github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #26914 from nikhiljindal/FedAPIServerSecret 

Updating federation up script to create secrets with federation-apiserver and k8s apiservers kubeconfigs
pull/6/head
Quinton Hoole 2016-06-07 22:29:39 -07:00
parent a283a0a759 9443bf0f9c
commit c578678820
3 changed files with 57 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
cluster/common.sh
View File

@ -59,6 +59,7 @@ KUBE_CI_VERSION_REGEX="^v(0|[1-9][0-9]*)\\.(0|[1-9][0-9]*)\\.(0|[1-9][0-9]*)-(be
# KUBE_KEY # KUBE_KEY
# CA_CERT # CA_CERT
function create-kubeconfig() { function create-kubeconfig() {
KUBECONFIG=${KUBECONFIG:-$DEFAULT_KUBECONFIG}
local kubectl="${KUBE_ROOT}/cluster/kubectl.sh" local kubectl="${KUBE_ROOT}/cluster/kubectl.sh"
SECONDARY_KUBECONFIG=${SECONDARY_KUBECONFIG:-} SECONDARY_KUBECONFIG=${SECONDARY_KUBECONFIG:-}
OVERRIDE_CONTEXT=${OVERRIDE_CONTEXT:-} OVERRIDE_CONTEXT=${OVERRIDE_CONTEXT:-}
@ -67,7 +68,6 @@ function create-kubeconfig() {
CONTEXT=$OVERRIDE_CONTEXT CONTEXT=$OVERRIDE_CONTEXT
fi fi
export KUBECONFIG=${KUBECONFIG:-$DEFAULT_KUBECONFIG}
# KUBECONFIG determines the file we write to, but it may not exist yet # KUBECONFIG determines the file we write to, but it may not exist yet
if [[ ! -e "${KUBECONFIG}" ]]; then if [[ ! -e "${KUBECONFIG}" ]]; then
mkdir -p $(dirname "${KUBECONFIG}") mkdir -p $(dirname "${KUBECONFIG}")
@ -104,21 +104,21 @@ function create-kubeconfig() {
) )
fi fi
"${kubectl}" config set-cluster "${CONTEXT}" "${cluster_args[@]}" KUBECONFIG="${KUBECONFIG}" "${kubectl}" config set-cluster "${CONTEXT}" "${cluster_args[@]}"
if [[ -n "${user_args[@]:-}" ]]; then if [[ -n "${user_args[@]:-}" ]]; then
"${kubectl}" config set-credentials "${CONTEXT}" "${user_args[@]}" KUBECONFIG="${KUBECONFIG}" "${kubectl}" config set-credentials "${CONTEXT}" "${user_args[@]}"
fi fi
"${kubectl}" config set-context "${CONTEXT}" --cluster="${CONTEXT}" --user="${CONTEXT}" KUBECONFIG="${KUBECONFIG}" "${kubectl}" config set-context "${CONTEXT}" --cluster="${CONTEXT}" --user="${CONTEXT}"
if [[ "${SECONDARY_KUBECONFIG}" != "true" ]];then if [[ "${SECONDARY_KUBECONFIG}" != "true" ]];then
"${kubectl}" config use-context "${CONTEXT}" --cluster="${CONTEXT}" KUBECONFIG="${KUBECONFIG}" "${kubectl}" config use-context "${CONTEXT}" --cluster="${CONTEXT}"
fi fi
# If we have a bearer token, also create a credential entry with basic auth # If we have a bearer token, also create a credential entry with basic auth
# so that it is easy to discover the basic auth password for your cluster # so that it is easy to discover the basic auth password for your cluster
# to use in a web browser. # to use in a web browser.
if [[ ! -z "${KUBE_BEARER_TOKEN:-}" && ! -z "${KUBE_USER:-}" && ! -z "${KUBE_PASSWORD:-}" ]]; then if [[ ! -z "${KUBE_BEARER_TOKEN:-}" && ! -z "${KUBE_USER:-}" && ! -z "${KUBE_PASSWORD:-}" ]]; then
"${kubectl}" config set-credentials "${CONTEXT}-basic-auth" "--username=${KUBE_USER}" "--password=${KUBE_PASSWORD}" KUBECONFIG="${KUBECONFIG}" "${kubectl}" config set-credentials "${CONTEXT}-basic-auth" "--username=${KUBE_USER}" "--password=${KUBE_PASSWORD}"
fi fi
echo "Wrote config for ${CONTEXT} to ${KUBECONFIG}" echo "Wrote config for ${CONTEXT} to ${KUBECONFIG}"
@ -128,8 +128,16 @@ function create-kubeconfig() {
# Assumed vars: # Assumed vars:
# KUBECONFIG # KUBECONFIG
# CONTEXT # CONTEXT
#
# To explicitly name the context being removed, use OVERRIDE_CONTEXT
function clear-kubeconfig() { function clear-kubeconfig() {
export KUBECONFIG=${KUBECONFIG:-$DEFAULT_KUBECONFIG} export KUBECONFIG=${KUBECONFIG:-$DEFAULT_KUBECONFIG}
OVERRIDE_CONTEXT=${OVERRIDE_CONTEXT:-}
if [[ "$OVERRIDE_CONTEXT" != "" ]];then
CONTEXT=$OVERRIDE_CONTEXT
fi
local kubectl="${KUBE_ROOT}/cluster/kubectl.sh" local kubectl="${KUBE_ROOT}/cluster/kubectl.sh"
"${kubectl}" config unset "clusters.${CONTEXT}" "${kubectl}" config unset "clusters.${CONTEXT}"
"${kubectl}" config unset "users.${CONTEXT}" "${kubectl}" config unset "users.${CONTEXT}"

