github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Write ca.crt down to disk in kubeadm join

pull/6/head
Lucas Käldström 2017-01-23 13:15:19 +02:00
parent 22ce0fdf2d
commit 6579c94559
No known key found for this signature in database
GPG Key ID: 3FA3783D77751514
5 changed files with 36 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/kubeadm/app/cmd/BUILD
View File

@ -25,6 +25,7 @@ go_library(
"//cmd/kubeadm/app/apis/kubeadm/v1alpha1:go_default_library", "//cmd/kubeadm/app/apis/kubeadm/v1alpha1:go_default_library",
"//cmd/kubeadm/app/apis/kubeadm/validation:go_default_library", "//cmd/kubeadm/app/apis/kubeadm/validation:go_default_library",
"//cmd/kubeadm/app/cmd/flags:go_default_library", "//cmd/kubeadm/app/cmd/flags:go_default_library",
"//cmd/kubeadm/app/constants:go_default_library",
"//cmd/kubeadm/app/discovery:go_default_library", "//cmd/kubeadm/app/discovery:go_default_library",
"//cmd/kubeadm/app/master:go_default_library", "//cmd/kubeadm/app/master:go_default_library",
"//cmd/kubeadm/app/node:go_default_library", "//cmd/kubeadm/app/node:go_default_library",
@ -46,6 +47,7 @@ go_library(
"//vendor:k8s.io/apimachinery/pkg/fields", "//vendor:k8s.io/apimachinery/pkg/fields",
"//vendor:k8s.io/apimachinery/pkg/runtime", "//vendor:k8s.io/apimachinery/pkg/runtime",
"//vendor:k8s.io/apimachinery/pkg/util/net", "//vendor:k8s.io/apimachinery/pkg/util/net",
"//vendor:k8s.io/client-go/pkg/util/cert",
], ],
) )

16
cmd/kubeadm/app/cmd/join.go
View File

@ -20,15 +20,17 @@ import (
"fmt" "fmt"
"io" "io"
"io/ioutil" "io/ioutil"
"path" "path/filepath"
"github.com/renstrom/dedent" "github.com/renstrom/dedent"
"github.com/spf13/cobra" "github.com/spf13/cobra"
"k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime"
certutil "k8s.io/client-go/pkg/util/cert"
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm" kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
kubeadmapiext "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1alpha1" kubeadmapiext "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1alpha1"
"k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/validation" "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/validation"
kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants"
"k8s.io/kubernetes/cmd/kubeadm/app/discovery" "k8s.io/kubernetes/cmd/kubeadm/app/discovery"
kubenode "k8s.io/kubernetes/cmd/kubeadm/app/node" kubenode "k8s.io/kubernetes/cmd/kubeadm/app/node"
kubeconfigphase "k8s.io/kubernetes/cmd/kubeadm/app/phases/kubeconfig" kubeconfigphase "k8s.io/kubernetes/cmd/kubeadm/app/phases/kubeconfig"
@ -136,10 +138,20 @@ func (j *Join) Run(out io.Writer) error {
if err := kubenode.PerformTLSBootstrap(cfg); err != nil { if err := kubenode.PerformTLSBootstrap(cfg); err != nil {
return err return err
} }
if err := kubeconfigphase.WriteKubeconfigToDisk(path.Join(kubeadmapi.GlobalEnvParams.KubernetesDir, kubeconfigphase.KubeletKubeConfigFileName), cfg); err != nil {
kubeconfigFile := filepath.Join(kubeadmapi.GlobalEnvParams.KubernetesDir, kubeconfigphase.KubeletKubeConfigFileName)
if err := kubeconfigphase.WriteKubeconfigToDisk(kubeconfigFile, cfg); err != nil {
return err return err
} }
// Write the ca certificate to disk so kubelet can use it for authentication
cluster := cfg.Contexts[cfg.CurrentContext].Cluster
caCertFile := filepath.Join(kubeadmapi.GlobalEnvParams.KubernetesDir, kubeadmconstants.CACertName)
err = certutil.WriteCert(caCertFile, cfg.Clusters[cluster].CertificateAuthorityData)
if err != nil {
return fmt.Errorf("couldn't save the CA certificate to disk: %v", err)
}
fmt.Fprintf(out, joinDoneMsgf) fmt.Fprintf(out, joinDoneMsgf)
return nil return nil
} }

