mirror of https://github.com/k3s-io/k3s
feedback 1
fabriziopandini
Lubomir I. Ivanov
parent
911f6ea43e
commit
3b26c28dc0
|
|
@ -53,7 +53,7 @@ func For(cfg *kubeadmapi.JoinConfiguration) (*clientcmdapi.Config, error) {
|
||||||
clusterinfo := kubeconfigutil.GetClusterFromKubeConfig(config)
|
clusterinfo := kubeconfigutil.GetClusterFromKubeConfig(config)
|
||||||
return kubeconfigutil.CreateWithToken(
|
return kubeconfigutil.CreateWithToken(
|
||||||
clusterinfo.Server,
|
clusterinfo.Server,
|
||||||
kubeadmapiv1beta2.DefaultClusterName,
|
kubeadmapiv1beta1.DefaultClusterName,
|
||||||
TokenUser,
|
TokenUser,
|
||||||
clusterinfo.CertificateAuthorityData,
|
clusterinfo.CertificateAuthorityData,
|
||||||
cfg.Discovery.TLSBootstrapToken,
|
cfg.Discovery.TLSBootstrapToken,
|
||||||
|
|
@ -66,7 +66,7 @@ func For(cfg *kubeadmapi.JoinConfiguration) (*clientcmdapi.Config, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// if there are no authentication credentials (nor in the config returned from discovery, nor in the TLSBootstrapToken), fail
|
// if there are no authentication credentials (nor in the config returned from discovery, nor in the TLSBootstrapToken), fail
|
||||||
return nil, errors.New("couldn't find authentication credentials for the TLS boostrap process. Please use Token discovery, a discovery file with embedded authentication credentials or a discovery file without authentication credentials and the TLSBootstrapToken flag")
|
return nil, errors.New("couldn't find authentication credentials for the TLS boostrap process. Please use Token discovery, a discovery file with embedded authentication credentials or a discovery file without authentication credentials but with the TLSBootstrapToken flag")
|
||||||
}
|
}
|
||||||
|
|
||||||
// DiscoverValidatedKubeConfig returns a validated Config object that specifies where the cluster is and the CA cert to trust
|
// DiscoverValidatedKubeConfig returns a validated Config object that specifies where the cluster is and the CA cert to trust
|
||||||
|
|
|
||||||
|
|
@ -53,14 +53,14 @@ func ValidateConfigInfo(config *clientcmdapi.Config, clustername string) (*clien
|
||||||
|
|
||||||
var kubeconfig *clientcmdapi.Config
|
var kubeconfig *clientcmdapi.Config
|
||||||
|
|
||||||
// If the discovery file config contains a authentication credentials
|
// If the discovery file config contains authentication credentials
|
||||||
if kubeconfigutil.HasAuthenticationCredentials(config) {
|
if kubeconfigutil.HasAuthenticationCredentials(config) {
|
||||||
klog.V(1).Info("[discovery] Using authentication credentials from the discovery file for validating TLS connection")
|
klog.V(1).Info("[discovery] Using authentication credentials from the discovery file for validating TLS connection")
|
||||||
|
|
||||||
// Use the discovery file config for starting the join process
|
// Use the discovery file config for starting the join process
|
||||||
kubeconfig = config
|
kubeconfig = config
|
||||||
|
|
||||||
// We should ensure that all the authentication info are embedded in config file, so everything will work also when
|
// We should ensure that all the authentication info is embedded in config file, so everything will work also when
|
||||||
// the kubeconfig file will be stored in /etc/kubernetes/boostrap-kubelet.conf
|
// the kubeconfig file will be stored in /etc/kubernetes/boostrap-kubelet.conf
|
||||||
if err := kubeconfigutil.EnsureAuthenticationInfoAreEmbedded(kubeconfig); err != nil {
|
if err := kubeconfigutil.EnsureAuthenticationInfoAreEmbedded(kubeconfig); err != nil {
|
||||||
return nil, errors.Wrap(err, "error while reading client cert file or client key file")
|
return nil, errors.Wrap(err, "error while reading client cert file or client key file")
|
||||||
|
|
@ -87,7 +87,7 @@ func ValidateConfigInfo(config *clientcmdapi.Config, clustername string) (*clien
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
var currentCluster = kubeconfigutil.GetClusterFromKubeConfig(kubeconfig)
|
currentCluster := kubeconfigutil.GetClusterFromKubeConfig(kubeconfig)
|
||||||
klog.V(1).Infof("[discovery] Created cluster-info discovery client, requesting info from %q\n", currentCluster.Server)
|
klog.V(1).Infof("[discovery] Created cluster-info discovery client, requesting info from %q\n", currentCluster.Server)
|
||||||
|
|
||||||
var clusterinfoCM *v1.ConfigMap
|
var clusterinfoCM *v1.ConfigMap
|
||||||
|
|
@ -101,7 +101,7 @@ func ValidateConfigInfo(config *clientcmdapi.Config, clustername string) (*clien
|
||||||
klog.Warningf("[discovery] Could not access the %s ConfigMap for refreshing the cluster-info information, but the TLS cert is valid so proceeding...\n", bootstrapapi.ConfigMapClusterInfo)
|
klog.Warningf("[discovery] Could not access the %s ConfigMap for refreshing the cluster-info information, but the TLS cert is valid so proceeding...\n", bootstrapapi.ConfigMapClusterInfo)
|
||||||
return true, nil