11
cluster/gce/util.sh
View File

@ -900,7 +900,18 @@ function check-cluster() {
export CONTEXT="${PROJECT}_${INSTANCE_PREFIX}" export CONTEXT="${PROJECT}_${INSTANCE_PREFIX}"
( (
umask 077 umask 077
# Update the user's kubeconfig to include credentials for this apiserver.
create-kubeconfig create-kubeconfig
if [[ "${FEDERATION:-}" == "true" ]]; then
# Create a kubeconfig with credentials for this apiserver. We will later use
# this kubeconfig to create a secret which the federation control plane can
# use to talk to this apiserver.
KUBECONFIG_DIR=$(dirname ${KUBECONFIG:-$DEFAULT_KUBECONFIG})
KUBECONFIG="${KUBECONFIG_DIR}/federation/kubernetes-apiserver/${CONTEXT}/kubeconfig" \
create-kubeconfig
fi
) )
# ensures KUBECONFIG is set # ensures KUBECONFIG is set

38
federation/cluster/common.sh
View File

@ -32,6 +32,7 @@ KUBE_ARCH=${KUBE_ARCH:-amd64}
KUBE_BUILD_STAGE=${KUBE_BUILD_STAGE:-release-stage} KUBE_BUILD_STAGE=${KUBE_BUILD_STAGE:-release-stage}
source "${KUBE_ROOT}/cluster/common.sh" source "${KUBE_ROOT}/cluster/common.sh"
source "${KUBE_ROOT}/hack/lib/util.sh"
host_kubectl="${KUBE_ROOT}/cluster/kubectl.sh --namespace=${FEDERATION_NAMESPACE}" host_kubectl="${KUBE_ROOT}/cluster/kubectl.sh --namespace=${FEDERATION_NAMESPACE}"
@ -110,6 +111,33 @@ function create-federated-api-objects {
$template "${manifests_root}/federation-apiserver-"{deployment,secrets}".yaml" | $host_kubectl create -f - $template "${manifests_root}/federation-apiserver-"{deployment,secrets}".yaml" | $host_kubectl create -f -
$template "${manifests_root}/federation-controller-manager-deployment.yaml" | $host_kubectl create -f - $template "${manifests_root}/federation-controller-manager-deployment.yaml" | $host_kubectl create -f -
# Create a kubeconfig with credentails for federation-apiserver. We will
# then use this kubeconfig to create a secret which the federation
# controller manager can use to talk to the federation-apiserver.
# Note that the file name should be "kubeconfig" so that the secret key gets the same name.
KUBECONFIG_DIR=$(dirname ${KUBECONFIG:-$DEFAULT_KUBECONFIG})
CONTEXT=federated-cluster \
KUBE_BEARER_TOKEN="$FEDERATION_API_TOKEN" \
KUBECONFIG="${KUBECONFIG_DIR}/federation/federation-apiserver/kubeconfig" \
create-kubeconfig
# Create secret with federation-apiserver's kubeconfig
$host_kubectl create secret generic federation-apiserver-secret --from-file="${KUBECONFIG_DIR}/federation/federation-apiserver/kubeconfig" --namespace="${FEDERATION_NAMESPACE}"
# Create secrets with all the kubernetes-apiserver's kubeconfigs.
for dir in ${KUBECONFIG_DIR}/federation/kubernetes-apiserver/*; do
# We create a secret with the same name as the directory name (which is
# same as cluster name in kubeconfig)
name=$(basename $dir)
$host_kubectl create secret generic ${name} --from-file="${dir}/kubeconfig" --namespace="${FEDERATION_NAMESPACE}"
done
# Update the users kubeconfig to include federation-apiserver credentials.
CONTEXT=federated-cluster \
KUBE_BEARER_TOKEN="$FEDERATION_API_TOKEN" \
SECONDARY_KUBECONFIG=true \
create-kubeconfig
# Don't finish provisioning until federation-apiserver pod is running # Don't finish provisioning until federation-apiserver pod is running
for i in {1..30};do for i in {1..30};do
#TODO(colhom): in the future this needs to scale out for N pods. This assumes just one pod #TODO(colhom): in the future this needs to scale out for N pods. This assumes just one pod
@ -145,11 +173,6 @@ function create-federated-api-objects {
sleep 4 sleep 4
done done
CONTEXT=federated-cluster \
KUBE_BEARER_TOKEN="$FEDERATION_API_TOKEN" \
SECONDARY_KUBECONFIG=true \
create-kubeconfig
) )
} }
@ -208,5 +231,8 @@ function push-federated-images {
done done
} }
function cleanup-federated-api-objects { function cleanup-federated-api-objects {
$host_kubectl delete pods,svc,rc,deployment,secret -lapp=federated-cluster # Delete all resources with the federated-cluster label.
$host_kubectl delete pods,svc,rc,deployment,secret -lapp=federated-cluster
# Delete all resources in FEDERATION_NAMESPACE.
$host_kubectl delete pods,svc,rc,deployment,secret --namespace=${FEDERATION_NAMESPACE} --all
} }