22
cmd/kubeadm/app/cmd/reset.go
View File

@ -21,12 +21,13 @@ import (
"io" "io"
"os" "os"
"os/exec" "os/exec"
"path" "path/filepath"
"strings" "strings"
"github.com/spf13/cobra" "github.com/spf13/cobra"
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm" kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants"
"k8s.io/kubernetes/cmd/kubeadm/app/phases/kubeconfig" "k8s.io/kubernetes/cmd/kubeadm/app/phases/kubeconfig"
"k8s.io/kubernetes/cmd/kubeadm/app/preflight" "k8s.io/kubernetes/cmd/kubeadm/app/preflight"
kubeadmutil "k8s.io/kubernetes/cmd/kubeadm/app/util" kubeadmutil "k8s.io/kubernetes/cmd/kubeadm/app/util"
@ -123,7 +124,7 @@ func (r *Reset) Run(out io.Writer) error {
// Only clear etcd data when the etcd manifest is found. In case it is not found, we must assume that the user // Only clear etcd data when the etcd manifest is found. In case it is not found, we must assume that the user
// provided external etcd endpoints. In that case, it is his own responsibility to reset etcd // provided external etcd endpoints. In that case, it is his own responsibility to reset etcd
etcdManifestPath := path.Join(kubeadmapi.GlobalEnvParams.KubernetesDir, "manifests/etcd.json") etcdManifestPath := filepath.Join(kubeadmapi.GlobalEnvParams.KubernetesDir, "manifests/etcd.json")
if _, err := os.Stat(etcdManifestPath); err == nil { if _, err := os.Stat(etcdManifestPath); err == nil {
dirsToClean = append(dirsToClean, "/var/lib/etcd") dirsToClean = append(dirsToClean, "/var/lib/etcd")
} else { } else {
@ -151,7 +152,7 @@ func drainAndRemoveNode(removeNode bool) error {
hostname = strings.ToLower(hostname) hostname = strings.ToLower(hostname)
// TODO: Use the "native" k8s client for this once we're confident the versioned is working // TODO: Use the "native" k8s client for this once we're confident the versioned is working
kubeConfigPath := path.Join(kubeadmapi.GlobalEnvParams.KubernetesDir, kubeconfig.KubeletKubeConfigFileName) kubeConfigPath := filepath.Join(kubeadmapi.GlobalEnvParams.KubernetesDir, kubeconfig.KubeletKubeConfigFileName)
getNodesCmd := fmt.Sprintf("kubectl --kubeconfig %s get nodes | grep %s", kubeConfigPath, hostname) getNodesCmd := fmt.Sprintf("kubectl --kubeconfig %s get nodes | grep %s", kubeConfigPath, hostname)
output, err := exec.Command("sh", "-c", getNodesCmd).Output() output, err := exec.Command("sh", "-c", getNodesCmd).Output()
@ -180,14 +181,14 @@ func drainAndRemoveNode(removeNode bool) error {
} }
// cleanDir removes everything in a directory, but not the directory itself // cleanDir removes everything in a directory, but not the directory itself
func cleanDir(filepath string) error { func cleanDir(filePath string) error {
// If the directory doesn't even exist there's nothing to do, and we do // If the directory doesn't even exist there's nothing to do, and we do
// not consider this an error // not consider this an error
if _, err := os.Stat(filepath); os.IsNotExist(err) { if _, err := os.Stat(filePath); os.IsNotExist(err) {
return nil return nil
} }
d, err := os.Open(filepath) d, err := os.Open(filePath)
if err != nil { if err != nil {
return err return err
} }
@ -197,7 +198,7 @@ func cleanDir(filepath string) error {
return err return err
} }
for _, name := range names { for _, name := range names {
err = os.RemoveAll(path.Join(filepath, name)) err = os.RemoveAll(filepath.Join(filePath, name))
if err != nil { if err != nil {
return err return err
} }
@ -208,7 +209,7 @@ func cleanDir(filepath string) error {
// resetConfigDir is used to cleanup the files kubeadm writes in /etc/kubernetes/. // resetConfigDir is used to cleanup the files kubeadm writes in /etc/kubernetes/.
func resetConfigDir(configPathDir, pkiPathDir string) { func resetConfigDir(configPathDir, pkiPathDir string) {
dirsToClean := []string{ dirsToClean := []string{
path.Join(configPathDir, "manifests"), filepath.Join(configPathDir, "manifests"),
pkiPathDir, pkiPathDir,
} }
fmt.Printf("[reset] Deleting contents of config directories: %v\n", dirsToClean) fmt.Printf("[reset] Deleting contents of config directories: %v\n", dirsToClean)
@ -220,8 +221,9 @@ func resetConfigDir(configPathDir, pkiPathDir string) {
} }
filesToClean := []string{ filesToClean := []string{
path.Join(configPathDir, kubeconfig.AdminKubeConfigFileName), filepath.Join(configPathDir, kubeconfig.AdminKubeConfigFileName),
path.Join(configPathDir, kubeconfig.KubeletKubeConfigFileName), filepath.Join(configPathDir, kubeconfig.KubeletKubeConfigFileName),
filepath.Join(configPathDir, kubeadmconstants.CACertName),
} }
fmt.Printf("[reset] Deleting files: %v\n", filesToClean) fmt.Printf("[reset] Deleting files: %v\n", filesToClean)
for _, path := range filesToClean { for _, path := range filesToClean {

1
cmd/kubeadm/app/preflight/BUILD
View File

@ -14,6 +14,7 @@ go_library(
tags = ["automanaged"], tags = ["automanaged"],
deps = [ deps = [
"//cmd/kubeadm/app/apis/kubeadm:go_default_library", "//cmd/kubeadm/app/apis/kubeadm:go_default_library",
"//cmd/kubeadm/app/constants:go_default_library",
"//cmd/kubeadm/app/phases/kubeconfig:go_default_library", "//cmd/kubeadm/app/phases/kubeconfig:go_default_library",
"//pkg/api/validation:go_default_library", "//pkg/api/validation:go_default_library",
"//pkg/util/initsystem:go_default_library", "//pkg/util/initsystem:go_default_library",

12
cmd/kubeadm/app/preflight/checks.go
View File

@ -25,10 +25,11 @@ import (
"net/http" "net/http"
"os" "os"
"os/exec" "os/exec"
"path" "path/filepath"
utilerrors "k8s.io/apimachinery/pkg/util/errors" utilerrors "k8s.io/apimachinery/pkg/util/errors"
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm" kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants"
"k8s.io/kubernetes/cmd/kubeadm/app/phases/kubeconfig" "k8s.io/kubernetes/cmd/kubeadm/app/phases/kubeconfig"
"k8s.io/kubernetes/pkg/api/validation" "k8s.io/kubernetes/pkg/api/validation"
"k8s.io/kubernetes/pkg/util/initsystem" "k8s.io/kubernetes/pkg/util/initsystem"
@ -213,7 +214,7 @@ func (fcc FileContentCheck) Check() (warnings, errors []error) {
} }
// InPathCheck checks if the given executable is present in the path. // InPathCheck checks if the given executable is present in the path
type InPathCheck struct { type InPathCheck struct {
executable string executable string
mandatory bool mandatory bool
@ -318,7 +319,7 @@ func RunInitMasterChecks(cfg *kubeadmapi.MasterConfiguration) error {
PortOpenCheck{port: 10251}, PortOpenCheck{port: 10251},
PortOpenCheck{port: 10252}, PortOpenCheck{port: 10252},
HTTPProxyCheck{Proto: "https", Host: cfg.API.AdvertiseAddresses[0], Port: int(cfg.API.Port)}, HTTPProxyCheck{Proto: "https", Host: cfg.API.AdvertiseAddresses[0], Port: int(cfg.API.Port)},
DirAvailableCheck{Path: path.Join(kubeadmapi.GlobalEnvParams.KubernetesDir, "manifests")}, DirAvailableCheck{Path: filepath.Join(kubeadmapi.GlobalEnvParams.KubernetesDir, "manifests")},
DirAvailableCheck{Path: "/var/lib/kubelet"}, DirAvailableCheck{Path: "/var/lib/kubelet"},
FileContentCheck{Path: bridgenf, Content: []byte{'1'}}, FileContentCheck{Path: bridgenf, Content: []byte{'1'}},
InPathCheck{executable: "ip", mandatory: true}, InPathCheck{executable: "ip", mandatory: true},
@ -351,9 +352,10 @@ func RunJoinNodeChecks(cfg *kubeadmapi.NodeConfiguration) error {
ServiceCheck{Service: "kubelet", CheckIfActive: false}, ServiceCheck{Service: "kubelet", CheckIfActive: false},
ServiceCheck{Service: "docker", CheckIfActive: true}, ServiceCheck{Service: "docker", CheckIfActive: true},
PortOpenCheck{port: 10250}, PortOpenCheck{port: 10250},
DirAvailableCheck{Path: path.Join(kubeadmapi.GlobalEnvParams.KubernetesDir, "manifests")}, DirAvailableCheck{Path: filepath.Join(kubeadmapi.GlobalEnvParams.KubernetesDir, "manifests")},
DirAvailableCheck{Path: "/var/lib/kubelet"}, DirAvailableCheck{Path: "/var/lib/kubelet"},
FileAvailableCheck{Path: path.Join(kubeadmapi.GlobalEnvParams.KubernetesDir, kubeconfig.KubeletKubeConfigFileName)}, FileAvailableCheck{Path: filepath.Join(kubeadmapi.GlobalEnvParams.KubernetesDir, kubeadmconstants.CACertName)},
FileAvailableCheck{Path: filepath.Join(kubeadmapi.GlobalEnvParams.KubernetesDir, kubeconfig.KubeletKubeConfigFileName)},
FileContentCheck{Path: bridgenf, Content: []byte{'1'}}, FileContentCheck{Path: bridgenf, Content: []byte{'1'}},
InPathCheck{executable: "ip", mandatory: true}, InPathCheck{executable: "ip", mandatory: true},
InPathCheck{executable: "iptables", mandatory: true}, InPathCheck{executable: "iptables", mandatory: true},