From 6579c945599ca0f57a15179c8714d3da2513623c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lucas=20K=C3=A4ldstr=C3=B6m?= Date: Mon, 23 Jan 2017 13:15:19 +0200 Subject: [PATCH] Write ca.crt down to disk in kubeadm join --- cmd/kubeadm/app/cmd/BUILD | 2 ++ cmd/kubeadm/app/cmd/join.go | 16 ++++++++++++++-- cmd/kubeadm/app/cmd/reset.go | 22 ++++++++++++---------- cmd/kubeadm/app/preflight/BUILD | 1 + cmd/kubeadm/app/preflight/checks.go | 12 +++++++----- 5 files changed, 36 insertions(+), 17 deletions(-) diff --git a/cmd/kubeadm/app/cmd/BUILD b/cmd/kubeadm/app/cmd/BUILD index 646c48808f..c4d6725ca0 100644 --- a/cmd/kubeadm/app/cmd/BUILD +++ b/cmd/kubeadm/app/cmd/BUILD @@ -25,6 +25,7 @@ go_library( "//cmd/kubeadm/app/apis/kubeadm/v1alpha1:go_default_library", "//cmd/kubeadm/app/apis/kubeadm/validation:go_default_library", "//cmd/kubeadm/app/cmd/flags:go_default_library", + "//cmd/kubeadm/app/constants:go_default_library", "//cmd/kubeadm/app/discovery:go_default_library", "//cmd/kubeadm/app/master:go_default_library", "//cmd/kubeadm/app/node:go_default_library", @@ -46,6 +47,7 @@ go_library( "//vendor:k8s.io/apimachinery/pkg/fields", "//vendor:k8s.io/apimachinery/pkg/runtime", "//vendor:k8s.io/apimachinery/pkg/util/net", + "//vendor:k8s.io/client-go/pkg/util/cert", ], ) diff --git a/cmd/kubeadm/app/cmd/join.go b/cmd/kubeadm/app/cmd/join.go index 22545b11ef..fef38c594e 100644 --- a/cmd/kubeadm/app/cmd/join.go +++ b/cmd/kubeadm/app/cmd/join.go @@ -20,15 +20,17 @@ import ( "fmt" "io" "io/ioutil" - "path" + "path/filepath" "github.com/renstrom/dedent" "github.com/spf13/cobra" "k8s.io/apimachinery/pkg/runtime" + certutil "k8s.io/client-go/pkg/util/cert" kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm" kubeadmapiext "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1alpha1" "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/validation" + kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants" "k8s.io/kubernetes/cmd/kubeadm/app/discovery" kubenode "k8s.io/kubernetes/cmd/kubeadm/app/node" kubeconfigphase "k8s.io/kubernetes/cmd/kubeadm/app/phases/kubeconfig" @@ -136,10 +138,20 @@ func (j *Join) Run(out io.Writer) error { if err := kubenode.PerformTLSBootstrap(cfg); err != nil { return err } - if err := kubeconfigphase.WriteKubeconfigToDisk(path.Join(kubeadmapi.GlobalEnvParams.KubernetesDir, kubeconfigphase.KubeletKubeConfigFileName), cfg); err != nil { + + kubeconfigFile := filepath.Join(kubeadmapi.GlobalEnvParams.KubernetesDir, kubeconfigphase.KubeletKubeConfigFileName) + if err := kubeconfigphase.WriteKubeconfigToDisk(kubeconfigFile, cfg); err != nil { return err } + // Write the ca certificate to disk so kubelet can use it for authentication + cluster := cfg.Contexts[cfg.CurrentContext].Cluster + caCertFile := filepath.Join(kubeadmapi.GlobalEnvParams.KubernetesDir, kubeadmconstants.CACertName) + err = certutil.WriteCert(caCertFile, cfg.Clusters[cluster].CertificateAuthorityData) + if err != nil { + return fmt.Errorf("couldn't save the CA certificate to disk: %v", err) + } + fmt.Fprintf(out, joinDoneMsgf) return nil } diff --git a/cmd/kubeadm/app/cmd/reset.go b/cmd/kubeadm/app/cmd/reset.go