Merge pull request #27332 from nikhiljindal/awsSecrets

Automatic merge from submit-queue federation: Creating kubeconfig files to be used for creating secrets for clusters on aws and gke Extension of https://github.com/kubernetes/kubernetes/pull/26914 which created the kubeconfig files for gce clusters. This PR extends it to AWS, vagrant and GKE. The change for AWS and vagrant is exactly same as GCE. For GKE, since `gcloud create clusters` creates kubeconfig, we are just copying the generated kubeconfig to the desired location cc @kubernetes/sig-cluster-federation @colhom @roberthbailey for GKE
2016-06-20 21:13:21 -07:00 · 2016-06-20 21:13:21 -07:00 · 70ad689df4
parent ec518005a8 864b267a8d
commit 70ad689df4
8 changed files with 84 additions and 10 deletions
--- a/cluster/aws/util.sh
+++ b/cluster/aws/util.sh
@ -1304,7 +1304,11 @@ function build-config() {
  export CONTEXT="aws_${INSTANCE_PREFIX}"
  (
   umask 077
+
+   # Update the user's kubeconfig to include credentials for this apiserver.
   create-kubeconfig
+
+   create-kubeconfig-for-federation
  )
 }

--- a/cluster/common.sh
+++ b/cluster/common.sh
@ -152,6 +152,19 @@ function clear-kubeconfig() {
  echo "Cleared config for ${CONTEXT} from ${KUBECONFIG}"
 }

+# Creates a kubeconfig file with the credentials for only the current-context
+# cluster. This is used by federation to create secrets in test setup.
+function create-kubeconfig-for-federation() {
+  if [[ "${FEDERATION:-}" == "true" ]]; then
+    echo "creating kubeconfig for federation secret"
+    local kubectl="${KUBE_ROOT}/cluster/kubectl.sh"
+    local cc=$("${kubectl}" config view -o jsonpath='{.current-context}')
+    KUBECONFIG_DIR=$(dirname ${KUBECONFIG:-$DEFAULT_KUBECONFIG})
+    KUBECONFIG_PATH="${KUBECONFIG_DIR}/federation/kubernetes-apiserver/${cc}"
+    mkdir -p "${KUBECONFIG_PATH}"
+    "${kubectl}" config view --minify --flatten > "${KUBECONFIG_PATH}/kubeconfig"
+  fi
+}

 function tear_down_alive_resources() {
  local kubectl="${KUBE_ROOT}/cluster/kubectl.sh"
--- a/cluster/gce/util.sh
+++ b/cluster/gce/util.sh
@ -920,14 +920,7 @@ function check-cluster() {
   # Update the user's kubeconfig to include credentials for this apiserver.
   create-kubeconfig

-   if [[ "${FEDERATION:-}" == "true" ]]; then
-       # Create a kubeconfig with credentials for this apiserver. We will later use
-       # this kubeconfig to create a secret which the federation control plane can
-       # use to talk to this apiserver.
-       KUBECONFIG_DIR=$(dirname ${KUBECONFIG:-$DEFAULT_KUBECONFIG})
-       KUBECONFIG="${KUBECONFIG_DIR}/federation/kubernetes-apiserver/${CONTEXT}/kubeconfig" \
-         create-kubeconfig
-   fi
+   create-kubeconfig-for-federation
  )

  # ensures KUBECONFIG is set
--- a/cluster/gke/util.sh
+++ b/cluster/gke/util.sh
@ -23,6 +23,7 @@ KUBE_PROMPT_FOR_UPDATE=y
 KUBE_SKIP_UPDATE=${KUBE_SKIP_UPDATE-"n"}
 KUBE_ROOT=$(dirname "${BASH_SOURCE}")/../..
 source "${KUBE_ROOT}/cluster/gke/${KUBE_CONFIG_FILE:-config-default.sh}"
+source "${KUBE_ROOT}/cluster/common.sh"
 source "${KUBE_ROOT}/cluster/lib/util.sh"

 # Perform preparations required to run e2e tests
@ -193,6 +194,8 @@ function kube-up() {
  # Bring up the cluster.
  "${GCLOUD}" ${CMD_GROUP:-} container clusters create "${CLUSTER_NAME}" "${create_args[@]}"

+  create-kubeconfig-for-federation
+
  if [[ ! -z "${HEAPSTER_MACHINE_TYPE:-}" ]]; then
    "${GCLOUD}" ${CMD_GROUP:-} container node-pools create "heapster-pool" --cluster "${CLUSTER_NAME}" --num-nodes=1 --machine-type="${HEAPSTER_MACHINE_TYPE}" "${shared_args[@]}"
  fi
--- a/cluster/vagrant/util.sh
+++ b/cluster/vagrant/util.sh
@ -295,7 +295,10 @@ function kube-up {
   vagrant ssh master -- sudo cat /srv/kubernetes/kubecfg.key >"${KUBE_KEY}" 2>/dev/null
   vagrant ssh master -- sudo cat /srv/kubernetes/ca.crt >"${CA_CERT}" 2>/dev/null

+   # Update the user's kubeconfig to include credentials for this apiserver.
   create-kubeconfig
+
+   create-kubeconfig-for-federation
  )

  verify-cluster
--- a/federation/cluster/common.sh
+++ b/federation/cluster/common.sh
@ -159,10 +159,18 @@ function create-federation-api-objects {
    $host_kubectl create secret generic federation-apiserver-secret --from-file="${KUBECONFIG_DIR}/federation/federation-apiserver/kubeconfig" --namespace="${FEDERATION_NAMESPACE}"

    # Create secrets with all the kubernetes-apiserver's kubeconfigs.
+    # Note: This is used only by the test setup (where kubernetes clusters are
+    # brought up with FEDERATION=true). Users are expected to create this secret
+    # themselves.
    for dir in ${KUBECONFIG_DIR}/federation/kubernetes-apiserver/*; do
      # We create a secret with the same name as the directory name (which is
-      # same as cluster name in kubeconfig)
+      # same as cluster name in kubeconfig).
+      # Massage the name so that it is valid (should not contain "_" and max 253
+      # chars)
      name=$(basename $dir)
+      name=$(echo "$name" | sed -e "s/_/-/g")  # Replace "_" by "-"
+      name=${name:0:252}
+      echo "Creating secret with name: $name"
      $host_kubectl create secret generic ${name} --from-file="${dir}/kubeconfig" --namespace="${FEDERATION_NAMESPACE}"
    done

--- a/test/e2e/framework/federation_util.go
+++ b/test/e2e/framework/federation_util.go
@ -0,0 +1,42 @@
+/*
+Copyright 2016 The Kubernetes Authors All rights reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package framework
+
+import (
+	"fmt"
+	"regexp"
+
+	"k8s.io/kubernetes/pkg/api/validation"
+	validation_util "k8s.io/kubernetes/pkg/util/validation"
+)
+
+// GetValidDNSSubdomainName massages the given name to be a valid dns subdomain name.
+// Most resources (such as secrets, clusters) require the names to be valid dns subdomain.
+// This is a generic function (not specific to federation). Should be moved to a more generic location if others want to use it.
+func GetValidDNSSubdomainName(name string) (string, error) {
+	// "_" are not allowed. Replace them by "-".
+	name = regexp.MustCompile("_").ReplaceAllLiteralString(name, "-")
+	maxLength := validation_util.DNS1123SubdomainMaxLength
+	if len(name) > maxLength {
+		name = name[0 : maxLength-1]
+	}
+	// Verify that name now passes the validation.
+	if errors := validation.NameIsDNSSubdomain(name, false); len(errors) != 0 {
+		return "", fmt.Errorf("errors in converting name to a valid DNS subdomain %s", errors)
+	}
+	return name, nil
+}
--- a/test/e2e/framework/framework.go
+++ b/test/e2e/framework/framework.go
@ -585,6 +585,9 @@ func (kc *KubeConfig) findCluster(name string) *KubeCluster {
 }

 type E2EContext struct {
+	// Raw context name,
+	RawName string `yaml:"rawName"`
+	// A valid dns subdomain which can be used as the name of kubernetes resources.
 	Name    string       `yaml:"name"`
 	Cluster *KubeCluster `yaml:"cluster"`
 	User    *KubeUser    `yaml:"user"`
@ -615,8 +618,13 @@ func (f *Framework) GetUnderlyingFederatedContexts() []E2EContext {
 				Failf("Could not find cluster for context %+v", context)
 			}

+			dnsSubdomainName, err := GetValidDNSSubdomainName(context.Name)
+			if err != nil {
+				Failf("Could not convert context name %s to a valid dns subdomain name, error: %s", context.Name, err)
+			}
 			e2eContexts = append(e2eContexts, E2EContext{
-				Name:    context.Name,
+				RawName: context.Name,
+				Name:    dnsSubdomainName,
 				Cluster: cluster,
 				User:    user,
 			})