util.sh \
ubuntu/minion/* \ ubuntu/minion/* \
@ -536,7 +541,7 @@ function provision-masterandnode() {
cp ~/kube/init_scripts/* /etc/init.d/ cp ~/kube/init_scripts/* /etc/init.d/
groupadd -f -r kube-cert groupadd -f -r kube-cert
${PROXY_SETTING} ~/kube/make-ca-cert.sh \"${MASTER_IP}\" \"${EXTRA_SANS}\" ${PROXY_SETTING} DEBUG='${DEBUG}' ~/kube/make-ca-cert.sh \"${MASTER_IP}\" \"${EXTRA_SANS}\"
mkdir -p /opt/bin/ mkdir -p /opt/bin/
cp ~/kube/master/* /opt/bin/ cp ~/kube/master/* /opt/bin/
cp ~/kube/minion/* /opt/bin/ cp ~/kube/minion/* /opt/bin/