index 5093778a5d..ae13d4be9f 100644 --- a/cmd/kubeadm/app/cmd/reset.go +++ b/cmd/kubeadm/app/cmd/reset.go @@ -21,12 +21,13 @@ import ( "io" "os" "os/exec" - "path" + "path/filepath" "strings" "github.com/spf13/cobra" kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm" + kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants" "k8s.io/kubernetes/cmd/kubeadm/app/phases/kubeconfig" "k8s.io/kubernetes/cmd/kubeadm/app/preflight" kubeadmutil "k8s.io/kubernetes/cmd/kubeadm/app/util" @@ -123,7 +124,7 @@ func (r *Reset) Run(out io.Writer) error { // Only clear etcd data when the etcd manifest is found. In case it is not found, we must assume that the user // provided external etcd endpoints. In that case, it is his own responsibility to reset etcd - etcdManifestPath := path.Join(kubeadmapi.GlobalEnvParams.KubernetesDir, "manifests/etcd.json") + etcdManifestPath := filepath.Join(kubeadmapi.GlobalEnvParams.KubernetesDir, "manifests/etcd.json") if _, err := os.Stat(etcdManifestPath); err == nil { dirsToClean = append(dirsToClean, "/var/lib/etcd") } else { @@ -151,7 +152,7 @@ func drainAndRemoveNode(removeNode bool) error { hostname = strings.ToLower(hostname) // TODO: Use the "native" k8s client for this once we're confident the versioned is working - kubeConfigPath := path.Join(kubeadmapi.GlobalEnvParams.KubernetesDir, kubeconfig.KubeletKubeConfigFileName) + kubeConfigPath := filepath.Join(kubeadmapi.GlobalEnvParams.KubernetesDir, kubeconfig.KubeletKubeConfigFileName) getNodesCmd := fmt.Sprintf("kubectl --kubeconfig %s get nodes | grep %s", kubeConfigPath, hostname) output, err := exec.Command("sh", "-c", getNodesCmd).Output() @@ -180,14 +181,14 @@ func drainAndRemoveNode(removeNode bool) error { } // cleanDir removes everything in a directory, but not the directory itself -func cleanDir(filepath string) error { +func cleanDir(filePath string) error { // If the directory doesn't even exist there's nothing to do, and we do // not consider this an error - if _, err := os.Stat(filepath); os.IsNotExist(err) { + if _, err := os.Stat(filePath); os.IsNotExist(err) { return nil } - d, err := os.Open(filepath) + d, err := os.Open(filePath) if err != nil { return err } @@ -197,7 +198,7 @@ func cleanDir(filepath string) error { return err } for _, name := range names { - err = os.RemoveAll(path.Join(filepath, name)) + err = os.RemoveAll(filepath.Join(filePath, name)) if err != nil { return err } @@ -208,7 +209,7 @@ func cleanDir(filepath string) error { // resetConfigDir is used to cleanup the files kubeadm writes in /etc/kubernetes/. func resetConfigDir(configPathDir, pkiPathDir string) { dirsToClean := []string{ - path.Join(configPathDir, "manifests"), + filepath.Join(configPathDir, "manifests"), pkiPathDir, } fmt.Printf("[reset] Deleting contents of config directories: %v\n", dirsToClean) @@ -220,8 +221,9 @@ func resetConfigDir(configPathDir, pkiPathDir string) { } filesToClean := []string{ - path.Join(configPathDir, kubeconfig.AdminKubeConfigFileName), - path.Join(configPathDir, kubeconfig.KubeletKubeConfigFileName), + filepath.Join(configPathDir, kubeconfig.AdminKubeConfigFileName), + filepath.Join(configPathDir, kubeconfig.KubeletKubeConfigFileName), + filepath.Join(configPathDir, kubeadmconstants.CACertName), } fmt.Printf("[reset] Deleting