From 523e1d0d8cf830ed7cbf6f2a7d1131610a34c3df Mon Sep 17 00:00:00 2001 From: Justin Santa Barbara Date: Sat, 5 Mar 2016 15:50:28 -0500 Subject: [PATCH] Ubernetes-Lite: reuse existing configuration when reusing master In particular, we need to share the kubelet cert & key, otherwise we can't connect to the kube-api. Fix #22593 --- cluster/aws/util.sh | 20 ++++++++++++++++++-- cluster/common.sh | 26 ++++++++++++++++++++++++++ cluster/gce/util.sh | 14 ++++++++++++++ 3 files changed, 58 insertions(+), 2 deletions(-) diff --git a/cluster/aws/util.sh b/cluster/aws/util.sh index 96882dbd59..d79439cb40 100755 --- a/cluster/aws/util.sh +++ b/cluster/aws/util.sh @@ -190,6 +190,16 @@ function detect-master() { echo "Using master: $KUBE_MASTER (external IP: $KUBE_MASTER_IP)" } +# Reads kube-env metadata from master +# +# Assumed vars: +# KUBE_MASTER_IP +# AWS_SSH_KEY +# SSH_USER +function get-master-env() { + ssh -oStrictHostKeyChecking=no -i "${AWS_SSH_KEY}" ${SSH_USER}@${KUBE_MASTER_IP} sudo cat /etc/kubernetes/kube_env.yaml +} + function query-running-minions () { local query=$1 @@ -453,8 +463,14 @@ function authorize-security-group-ingress { function find-master-pd { local name=${MASTER_NAME}-pd if [[ -z "${MASTER_DISK_ID}" ]]; then + local zone_filter="Name=availability-zone,Values=${ZONE}" + if [[ "${KUBE_USE_EXISTING_MASTER:-}" == "true" ]]; then + # If we're reusing an existing master, it is likely to be in another zone + # If running multizone, your cluster must be uniquely named across zones + zone_filter="" + fi MASTER_DISK_ID=`$AWS_CMD describe-volumes \ - --filters Name=availability-zone,Values=${ZONE} \ + --filters ${zone_filter} \ Name=tag:Name,Values=${name} \ Name=tag:KubernetesCluster,Values=${CLUSTER_ID} \ --query Volumes[].VolumeId` @@ -927,8 +943,8 @@ function kube-up { # KUBE_USE_EXISTING_MASTER is used to add minions to an existing master if [[ "${KUBE_USE_EXISTING_MASTER:-}" == "true" ]]; then - # Detect existing master detect-master + parse-master-env # Start minions start-minions diff --git a/cluster/common.sh b/cluster/common.sh index 77e4fe0074..62a7a24005 100755 --- a/cluster/common.sh +++ b/cluster/common.sh @@ -715,3 +715,29 @@ function create-certs { KUBECFG_CERT_BASE64=$(cat "${CERT_DIR}/pki/issued/kubecfg.crt" | base64 | tr -d '\r\n') KUBECFG_KEY_BASE64=$(cat "${CERT_DIR}/pki/private/kubecfg.key" | base64 | tr -d '\r\n') } + +# +# Using provided master env, extracts value from provided key. +# +# Args: +# $1 master env (kube-env of master; result of calling get-master-env) +# $2 env key to use +function get-env-val() { + local match=`(echo "${1}" | grep ${2}) || echo ""` + if [[ -z ${match} ]]; then + echo "" + fi + echo ${match} | cut -d : -f 2 | cut -d \' -f 2 +} + +# Load the master env by calling get-master-env, and extract important values +function parse-master-env() { + # Get required master env vars + local master_env=$(get-master-env) + KUBELET_TOKEN=$(get-env-val "${master_env}" "KUBELET_TOKEN") + KUBE_PROXY_TOKEN=$(get-env-val "${master_env}" "KUBE_PROXY_TOKEN") + CA_CERT_BASE64=$(get-env-val "${master_env}" "CA_CERT") + EXTRA_DOCKER_OPTS=$(get-env-val "${master_env}" "EXTRA_DOCKER_OPTS") + KUBELET_CERT_BASE64=$(get-env-val "${master_env}" "KUBELET_CERT") + KUBELET_KEY_BASE64=$(get-env-val "${master_env}" "KUBELET_KEY") +} diff --git a/cluster/gce/util.sh b/cluster/gce/util.sh index 2b11b6e229..65a7f838b8 100755 --- a/cluster/gce/util.sh +++ b/cluster/gce/util.sh @@ -325,6 +325,19 @@ function detect-master () { echo "Using master: $KUBE_MASTER (external IP: $KUBE_MASTER_IP)" } +# Reads kube-env metadata from master +# +# Assumed vars: +# KUBE_MASTER +# PROJECT +# ZONE +function get-master-env() { + # TODO(zmerlynn): Make this more reliable with retries. + gcloud compute --project ${PROJECT} ssh --zone ${ZONE} ${KUBE_MASTER} --command \ + "curl --fail --silent -H 'Metadata-Flavor: Google' \ + 'http://metadata/computeMetadata/v1/instance/attributes/kube-env'" 2>/dev/null +} + # Robustly try to create a static ip. # $1: The name of the ip to create # $2: The name of the region to create the ip in. @@ -523,6 +536,7 @@ function kube-up { set_num_migs if [[ ${KUBE_USE_EXISTING_MASTER:-} == "true" ]]; then + parse-master-env create-nodes create-autoscaler else