mirror of https://github.com/k3s-io/k3s
Updating federation up script to create a secret with federation-apiserver kubeconfig
nikhiljindal
parent
015bc3d60d
commit
b4da46974c
|
|
@ -59,6 +59,7 @@ KUBE_CI_VERSION_REGEX="^v(0|[1-9][0-9]*)\\.(0|[1-9][0-9]*)\\.(0|[1-9][0-9]*)-(be
|
|||
# KUBE_KEY
|
||||
# CA_CERT
|
||||
function create-kubeconfig() {
|
||||
KUBECONFIG=${KUBECONFIG:-$DEFAULT_KUBECONFIG}
|
||||
local kubectl="${KUBE_ROOT}/cluster/kubectl.sh"
|
||||
SECONDARY_KUBECONFIG=${SECONDARY_KUBECONFIG:-}
|
||||
OVERRIDE_CONTEXT=${OVERRIDE_CONTEXT:-}
|
||||
|
|
@ -67,7 +68,6 @@ function create-kubeconfig() {
|
|||
CONTEXT=$OVERRIDE_CONTEXT
|
||||
fi
|
||||
|
||||
export KUBECONFIG=${KUBECONFIG:-$DEFAULT_KUBECONFIG}
|
||||
# KUBECONFIG determines the file we write to, but it may not exist yet
|
||||
if [[ ! -e "${KUBECONFIG}" ]]; then
|
||||
mkdir -p $(dirname "${KUBECONFIG}")
|
||||
|
|
@ -104,21 +104,21 @@ function create-kubeconfig() {
|
|||
)
|
||||
fi
|
||||
|
||||
"${kubectl}" config set-cluster "${CONTEXT}" "${cluster_args[@]}"
|
||||
KUBECONFIG="${KUBECONFIG}" "${kubectl}" config set-cluster "${CONTEXT}" "${cluster_args[@]}"
|
||||
if [[ -n "${user_args[@]:-}" ]]; then
|
||||
"${kubectl}" config set-credentials "${CONTEXT}" "${user_args[@]}"
|
||||
KUBECONFIG="${KUBECONFIG}" "${kubectl}" config set-credentials "${CONTEXT}" "${user_args[@]}"
|
||||
fi
|
||||
"${kubectl}" config set-context "${CONTEXT}" --cluster="${CONTEXT}" --user="${CONTEXT}"
|
||||
KUBECONFIG="${KUBECONFIG}" "${kubectl}" config set-context "${CONTEXT}" --cluster="${CONTEXT}" --user="${CONTEXT}"
|
||||
|
||||
if [[ "${SECONDARY_KUBECONFIG}" != "true" ]];then
|
||||
"${kubectl}" config use-context "${CONTEXT}" --cluster="${CONTEXT}"
|
||||
KUBECONFIG="${KUBECONFIG}" "${kubectl}" config use-context "${CONTEXT}" --cluster="${CONTEXT}"
|
||||
fi
|
||||
|
||||
# If we have a bearer token, also create a credential entry with basic auth
|
||||
# so that it is easy to discover the basic auth password for your cluster
|
||||
# to use in a web browser.
|
||||
if [[ ! -z "${KUBE_BEARER_TOKEN:-}" && ! -z "${KUBE_USER:-}" && ! -z "${KUBE_PASSWORD:-}" ]]; then
|
||||
"${kubectl}" config set-credentials "${CONTEXT}-basic-auth" "--username=${KUBE_USER}" "--password=${KUBE_PASSWORD}"
|
||||
KUBECONFIG="${KUBECONFIG}" "${kubectl}" config set-credentials "${CONTEXT}-basic-auth" "--username=${KUBE_USER}" "--password=${KUBE_PASSWORD}"
|
||||
fi
|
||||
|
||||
echo "Wrote config for ${CONTEXT} to ${KUBECONFIG}"
|
||||
|
|
@ -128,8 +128,16 @@ function create-kubeconfig() {
|
|||
# Assumed vars:
|
||||
# KUBECONFIG
|
||||
# CONTEXT
|
||||
#
|
||||
# To explicitly name the context being removed, use OVERRIDE_CONTEXT
|
||||
function clear-kubeconfig() {
|
||||
export KUBECONFIG=${KUBECONFIG:-$DEFAULT_KUBECONFIG}
|
||||
OVERRIDE_CONTEXT=${OVERRIDE_CONTEXT:-}
|
||||
|
||||
if [[ "$OVERRIDE_CONTEXT" != "" ]];then
|
||||
CONTEXT=$OVERRIDE_CONTEXT
|
||||
fi
|
||||
|
||||
local kubectl="${KUBE_ROOT}/cluster/kubectl.sh"
|
||||
"${kubectl}" config unset "clusters.${CONTEXT}"
|
||||
"${kubectl}" config unset "users.${CONTEXT}"
|
||||
|
|
|
|||
|
|
@ -32,6 +32,7 @@ KUBE_ARCH=${KUBE_ARCH:-amd64}
|
|||
KUBE_BUILD_STAGE=${KUBE_BUILD_STAGE:-release-stage}
|
||||
|
||||
source "${KUBE_ROOT}/cluster/common.sh"
|
||||
source "${KUBE_ROOT}/hack/lib/util.sh"
|
||||
|
||||
host_kubectl="${KUBE_ROOT}/cluster/kubectl.sh --namespace=${FEDERATION_NAMESPACE}"
|
||||
|
||||
|
|
@ -110,6 +111,27 @@ function create-federated-api-objects {
|
|||
$template "${manifests_root}/federation-apiserver-"{deployment,secrets}".yaml" | $host_kubectl create -f -
|
||||
$template "${manifests_root}/federation-controller-manager-deployment.yaml" | $host_kubectl create -f -
|
||||
|
||||
# Create a kubeconfig with credentails for federation-apiserver and create a
|
||||
# secret for it.
|
||||
|
||||
# Create kubeconfig. Note that the file name should be "kubeconfig"
|
||||
# so that the secret key gets the same name.
|
||||
kube::util::ensure-temp-dir
|
||||
CONTEXT=federated-cluster \
|
||||
KUBE_BEARER_TOKEN="$FEDERATION_API_TOKEN" \
|
||||
KUBECONFIG="${KUBE_TEMP}/federation/federation-apiserver/kubeconfig" \
|
||||
create-kubeconfig
|
||||
|
||||
# Create the secret
|
||||
$host_kubectl create secret generic federation-apiserver-secret --from-file="${KUBE_TEMP}/federation/federation-apiserver/kubeconfig" --namespace="${FEDERATION_NAMESPACE}"
|
||||
|
||||
|
||||
# Update the users kubeconfig to include federation-apiserver credentials.
|
||||
CONTEXT=federated-cluster \
|
||||
KUBE_BEARER_TOKEN="$FEDERATION_API_TOKEN" \
|
||||
SECONDARY_KUBECONFIG=true \
|
||||
create-kubeconfig
|
||||
|
||||
# Don't finish provisioning until federation-apiserver pod is running
|
||||
for i in {1..30};do
|
||||
#TODO(colhom): in the future this needs to scale out for N pods. This assumes just one pod
|
||||
|
|
@ -145,11 +167,6 @@ function create-federated-api-objects {
|
|||
|
||||
sleep 4
|
||||
done
|
||||
|
||||
CONTEXT=federated-cluster \
|
||||
KUBE_BEARER_TOKEN="$FEDERATION_API_TOKEN" \
|
||||
SECONDARY_KUBECONFIG=true \
|
||||
create-kubeconfig
|
||||
)
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue