diff --git a/examples/cassandra/cassandra.yaml b/examples/cassandra/cassandra.yaml
index f921db6edf..5240899cf4 100644
--- a/examples/cassandra/cassandra.yaml
+++ b/examples/cassandra/cassandra.yaml
@@ -26,8 +26,6 @@ spec:
value: 512M
- name: HEAP_NEWSIZE
value: 100M
- - name: KUBERNETES_API_PROTOCOL
- value: http
volumes:
- name: data
emptyDir: {}
diff --git a/examples/cassandra/image/kubernetes-cassandra.jar b/examples/cassandra/image/kubernetes-cassandra.jar
index e48410ac22..93f492965b 100644
Binary files a/examples/cassandra/image/kubernetes-cassandra.jar and b/examples/cassandra/image/kubernetes-cassandra.jar differ
diff --git a/examples/cassandra/java/pom.xml b/examples/cassandra/java/pom.xml
index 4a20149b30..0df1e54675 100644
--- a/examples/cassandra/java/pom.xml
+++ b/examples/cassandra/java/pom.xml
@@ -2,7 +2,7 @@
4.0.0
io.k8s.cassandra
kubernetes-cassandra
- 0.0.2
+ 0.0.3
src
diff --git a/examples/cassandra/java/src/io/k8s/cassandra/KubernetesSeedProvider.java b/examples/cassandra/java/src/io/k8s/cassandra/KubernetesSeedProvider.java
index e479b323aa..338c7f7e08 100644
--- a/examples/cassandra/java/src/io/k8s/cassandra/KubernetesSeedProvider.java
+++ b/examples/cassandra/java/src/io/k8s/cassandra/KubernetesSeedProvider.java
@@ -1,10 +1,14 @@
package io.k8s.cassandra;
import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.net.URL;
import java.net.URLConnection;
+import java.security.cert.X509Certificate;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
@@ -13,6 +17,13 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
+
import org.codehaus.jackson.JsonNode;
import org.codehaus.jackson.annotate.JsonIgnoreProperties;
import org.codehaus.jackson.map.ObjectMapper;
@@ -45,10 +56,17 @@ public class KubernetesSeedProvider implements SeedProvider {
return val;
}
+ private static String getServiceAccountToken() throws IOException {
+ String file = "/var/run/secrets/kubernetes.io/serviceaccount/token";
+ return new String(Files.readAllBytes(Paths.get(file)));
+ }
+
private static final Logger logger = LoggerFactory.getLogger(KubernetesSeedProvider.class);
private List defaultSeeds;
-
+ private TrustManager[] trustAll;
+ private HostnameVerifier trustAllHosts;
+
public KubernetesSeedProvider(Map params) {
// Taken from SimpleSeedProvider.java
// These are used as a fallback, if we get nothing from k8s.
@@ -65,21 +83,43 @@ public class KubernetesSeedProvider implements SeedProvider {
logger.warn("Seed provider couldn't lookup host " + host);
}
}
- }
+ // TODO: Load the CA cert when it is available on all platforms.
+ trustAll = new TrustManager[] {
+ new X509TrustManager() {
+ public void checkServerTrusted(X509Certificate[] certs, String authType) {}
+ public void checkClientTrusted(X509Certificate[] certs, String authType) {}
+ public X509Certificate[] getAcceptedIssuers() { return null; }
+ }
+ };
+ trustAllHosts = new HostnameVerifier() {
+ public boolean verify(String hostname, SSLSession session) {
+ return true;
+ }
+ };
+ }
public List getSeeds() {
List list = new ArrayList();
- String protocol = getEnvOrDefault("KUBERNETES_API_PROTOCOL", "http");
- String hostName = getEnvOrDefault("KUBERNETES_RO_SERVICE_HOST", "localhost");
- String hostPort = getEnvOrDefault("KUBERNETES_RO_SERVICE_PORT", "8080");
-
- String host = protocol + "://" + hostName + ":" + hostPort;
+ String host = "https://kubernetes.default.cluster.local";
String serviceName = getEnvOrDefault("CASSANDRA_SERVICE", "cassandra");
String path = "/api/v1beta3/namespaces/default/endpoints/";
try {
+ String token = getServiceAccountToken();
+
+ SSLContext ctx = SSLContext.getInstance("SSL");
+ ctx.init(null, trustAll, new SecureRandom());
+
URL url = new URL(host + path + serviceName);
+ HttpsURLConnection conn = (HttpsURLConnection)url.openConnection();
+
+ // TODO: Remove this once the CA cert is propogated everywhere, and replace
+ // with loading the CA cert.
+ conn.setSSLSocketFactory(ctx.getSocketFactory());
+ conn.setHostnameVerifier(trustAllHosts);
+
+ conn.addRequestProperty("Authorization", "Bearer " + token);
ObjectMapper mapper = new ObjectMapper();
- Endpoints endpoints = mapper.readValue(url, Endpoints.class);
+ Endpoints endpoints = mapper.readValue(conn.getInputStream(), Endpoints.class);
if (endpoints != null) {
// Here is a problem point, endpoints.subsets can be null in first node cases.
if (endpoints.subsets != null && !endpoints.subsets.isEmpty()){
@@ -90,8 +130,8 @@ public class KubernetesSeedProvider implements SeedProvider {
}
}
}
- } catch (IOException ex) {
- logger.warn("Request to kubernetes apiserver failed");
+ } catch (IOException | NoSuchAlgorithmException | KeyManagementException ex) {
+ logger.warn("Request to kubernetes apiserver failed", ex);
}
if (list.size() == 0) {
// If we got nothing, we might be the first instance, in that case