diff --git a/cluster/addons/dns/kube2sky/kube2sky.go b/cluster/addons/dns/kube2sky/kube2sky.go index e8d9aeac82..80e807f087 100644 --- a/cluster/addons/dns/kube2sky/kube2sky.go +++ b/cluster/addons/dns/kube2sky/kube2sky.go @@ -29,6 +29,8 @@ import ( kapi "github.com/GoogleCloudPlatform/kubernetes/pkg/api" kclient "github.com/GoogleCloudPlatform/kubernetes/pkg/client" + kclientcmd "github.com/GoogleCloudPlatform/kubernetes/pkg/client/clientcmd" + kclientcmdapi "github.com/GoogleCloudPlatform/kubernetes/pkg/client/clientcmd/api" kfields "github.com/GoogleCloudPlatform/kubernetes/pkg/fields" klabels "github.com/GoogleCloudPlatform/kubernetes/pkg/labels" tools "github.com/GoogleCloudPlatform/kubernetes/pkg/tools" @@ -42,6 +44,7 @@ var ( etcd_mutation_timeout = flag.Duration("etcd_mutation_timeout", 10*time.Second, "crash after retrying etcd mutation for a specified duration") etcd_server = flag.String("etcd-server", "http://127.0.0.1:4001", "URL to etcd server") verbose = flag.Bool("verbose", false, "log extra information") + kubecfg_file = flag.String("kubecfg_file", "", "Location of kubecfg file for access to kubernetes service") ) func removeDNS(record string, etcdClient *etcd.Client) error { @@ -128,22 +131,40 @@ func newEtcdClient() (client *etcd.Client) { // TODO: evaluate using pkg/client/clientcmd func newKubeClient() (*kclient.Client, error) { - config := &kclient.Config{} - - masterHost := os.Getenv("KUBERNETES_RO_SERVICE_HOST") - if masterHost == "" { - log.Fatalf("KUBERNETES_RO_SERVICE_HOST is not defined") + var config *kclient.Config + if *kubecfg_file == "" { + // No kubecfg file provided. Use kubernetes_ro service. + masterHost := os.Getenv("KUBERNETES_RO_SERVICE_HOST") + if masterHost == "" { + log.Fatalf("KUBERNETES_RO_SERVICE_HOST is not defined") + } + masterPort := os.Getenv("KUBERNETES_RO_SERVICE_PORT") + if masterPort == "" { + log.Fatalf("KUBERNETES_RO_SERVICE_PORT is not defined") + } + config = &kclient.Config{ + Host: fmt.Sprintf("http://%s:%s", masterHost, masterPort), + Version: "v1beta1", + } + } else { + masterHost := os.Getenv("KUBERNETES_SERVICE_HOST") + if masterHost == "" { + log.Fatalf("KUBERNETES_SERVICE_HOST is not defined") + } + masterPort := os.Getenv("KUBERNETES_SERVICE_PORT") + if masterPort == "" { + log.Fatalf("KUBERNETES_SERVICE_PORT is not defined") + } + master := fmt.Sprintf("https://%s:%s", masterHost, masterPort) + var err error + if config, err = kclientcmd.NewNonInteractiveDeferredLoadingClientConfig( + &kclientcmd.ClientConfigLoadingRules{ExplicitPath: *kubecfg_file}, + &kclientcmd.ConfigOverrides{ClusterInfo: kclientcmdapi.Cluster{Server: master}}).ClientConfig(); err != nil { + return nil, err + } } - masterPort := os.Getenv("KUBERNETES_RO_SERVICE_PORT") - if masterPort == "" { - log.Fatalf("KUBERNETES_RO_SERVICE_PORT is not defined") - } - config.Host = fmt.Sprintf("http://%s:%s", masterHost, masterPort) log.Printf("Using %s for kubernetes master", config.Host) - - config.Version = "v1beta1" log.Printf("Using kubernetes API %s", config.Version) - return kclient.New(config) } diff --git a/cluster/addons/dns/skydns-rc.yaml.in b/cluster/addons/dns/skydns-rc.yaml.in index 048785f973..fb1c703e99 100644 --- a/cluster/addons/dns/skydns-rc.yaml.in +++ b/cluster/addons/dns/skydns-rc.yaml.in @@ -29,10 +29,15 @@ desiredState: "-advertise-client-urls=http://127.0.0.1:4001", ] - name: kube2sky - image: gcr.io/google_containers/kube2sky:1.1 + image: gcr.io/google_containers/kube2sky:1.2 + volumeMounts: + - name: dns-token + mountPath: /etc/dns_token + readOnly: true command: [ # entrypoint = "/kube2sky", "-domain={{ pillar['dns_domain'] }}", + "-kubecfg_file=/etc/dns_token/kubeconfig", ] - name: skydns image: gcr.io/google_containers/skydns:2015-03-11-001 @@ -46,3 +51,11 @@ desiredState: - name: dns containerPort: 53 protocol: UDP + volumes: + - name: dns-token + source: + secret: + target: + kind: Secret + namespace: default + name: token-system-dns diff --git a/cluster/saltbase/salt/kube-addons/default b/cluster/saltbase/salt/kube-addons/default deleted file mode 100644 index 65bc90a4af..0000000000 --- a/cluster/saltbase/salt/kube-addons/default +++ /dev/null @@ -1,14 +0,0 @@ -#TODO(erictune): once we make DNS a hard requirement for clusters, then this can be removed, -# and APISERVER_URL="https://kubernetes:443" -{% if grains.api_servers is defined -%} - {% set api_server = "https://" + grains.api_servers + ":6443" -%} -{% elif grains.apiservers is defined -%} # TODO(remove after 0.16.0): Deprecated form - {% set api_server = "https://" + grains.apiservers + ":6443" -%} -{% elif grains['roles'][0] == 'kubernetes-master' -%} - {% set master_ipv4 = salt['grains.get']('fqdn_ip4')[0] -%} - {% set api_server = "https://" + master_ipv4 + ":6443" -%} -{% else -%} - {% set ips = salt['mine.get']('roles:kubernetes-master', 'network.ip_addrs', 'grain').values() -%} - {% set api_server = "https://" + ips[0][0] + ":6443" -%} -{% endif -%} -export APISERVER_URL={{ api_server }} diff --git a/cluster/saltbase/salt/kube-addons/init.sls b/cluster/saltbase/salt/kube-addons/init.sls index 069574c592..a38adb6255 100644 --- a/cluster/saltbase/salt/kube-addons/init.sls +++ b/cluster/saltbase/salt/kube-addons/init.sls @@ -48,20 +48,6 @@ - makedirs: True {% endif %} -{% if grains['os_family'] == 'RedHat' %} -{% set environment_file = '/etc/sysconfig/kube-addons' %} -{% else %} -{% set environment_file = '/etc/default/kube-addons' %} -{% endif %} - -{{ environment_file }}: - file.managed: - - source: salt://kube-addons/default - - template: jinja - - user: root - - group: root - - mode: 644 - /etc/kubernetes/kube-addons.sh: file.managed: - source: salt://kube-addons/kube-addons.sh diff --git a/cluster/saltbase/salt/kube-addons/initd b/cluster/saltbase/salt/kube-addons/initd index 2c60e5bd29..6b06e8c7cd 100644 --- a/cluster/saltbase/salt/kube-addons/initd +++ b/cluster/saltbase/salt/kube-addons/initd @@ -21,9 +21,6 @@ PIDFILE=/var/run/$NAME.pid SCRIPTNAME=/etc/init.d/$NAME KUBE_ADDONS_SH=/etc/kubernetes/kube-addons.sh -# Read configuration variable file if it is present -[ -r /etc/default/$NAME ] && . /etc/default/$NAME - # Define LSB log_* functions. # Depend on lsb-base (>= 3.2-14) to ensure that this file is present # and status_of_proc is working. diff --git a/cluster/saltbase/salt/kube-addons/kube-addons.service b/cluster/saltbase/salt/kube-addons/kube-addons.service index f9be6db316..086394e857 100644 --- a/cluster/saltbase/salt/kube-addons/kube-addons.service +++ b/cluster/saltbase/salt/kube-addons/kube-addons.service @@ -3,7 +3,6 @@ Description=Kubernetes Addon Object Manager Documentation=https://github.com/GoogleCloudPlatform/kubernetes [Service] -EnvironmentFile=/etc/sysconfig/kube-addons ExecStart=/etc/kubernetes/kube-addons.sh [Install] diff --git a/cluster/saltbase/salt/kube-addons/kube-addons.sh b/cluster/saltbase/salt/kube-addons/kube-addons.sh index 12cd629f64..6b996c3c06 100644 --- a/cluster/saltbase/salt/kube-addons/kube-addons.sh +++ b/cluster/saltbase/salt/kube-addons/kube-addons.sh @@ -19,11 +19,6 @@ # managed result is of that. Start everything below that directory. KUBECTL=/usr/local/bin/kubectl -if [ -z "$APISERVER_URL" ] ; then - echo "Must set APISERVER_URL" - exit 1 -fi - function create-kubeconfig-secret() { local -r token=$1 local -r username=$2 @@ -32,6 +27,8 @@ function create-kubeconfig-secret() { # Make a kubeconfig file with the token. # TODO(etune): put apiserver certs into secret too, and reference from authfile, # so that "Insecure" is not needed. + # Point the kubeconfig file at https://kubernetes:443. Pods/components that + # do not have DNS available will have to override the server. read -r -d '' kubeconfig <