diff --git a/cluster/aws/util.sh b/cluster/aws/util.sh index 3a3d7c759b..8d0f03090e 100755 --- a/cluster/aws/util.sh +++ b/cluster/aws/util.sh @@ -1304,7 +1304,11 @@ function build-config() { export CONTEXT="aws_${INSTANCE_PREFIX}" ( umask 077 + + # Update the user's kubeconfig to include credentials for this apiserver. create-kubeconfig + + create-kubeconfig-for-federation ) } diff --git a/cluster/common.sh b/cluster/common.sh index 36d1ed9df6..fbf8f3f8c1 100755 --- a/cluster/common.sh +++ b/cluster/common.sh @@ -152,6 +152,19 @@ function clear-kubeconfig() { echo "Cleared config for ${CONTEXT} from ${KUBECONFIG}" } +# Creates a kubeconfig file with the credentials for only the current-context +# cluster. This is used by federation to create secrets in test setup. +function create-kubeconfig-for-federation() { + if [[ "${FEDERATION:-}" == "true" ]]; then + echo "creating kubeconfig for federation secret" + local kubectl="${KUBE_ROOT}/cluster/kubectl.sh" + local cc=$("${kubectl}" config view -o jsonpath='{.current-context}') + KUBECONFIG_DIR=$(dirname ${KUBECONFIG:-$DEFAULT_KUBECONFIG}) + KUBECONFIG_PATH="${KUBECONFIG_DIR}/federation/kubernetes-apiserver/${cc}" + mkdir -p "${KUBECONFIG_PATH}" + "${kubectl}" config view --minify --flatten > "${KUBECONFIG_PATH}/kubeconfig" + fi +} function tear_down_alive_resources() { local kubectl="${KUBE_ROOT}/cluster/kubectl.sh" diff --git a/cluster/gce/util.sh b/cluster/gce/util.sh index ec0d7daf6e..64a0af42e3 100755 --- a/cluster/gce/util.sh +++ b/cluster/gce/util.sh @@ -920,14 +920,7 @@ function check-cluster() { # Update the user's kubeconfig to include credentials for this apiserver. create-kubeconfig - if [[ "${FEDERATION:-}" == "true" ]]; then - # Create a kubeconfig with credentials for this apiserver. We will later use - # this kubeconfig to create a secret which the federation control plane can - # use to talk to this apiserver. - KUBECONFIG_DIR=$(dirname ${KUBECONFIG:-$DEFAULT_KUBECONFIG}) - KUBECONFIG="${KUBECONFIG_DIR}/federation/kubernetes-apiserver/${CONTEXT}/kubeconfig" \ - create-kubeconfig - fi + create-kubeconfig-for-federation ) # ensures KUBECONFIG is set diff --git a/cluster/gke/util.sh b/cluster/gke/util.sh index ae7064d1c1..0fb3cef8cd 100755 --- a/cluster/gke/util.sh +++ b/cluster/gke/util.sh @@ -23,6 +23,7 @@ KUBE_PROMPT_FOR_UPDATE=y KUBE_SKIP_UPDATE=${KUBE_SKIP_UPDATE-"n"} KUBE_ROOT=$(dirname "${BASH_SOURCE}")/../.. source "${KUBE_ROOT}/cluster/gke/${KUBE_CONFIG_FILE:-config-default.sh}" +source "${KUBE_ROOT}/cluster/common.sh" source "${KUBE_ROOT}/cluster/lib/util.sh" # Perform preparations required to run e2e tests @@ -193,6 +194,8 @@ function kube-up() { # Bring up the cluster. "${GCLOUD}" ${CMD_GROUP:-} container clusters create "${CLUSTER_NAME}" "${create_args[@]}" + create-kubeconfig-for-federation + if [[ ! -z "${HEAPSTER_MACHINE_TYPE:-}" ]]; then "${GCLOUD}" ${CMD_GROUP:-} container node-pools create "heapster-pool" --cluster "${CLUSTER_NAME}" --num-nodes=1 --machine-type="${HEAPSTER_MACHINE_TYPE}" "${shared_args[@]}" fi diff --git a/cluster/vagrant/util.sh b/cluster/vagrant/util.sh index a04dd8c9d1..48a7d21b41 100755 --- a/cluster/vagrant/util.sh +++ b/cluster/vagrant/util.sh @@ -295,7 +295,10 @@ function kube-up { vagrant ssh master -- sudo cat /srv/kubernetes/kubecfg.key >"${KUBE_KEY}" 2>/dev/null vagrant ssh master -- sudo cat /srv/kubernetes/ca.crt >"${CA_CERT}" 2>/dev/null + # Update the user's kubeconfig to include credentials for this apiserver. create-kubeconfig + + create-kubeconfig-for-federation ) verify-cluster diff --git a/federation/cluster/common.sh b/federation/cluster/common.sh index a326543cab..7955dd6581 100644 --- a/federation/cluster/common.sh +++ b/federation/cluster/common.sh @@ -159,10 +159,18 @@ function create-federation-api-objects { $host_kubectl create secret generic federation-apiserver-secret --from-file="${KUBECONFIG_DIR}/federation/federation-apiserver/kubeconfig" --namespace="${FEDERATION_NAMESPACE}" # Create secrets with all the kubernetes-apiserver's kubeconfigs. + # Note: This is used only by the test setup (where kubernetes clusters are + # brought up with FEDERATION=true). Users are expected to create this secret + # themselves. for dir in ${KUBECONFIG_DIR}/federation/kubernetes-apiserver/*; do # We create a secret with the same name as the directory name (which is - # same as cluster name in kubeconfig) + # same as cluster name in kubeconfig). + # Massage the name so that it is valid (should not contain "_" and max 253 + # chars) name=$(basename $dir) + name=$(echo "$name" | sed -e "s/_/-/g") # Replace "_" by "-" + name=${name:0:252} + echo "Creating secret with name: $name" $host_kubectl create secret generic ${name} --from-file="${dir}/kubeconfig" --namespace="${FEDERATION_NAMESPACE}" done diff --git a/test/e2e/framework/federation_util.go b/test/e2e/framework/federation_util.go new file mode 100644 index 0000000000..a018d2b602 --- /dev/null +++ b/test/e2e/framework/federation_util.go @@ -0,0 +1,42 @@ +/* +Copyright 2016 The Kubernetes Authors All rights reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package framework + +import ( + "fmt" + "regexp" + + "k8s.io/kubernetes/pkg/api/validation" + validation_util "k8s.io/kubernetes/pkg/util/validation" +) + +// GetValidDNSSubdomainName massages the given name to be a valid dns subdomain name. +// Most resources (such as secrets, clusters) require the names to be valid dns subdomain. +// This is a generic function (not specific to federation). Should be moved to a more generic location if others want to use it. +func GetValidDNSSubdomainName(name string) (string, error) { + // "_" are not allowed. Replace them by "-". + name = regexp.MustCompile("_").ReplaceAllLiteralString(name, "-") + maxLength := validation_util.DNS1123SubdomainMaxLength + if len(name) > maxLength { + name = name[0 : maxLength-1] + } + // Verify that name now passes the validation. + if errors := validation.NameIsDNSSubdomain(name, false); len(errors) != 0 { + return "", fmt.Errorf("errors in converting name to a valid DNS subdomain %s", errors) + } + return name, nil +} diff --git a/test/e2e/framework/framework.go b/test/e2e/framework/framework.go index c982b22191..cdc7e27a8c 100644 --- a/test/e2e/framework/framework.go +++ b/test/e2e/framework/framework.go @@ -585,6 +585,9 @@ func (kc *KubeConfig) findCluster(name string) *KubeCluster { } type E2EContext struct { + // Raw context name, + RawName string `yaml:"rawName"` + // A valid dns subdomain which can be used as the name of kubernetes resources. Name string `yaml:"name"` Cluster *KubeCluster `yaml:"cluster"` User *KubeUser `yaml:"user"` @@ -615,8 +618,13 @@ func (f *Framework) GetUnderlyingFederatedContexts() []E2EContext { Failf("Could not find cluster for context %+v", context) } + dnsSubdomainName, err := GetValidDNSSubdomainName(context.Name) + if err != nil { + Failf("Could not convert context name %s to a valid dns subdomain name, error: %s", context.Name, err) + } e2eContexts = append(e2eContexts, E2EContext{ - Name: context.Name, + RawName: context.Name, + Name: dnsSubdomainName, Cluster: cluster, User: user, })