|
return true, nil
|
||||||
}
|
}
|
||||||
klog.V(1).Infof("[discovery] Error reading the %s ConfigMap, will try again: [%v]\n", bootstrapapi.ConfigMapClusterInfo, err)
|
klog.V(1).Infof("[discovery] Error reading the %s ConfigMap, will try again: %v\n", bootstrapapi.ConfigMapClusterInfo, err)
|
||||||
return false, nil
|
return false, nil
|
||||||
}
|
}
|
||||||
return true, nil
|
return true, nil
|
||||||
|
|
@ -119,11 +119,11 @@ func ValidateConfigInfo(config *clientcmdapi.Config, clustername string) (*clien
|
||||||
return kubeconfig, nil
|
return kubeconfig, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
var refreshedCluster = kubeconfigutil.GetClusterFromKubeConfig(refreshedBaseKubeConfig)
|
refreshedCluster := kubeconfigutil.GetClusterFromKubeConfig(refreshedBaseKubeConfig)
|
||||||
currentCluster.Server = refreshedCluster.Server
|
currentCluster.Server = refreshedCluster.Server
|
||||||
currentCluster.CertificateAuthorityData = refreshedCluster.CertificateAuthorityData
|
currentCluster.CertificateAuthorityData = refreshedCluster.CertificateAuthorityData
|
||||||
|
|
||||||
klog.V(1).Infof("[discovery] Synced server and CA from the %s ConfigMap so we have got the latest information", bootstrapapi.ConfigMapClusterInfo)
|
klog.V(1).Infof("[discovery] Synced Server and CertificateAuthorityData from the %s ConfigMap", bootstrapapi.ConfigMapClusterInfo)
|
||||||
return kubeconfig, nil
|
return kubeconfig, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -171,11 +171,8 @@ func EnsureAuthenticationInfoAreEmbedded(config *clientcmdapi.Config) error {
|
||||||
|
|
||||||
// getCurrentAuthInfo returns current authInfo, if defined
|
// getCurrentAuthInfo returns current authInfo, if defined
|
||||||
func getCurrentAuthInfo(config *clientcmdapi.Config) *clientcmdapi.AuthInfo {
|
func getCurrentAuthInfo(config *clientcmdapi.Config) *clientcmdapi.AuthInfo {
|
||||||
if config == nil || config.CurrentContext == "" {
|
if config == nil || config.CurrentContext == "" ||
|
||||||
return nil
|
len(config.Contexts) == 0 || config.Contexts[config.CurrentContext] == nil {
|
||||||
}
|
|
||||||
|
|
||||||
if len(config.Contexts) == 0 || config.Contexts[config.CurrentContext] == nil {
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
user := config.Contexts[config.CurrentContext].AuthInfo
|
user := config.Contexts[config.CurrentContext].AuthInfo
|
||||||
|
|
|
||||||
|
|
@ -206,12 +206,12 @@ func TestGetCurrentAuthInfo(t *testing.T) {
|
||||||
expected: false,
|
expected: false,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "no CurrentContext object 1",
|
name: "no CurrentContext object",
|
||||||
config: &clientcmdapi.Config{CurrentContext: "kubernetes"},
|
config: &clientcmdapi.Config{CurrentContext: "kubernetes"},
|
||||||
expected: false,
|
expected: false,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "no CurrentContext object ",
|
name: "CurrentContext object with bad contents",
|
||||||
config: &clientcmdapi.Config{
|
config: &clientcmdapi.Config{
|
||||||
CurrentContext: "kubernetes",
|
CurrentContext: "kubernetes",
|
||||||
Contexts: map[string]*clientcmdapi.Context{"NOTkubernetes": {}},
|
Contexts: map[string]*clientcmdapi.Context{"NOTkubernetes": {}},
|
||||||
|
|
@ -227,7 +227,7 @@ func TestGetCurrentAuthInfo(t *testing.T) {
|
||||||
expected: false,
|
expected: false,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "no AuthInfo object 1",
|
name: "no AuthInfo object",
|
||||||
config: &clientcmdapi.Config{
|
config: &clientcmdapi.Config{
|
||||||
CurrentContext: "kubernetes",
|
CurrentContext: "kubernetes",
|
||||||
Contexts: map[string]*clientcmdapi.Context{"kubernetes": {AuthInfo: "kubernetes"}},
|
Contexts: map[string]*clientcmdapi.Context{"kubernetes": {AuthInfo: "kubernetes"}},
|
||||||
|
|
@ -235,7 +235,7 @@ func TestGetCurrentAuthInfo(t *testing.T) {
|
||||||
expected: false,
|
expected: false,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "no AuthInfo object 2",
|
name: "AuthInfo object with bad contents",
|
||||||
config: &clientcmdapi.Config{
|
config: &clientcmdapi.Config{
|
||||||
CurrentContext: "kubernetes",
|
CurrentContext: "kubernetes",
|
||||||
Contexts: map[string]*clientcmdapi.Context{"kubernetes": {AuthInfo: "kubernetes"}},
|
Contexts: map[string]*clientcmdapi.Context{"kubernetes": {AuthInfo: "kubernetes"}},
|
||||||
|
|
@ -244,7 +244,7 @@ func TestGetCurrentAuthInfo(t *testing.T) {
|
||||||
expected: false,
|
expected: false,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "authInfo",
|
name: "valid AuthInfo",
|
||||||
config: &clientcmdapi.Config{
|
config: &clientcmdapi.Config{
|
||||||
CurrentContext: "kubernetes",
|
CurrentContext: "kubernetes",
|
||||||
Contexts: map[string]*clientcmdapi.Context{"kubernetes": {AuthInfo: "kubernetes"}},
|
Contexts: map[string]*clientcmdapi.Context{"kubernetes": {AuthInfo: "kubernetes"}},
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue