github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
k3s/pkg/cloudprovider/providers
History
Kubernetes Submit Queue 2d1f42e0b1
Merge pull request #63902 from vmware/vcp_secrets 
Automatic merge from submit-queue (batch tested with PRs 63969, 63902, 63689, 63973, 63978). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Adds a mechanism in vSphere Cloud Provider to get credentials from Kubernetes secrets

**What this PR does / why we need it**:
Currently, vCenter credentials are stored in plain text in vsphere.conf. This PR adds a mechanism in vSphere Cloud Provider to get vCenter credentials from Kubernetes secrets.

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #

**Special notes for your reviewer**:
Internally review here: https://github.com/vmware/kubernetes/pull/484
**Workflow:**
1. Create vsphere.conf file with ```secret-name``` and ```secret-namespace```.
	```
	[Global]
	insecure-flag = 1
	secret-name = "vcconf"
	secret-namespace = "kube-system"

	[VirtualCenter "10.160.45.119"]
	port = 443
	datacenters = k8s-dc-1

	[Workspace]
	server = 10.160.45.119
	datacenter = k8s-dc-1
	default-datastore = sharedVMFS-0
	folder = Discovered virtual machine
	```
2. Launch Kubernetes cluster with vSphere Cloud Provider Configured.
3. Create secret with vCenter credentials.
	a. Create base64 encoding for username and password:
	username:
	```	
		> echo -n 'admin' | base64
		YWRtaW4= 
	```
	password:
	```
		> echo -n 'vsphere' | base64
		dnNwaGVyZQ==
	```

	b. kubectl create -f vccredentials.yaml
	```
		#vccredentials.yaml
		apiVersion: v1
		kind: Secret
		metadata:
			name: vcconf
		type: Opaque
		data:
			10.192.44.199.username: YWRtaW4=
			10.192.44.199.password: dnNwaGVyZQ==
	```
4. vSphere Cloud Provider can be used now.

**Note:**
Secrets info can be provided with both (old and new) vSphere Cloud provider configuration formats.


**Tests Done:**
- [x] vSphere Cloud Provider unit test.
- [x] Volume lifecyle with Username and Password in vsphere.conf (for backward compability)
- [x] Volume lifecyle with secrets information in vsphere.conf.
- [x] Update secrets workflow

**Release note**:

```release-note
Adds a mechanism in vSphere Cloud Provider to get credentials from Kubernetes secrets
```
 		2018-05-18 15:59:15 -07:00
..
aws Merge pull request #58874 from sorenmat/sg_tag_verbose 2018-05-09 05:48:42 -07:00
azure Fix unit tests for new interfaces 2018-05-09 12:47:56 +08:00
cloudstack Use cloudprovider.NotImplemented in AddSSHKeyToAllInstances 2018-04-27 13:19:06 -07:00
fake PR #59323, fix bug and remove one api call, add node util dependency to cloud controller 2018-04-22 20:32:26 +03:00
gce gce provider: point to hack/update-cloudprovider-gce.sh in doc 2018-05-17 17:25:33 -07:00
openstack Revert "Openstack: register metadata.hostname as node name" 2018-05-15 22:49:21 -04:00
ovirt PR #59323, fix bug and remove one api call, add node util dependency to cloud controller 2018-04-22 20:32:26 +03:00
photon PR #59323, fix bug and remove one api call, add node util dependency to cloud controller 2018-04-22 20:32:26 +03:00
vsphere Add kubernetes license to credential manager 2018-05-17 12:10:30 -07:00
BUILD update BUILD files 2017-10-15 18:18:13 -07:00
providers.go remove rackspace related code 2017-09-22 18:06:50 +08:00