mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-22 19:31:44 +00:00
Merge pull request #78044 from dekkagaijin/patch-6
Consolidate logic to ensure kubectl auth
This commit is contained in:
commit
0203192970
@ -588,7 +588,7 @@ function create-master-auth {
|
|||||||
append_or_replace_prefixed_line "${known_tokens_csv}" "${KUBE_BEARER_TOKEN}," "admin,admin,system:masters"
|
append_or_replace_prefixed_line "${known_tokens_csv}" "${KUBE_BEARER_TOKEN}," "admin,admin,system:masters"
|
||||||
fi
|
fi
|
||||||
if [[ -n "${KUBE_BOOTSTRAP_TOKEN:-}" ]]; then
|
if [[ -n "${KUBE_BOOTSTRAP_TOKEN:-}" ]]; then
|
||||||
append_or_replace_prefixed_line "${known_tokens_csv}" "${KUBE_BOOTSTRAP_TOKEN}," "system:cluster-bootstrap,uid:system:cluster-bootstrap,system:masters"
|
append_or_replace_prefixed_line "${known_tokens_csv}" "${KUBE_BOOTSTRAP_TOKEN}," "gcp:kube-bootstrap,uid:gcp:kube-bootstrap,system:masters"
|
||||||
fi
|
fi
|
||||||
if [[ -n "${KUBE_CONTROLLER_MANAGER_TOKEN:-}" ]]; then
|
if [[ -n "${KUBE_CONTROLLER_MANAGER_TOKEN:-}" ]]; then
|
||||||
append_or_replace_prefixed_line "${known_tokens_csv}" "${KUBE_CONTROLLER_MANAGER_TOKEN}," "system:kube-controller-manager,uid:system:kube-controller-manager"
|
append_or_replace_prefixed_line "${known_tokens_csv}" "${KUBE_CONTROLLER_MANAGER_TOKEN}," "system:kube-controller-manager,uid:system:kube-controller-manager"
|
||||||
@ -1506,7 +1506,7 @@ function compute-master-manifest-variables {
|
|||||||
INSECURE_PORT_MAPPING=""
|
INSECURE_PORT_MAPPING=""
|
||||||
if [[ "${ENABLE_APISERVER_INSECURE_PORT:-false}" == "true" ]]; then
|
if [[ "${ENABLE_APISERVER_INSECURE_PORT:-false}" == "true" ]]; then
|
||||||
INSECURE_PORT_MAPPING="{ \"name\": \"local\", \"containerPort\": 8080, \"hostPort\": 8080},"
|
INSECURE_PORT_MAPPING="{ \"name\": \"local\", \"containerPort\": 8080, \"hostPort\": 8080},"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
# A helper function that bind mounts kubelet dirs for running mount in a chroot
|
# A helper function that bind mounts kubelet dirs for running mount in a chroot
|
||||||
@ -2846,11 +2846,12 @@ function wait-till-apiserver-ready() {
|
|||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
function ensure-bootstrap-kubectl-auth {
|
function ensure-master-bootstrap-kubectl-auth {
|
||||||
# Creating an authenticated kubeconfig is only necessary if the insecure port is disabled.
|
# By default, `kubectl` uses http://localhost:8080
|
||||||
|
# If the insecure port is disabled, kubectl will need to use an admin-authenticated kubeconfig.
|
||||||
if [[ -n "${KUBE_BOOTSTRAP_TOKEN:-}" ]]; then
|
if [[ -n "${KUBE_BOOTSTRAP_TOKEN:-}" ]]; then
|
||||||
create-kubeconfig "cluster-bootstrap" ${KUBE_BOOTSTRAP_TOKEN}
|
create-kubeconfig "kube-bootstrap" "${KUBE_BOOTSTRAP_TOKEN}"
|
||||||
export KUBECONFIG=/etc/srv/kubernetes/cluster-bootstrap/kubeconfig
|
export KUBECONFIG=/etc/srv/kubernetes/kube-bootstrap/kubeconfig
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2971,13 +2972,13 @@ function main() {
|
|||||||
KUBE_CONTROLLER_MANAGER_TOKEN="$(secure_random 32)"
|
KUBE_CONTROLLER_MANAGER_TOKEN="$(secure_random 32)"
|
||||||
KUBE_SCHEDULER_TOKEN="$(secure_random 32)"
|
KUBE_SCHEDULER_TOKEN="$(secure_random 32)"
|
||||||
KUBE_CLUSTER_AUTOSCALER_TOKEN="$(secure_random 32)"
|
KUBE_CLUSTER_AUTOSCALER_TOKEN="$(secure_random 32)"
|
||||||
if [[ "${ENABLE_APISERVER_INSECURE_PORT:-false}" != "true" ]]; then
|
|
||||||
KUBE_BOOTSTRAP_TOKEN="$(secure_random 32)"
|
|
||||||
fi
|
|
||||||
if [[ "${ENABLE_L7_LOADBALANCING:-}" == "glbc" ]]; then
|
if [[ "${ENABLE_L7_LOADBALANCING:-}" == "glbc" ]]; then
|
||||||
GCE_GLBC_TOKEN="$(secure_random 32)"
|
GCE_GLBC_TOKEN="$(secure_random 32)"
|
||||||
fi
|
fi
|
||||||
ADDON_MANAGER_TOKEN="$(secure_random 32)"
|
ADDON_MANAGER_TOKEN="$(secure_random 32)"
|
||||||
|
if [[ "${ENABLE_APISERVER_INSECURE_PORT:-false}" != "true" ]]; then
|
||||||
|
KUBE_BOOTSTRAP_TOKEN="$(secure_random 32)"
|
||||||
|
fi
|
||||||
|
|
||||||
setup-os-params
|
setup-os-params
|
||||||
config-ip-firewall
|
config-ip-firewall
|
||||||
@ -2990,7 +2991,7 @@ function main() {
|
|||||||
create-node-pki
|
create-node-pki
|
||||||
create-master-pki
|
create-master-pki
|
||||||
create-master-auth
|
create-master-auth
|
||||||
ensure-bootstrap-kubectl-auth
|
ensure-master-bootstrap-kubectl-auth
|
||||||
create-master-kubelet-auth
|
create-master-kubelet-auth
|
||||||
create-master-etcd-auth
|
create-master-etcd-auth
|
||||||
create-master-etcd-apiserver-auth
|
create-master-etcd-apiserver-auth
|
||||||
|
Loading…
Reference in New Issue
Block a user