files: %v\n", filesToClean) for _, path := range filesToClean { diff --git a/cmd/kubeadm/app/preflight/BUILD b/cmd/kubeadm/app/preflight/BUILD index 48300a682d..2393315681 100644 --- a/cmd/kubeadm/app/preflight/BUILD +++ b/cmd/kubeadm/app/preflight/BUILD @@ -14,6 +14,7 @@ go_library( tags = ["automanaged"], deps = [ "//cmd/kubeadm/app/apis/kubeadm:go_default_library", + "//cmd/kubeadm/app/constants:go_default_library", "//cmd/kubeadm/app/phases/kubeconfig:go_default_library", "//pkg/api/validation:go_default_library", "//pkg/util/initsystem:go_default_library", diff --git a/cmd/kubeadm/app/preflight/checks.go b/cmd/kubeadm/app/preflight/checks.go index c816a3c4d4..2d3b4d5107 100644 --- a/cmd/kubeadm/app/preflight/checks.go +++ b/cmd/kubeadm/app/preflight/checks.go @@ -25,10 +25,11 @@ import ( "net/http" "os" "os/exec" - "path" + "path/filepath" utilerrors "k8s.io/apimachinery/pkg/util/errors" kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm" + kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants" "k8s.io/kubernetes/cmd/kubeadm/app/phases/kubeconfig" "k8s.io/kubernetes/pkg/api/validation" "k8s.io/kubernetes/pkg/util/initsystem" @@ -213,7 +214,7 @@ func (fcc FileContentCheck) Check() (warnings, errors []error) { } -// InPathCheck checks if the given executable is present in the path. +// InPathCheck checks if the given executable is present in the path type InPathCheck struct { executable string mandatory bool @@ -318,7 +319,7 @@ func RunInitMasterChecks(cfg *kubeadmapi.MasterConfiguration) error { PortOpenCheck{port: 10251}, PortOpenCheck{port: 10252}, HTTPProxyCheck{Proto: "https", Host: cfg.API.AdvertiseAddresses[0], Port: int(cfg.API.Port)}, - DirAvailableCheck{Path: path.Join(kubeadmapi.GlobalEnvParams.KubernetesDir, "manifests")}, + DirAvailableCheck{Path: filepath.Join(kubeadmapi.GlobalEnvParams.KubernetesDir, "manifests")}, DirAvailableCheck{Path: "/var/lib/kubelet"}, FileContentCheck{Path: bridgenf, Content: []byte{'1'}}, InPathCheck{executable: "ip", mandatory: true}, @@ -351,9 +352,10 @@ func RunJoinNodeChecks(cfg *kubeadmapi.NodeConfiguration) error { ServiceCheck{Service: "kubelet", CheckIfActive: false}, ServiceCheck{Service: "docker", CheckIfActive: true}, PortOpenCheck{port: 10250}, - DirAvailableCheck{Path: path.Join(kubeadmapi.GlobalEnvParams.KubernetesDir, "manifests")}, + DirAvailableCheck{Path: filepath.Join(kubeadmapi.GlobalEnvParams.KubernetesDir, "manifests")}, DirAvailableCheck{Path: "/var/lib/kubelet"}, - FileAvailableCheck{Path: path.Join(kubeadmapi.GlobalEnvParams.KubernetesDir, kubeconfig.KubeletKubeConfigFileName)}, + FileAvailableCheck{Path: filepath.Join(kubeadmapi.GlobalEnvParams.KubernetesDir, kubeadmconstants.CACertName)}, + FileAvailableCheck{Path: filepath.Join(kubeadmapi.GlobalEnvParams.KubernetesDir, kubeconfig.KubeletKubeConfigFileName)}, FileContentCheck{Path: bridgenf, Content: []byte{'1'}}, InPathCheck{executable: "ip", mandatory: true}, InPathCheck{executable: "iptables", mandatory: true},