diff --git a/cluster/aws/util.sh b/cluster/aws/util.sh index 193002127a..5c68354d17 100755 --- a/cluster/aws/util.sh +++ b/cluster/aws/util.sh @@ -681,7 +681,7 @@ function kube-up { ensure-iam-profiles - gen-kube-basicauth + load-or-gen-kube-basicauth if [[ ! -f "$AWS_SSH_KEY" ]]; then ssh-keygen -f "$AWS_SSH_KEY" -N '' diff --git a/cluster/common.sh b/cluster/common.sh index 1fce23bb5f..6a262f6e96 100755 --- a/cluster/common.sh +++ b/cluster/common.sh @@ -116,7 +116,7 @@ function clear-kubeconfig() { "${kubectl}" config unset "contexts.${CONTEXT}" local current - current=$("${kubectl}" config view -o template --template='{{ index . "current-context" }}') + current=$("${kubectl}" config view -o jsonpath='{.current-context}') if [[ "${current}" == "${CONTEXT}" ]]; then "${kubectl}" config unset current-context fi @@ -136,6 +136,7 @@ function tear_down_alive_resources() { # Gets username, password for the current-context in kubeconfig, if they exist. # Assumed vars: # KUBECONFIG # if unset, defaults to global +# KUBE_CONTEXT # if unset, defaults to current-context # # Vars set: # KUBE_USER @@ -145,21 +146,14 @@ function tear_down_alive_resources() { # the current-context user does not exist or contain basicauth entries. function get-kubeconfig-basicauth() { export KUBECONFIG=${KUBECONFIG:-$DEFAULT_KUBECONFIG} - # Templates to safely extract the username,password for the current-context - # user. The long chain of 'with' commands avoids indexing nil if any of the - # entries ("current-context", "contexts"."current-context", "users", etc) - # is missing. - # Note: we save dot ('.') to $root because the 'with' action overrides it. - # See http://golang.org/pkg/text/template/. - local username='{{$dot := .}}{{with $ctx := index $dot "current-context"}}{{range $element := (index $dot "contexts")}}{{ if eq .name $ctx }}{{ with $user := .context.user }}{{range $element := (index $dot "users")}}{{ if eq .name $user }}{{ index . "user" "username" }}{{end}}{{end}}{{end}}{{end}}{{end}}{{end}}' - local password='{{$dot := .}}{{with $ctx := index $dot "current-context"}}{{range $element := (index $dot "contexts")}}{{ if eq .name $ctx }}{{ with $user := .context.user }}{{range $element := (index $dot "users")}}{{ if eq .name $user }}{{ index . "user" "password" }}{{end}}{{end}}{{end}}{{end}}{{end}}{{end}}' - KUBE_USER=$("${KUBE_ROOT}/cluster/kubectl.sh" config view -o template --template="${username}") - KUBE_PASSWORD=$("${KUBE_ROOT}/cluster/kubectl.sh" config view -o template --template="${password}") - # Handle empty/missing username|password - if [[ "${KUBE_USER}" == '' || "$KUBE_PASSWORD" == '' ]]; then - KUBE_USER='' - KUBE_PASSWORD='' + + local cc="current-context" + if [[ ! -z "${KUBE_CONTEXT:-}" ]]; then + cc="${KUBE_CONTEXT}" fi + local user=$("${KUBE_ROOT}/cluster/kubectl.sh" config view -o jsonpath="{.contexts[?(@.name == \"${cc}\")].context.user}") + KUBE_USER=$("${KUBE_ROOT}/cluster/kubectl.sh" config view -o jsonpath="{.users[?(@.name == \"${user}\")].user.username}") + KUBE_PASSWORD=$("${KUBE_ROOT}/cluster/kubectl.sh" config view -o jsonpath="{.users[?(@.name == \"${user}\")].user.password}") } # Generate basic auth user and password. @@ -175,6 +169,7 @@ function gen-kube-basicauth() { # Get the bearer token for the current-context in kubeconfig if one exists. # Assumed vars: # KUBECONFIG # if unset, defaults to global +# KUBE_CONTEXT # if unset, defaults to current-context # # Vars set: # KUBE_BEARER_TOKEN @@ -183,18 +178,13 @@ function gen-kube-basicauth() { # current-context user does not exist or contain a bearer token entry. function get-kubeconfig-bearertoken() { export KUBECONFIG=${KUBECONFIG:-$DEFAULT_KUBECONFIG} - # Template to safely extract the token for the current-context user. - # The long chain of 'with' commands avoids indexing nil if any of the - # entries ("current-context", "contexts"."current-context", "users", etc) - # is missing. - # Note: we save dot ('.') to $root because the 'with' action overrides it. - # See http://golang.org/pkg/text/template/. - local token='{{$dot := .}}{{with $ctx := index $dot "current-context"}}{{range $element := (index $dot "contexts")}}{{ if eq .name $ctx }}{{ with $user := .context.user }}{{range $element := (index $dot "users")}}{{ if eq .name $user }}{{ index . "user" "token" }}{{end}}{{end}}{{end}}{{end}}{{end}}{{end}}' - KUBE_BEARER_TOKEN=$("${KUBE_ROOT}/cluster/kubectl.sh" config view -o template --template="${token}") - # Handle empty/missing token - if [[ "${KUBE_BEARER_TOKEN}" == '' ]]; then - KUBE_BEARER_TOKEN='' + + local cc="current-context" + if [[ ! -z "${KUBE_CONTEXT:-}" ]]; then + cc="${KUBE_CONTEXT}" fi + local user=$("${KUBE_ROOT}/cluster/kubectl.sh" config view -o jsonpath="{.contexts[?(@.name == \"${cc}\")].context.user}") + KUBE_BEARER_TOKEN=$("${KUBE_ROOT}/cluster/kubectl.sh" config view -o jsonpath="{.users[?(@.name == \"${user}\")].user.token}") } # Generate bearer token. @@ -205,10 +195,31 @@ function gen-kube-bearertoken() { KUBE_BEARER_TOKEN=$(dd if=/dev/urandom bs=128 count=1 2>/dev/null | base64 | tr -d "=+/" | dd bs=32 count=1 2>/dev/null) } + +function load-or-gen-kube-basicauth() { + if [[ ! -z "${KUBE_CONTEXT:-}" ]]; then + get-kubeconfig-basicauth + fi + + if [[ -z "${KUBE_USER:-}" || -z "${KUBE_PASSWORD:-}" ]]; then + gen-kube-basicauth + fi +} + +function load-or-gen-kube-bearertoken() { + if [[ ! -z "${KUBE_CONTEXT:-}" ]]; then + get-kubeconfig-bearertoken + fi + if [[ -z "${KUBE_BEARER_TOKEN:-}" ]]; then + gen-kube-bearertoken + fi +} + # Get the master IP for the current-context in kubeconfig if one exists. # # Assumed vars: # KUBECONFIG # if unset, defaults to global +# KUBE_CONTEXT # if unset, defaults to current-context # # Vars set: # KUBE_MASTER_URL @@ -217,18 +228,13 @@ function gen-kube-bearertoken() { # current-context user does not exist or contain a server entry. function detect-master-from-kubeconfig() { export KUBECONFIG=${KUBECONFIG:-$DEFAULT_KUBECONFIG} - # Template to safely extract the server for the current-context cluster. - # The long chain of 'with' commands avoids indexing nil if any of the - # entries ("current-context", "contexts"."current-context", "users", etc) - # is missing. - # Note: we save dot ('.') to $root because the 'with' action overrides it. - # See http://golang.org/pkg/text/template/. - local server_tpl='{{$dot := .}}{{with $ctx := index $dot "current-context"}}{{range $element := (index $dot "contexts")}}{{ if eq .name $ctx }}{{ with $cluster := .context.cluster }}{{range $element := (index $dot "clusters")}}{{ if eq .name $cluster }}{{ index . "cluster" "server" }}{{end}}{{end}}{{end}}{{end}}{{end}}{{end}}' - KUBE_MASTER_URL=$("${KUBE_ROOT}/cluster/kubectl.sh" config view -o template --template="${server_tpl}") - # Handle empty/missing server - if [[ "${KUBE_MASTER_URL}" == '' ]]; then - KUBE_MASTER_URL='' + + local cc="current-context" + if [[ ! -z "${KUBE_CONTEXT:-}" ]]; then + cc="${KUBE_CONTEXT}" fi + local cluster=$("${KUBE_ROOT}/cluster/kubectl.sh" config view -o jsonpath="{.contexts[?(@.name == \"${cc}\")].context.cluster}") + KUBE_MASTER_URL=$("${KUBE_ROOT}/cluster/kubectl.sh" config view -o jsonpath="{.clusters[?(@.name == \"${cluster}\")].cluster.server}") } # Sets KUBE_VERSION variable to the proper version number (e.g. "v1.0.6", diff --git a/cluster/gce/util.sh b/cluster/gce/util.sh index 4c98063b7b..d07859129e 100755 --- a/cluster/gce/util.sh +++ b/cluster/gce/util.sh @@ -575,8 +575,8 @@ function kube-up { ensure-temp-dir detect-project - gen-kube-basicauth - gen-kube-bearertoken + load-or-gen-kube-basicauth + load-or-gen-kube-bearertoken # Make sure we have the tar files staged on Google Storage find-release-tars diff --git a/cluster/libvirt-coreos/util.sh b/cluster/libvirt-coreos/util.sh index 6ec7d4da09..4a1c74be1b 100644 --- a/cluster/libvirt-coreos/util.sh +++ b/cluster/libvirt-coreos/util.sh @@ -183,7 +183,7 @@ function wait-cluster-readiness { function kube-up { detect-master detect-nodes - gen-kube-bearertoken + load-or-gen-kube-bearertoken initialize-pool keep_base_image initialize-network diff --git a/cluster/rackspace/util.sh b/cluster/rackspace/util.sh index 53f37b696f..cf7357d900 100755 --- a/cluster/rackspace/util.sh +++ b/cluster/rackspace/util.sh @@ -274,7 +274,7 @@ kube-up() { KUBE_TEMP=$(mktemp -d -t kubernetes.XXXXXX) trap "rm -rf ${KUBE_TEMP}" EXIT - gen-kube-basicauth + load-or-gen-kube-basicauth python2.7 $(dirname $0)/../third_party/htpasswd/htpasswd.py -b -c ${KUBE_TEMP}/htpasswd $KUBE_USER $KUBE_PASSWORD HTPASSWD=$(cat ${KUBE_TEMP}/htpasswd) diff --git a/cluster/ubuntu/util.sh b/cluster/ubuntu/util.sh index 321c509e5c..a2d41c5173 100755 --- a/cluster/ubuntu/util.sh +++ b/cluster/ubuntu/util.sh @@ -339,7 +339,7 @@ function kube-up() { source "${KUBE_ROOT}/cluster/common.sh" # set kubernetes user and password - gen-kube-basicauth + load-or-gen-kube-basicauth create-kubeconfig } diff --git a/cluster/vagrant/util.sh b/cluster/vagrant/util.sh index bf7e3b91d1..16dd93e8f1 100644 --- a/cluster/vagrant/util.sh +++ b/cluster/vagrant/util.sh @@ -297,7 +297,7 @@ function verify-cluster { # Instantiate a kubernetes cluster function kube-up { - gen-kube-basicauth + load-or-gen-kube-basicauth get-tokens create-provision-scripts diff --git a/cluster/vsphere/util.sh b/cluster/vsphere/util.sh index bd5e5f2eec..c14452fbfb 100755 --- a/cluster/vsphere/util.sh +++ b/cluster/vsphere/util.sh @@ -225,7 +225,7 @@ function kube-up { ensure-temp-dir - gen-kube-basicauth + load-or-gen-kube-basicauth python "${KUBE_ROOT}/third_party/htpasswd/htpasswd.py" \ -b -c "${KUBE_TEMP}/htpasswd" "$KUBE_USER" "$KUBE_PASSWORD" local htpasswd