From 02622b1401ed9ea3924382a8482121698e902880 Mon Sep 17 00:00:00 2001 From: Jordan Liggitt Date: Thu, 5 Mar 2015 16:30:52 -0500 Subject: [PATCH] Plumb tls and cert options into kubelet start --- cmd/integration/integration.go | 4 ++-- cmd/kubelet/app/server.go | 7 +++++-- cmd/kubernetes/kubernetes.go | 2 +- pkg/kubelet/server.go | 16 ++++++++++++++-- 4 files changed, 22 insertions(+), 7 deletions(-) diff --git a/cmd/integration/integration.go b/cmd/integration/integration.go index e6b6f545f9f..ea6e23180ed 100644 --- a/cmd/integration/integration.go +++ b/cmd/integration/integration.go @@ -211,13 +211,13 @@ func startComponents(manifestURL string) (apiServerURL string) { // Kubelet (localhost) testRootDir := makeTempDirOrDie("kubelet_integ_1.") glog.Infof("Using %s as root dir for kubelet #1", testRootDir) - kubeletapp.SimpleRunKubelet(cl, nil, &fakeDocker1, machineList[0], testRootDir, manifestURL, "127.0.0.1", 10250, api.NamespaceDefault, empty_dir.ProbeVolumePlugins()) + kubeletapp.SimpleRunKubelet(cl, nil, &fakeDocker1, machineList[0], testRootDir, manifestURL, "127.0.0.1", 10250, api.NamespaceDefault, empty_dir.ProbeVolumePlugins(), nil) // Kubelet (machine) // Create a second kubelet so that the guestbook example's two redis slaves both // have a place they can schedule. testRootDir = makeTempDirOrDie("kubelet_integ_2.") glog.Infof("Using %s as root dir for kubelet #2", testRootDir) - kubeletapp.SimpleRunKubelet(cl, nil, &fakeDocker2, machineList[1], testRootDir, "", "127.0.0.1", 10251, api.NamespaceDefault, empty_dir.ProbeVolumePlugins()) + kubeletapp.SimpleRunKubelet(cl, nil, &fakeDocker2, machineList[1], testRootDir, "", "127.0.0.1", 10251, api.NamespaceDefault, empty_dir.ProbeVolumePlugins(), nil) return apiServer.URL } diff --git a/cmd/kubelet/app/server.go b/cmd/kubelet/app/server.go index d5bdc5f3cbb..3fcec121b92 100644 --- a/cmd/kubelet/app/server.go +++ b/cmd/kubelet/app/server.go @@ -255,7 +255,8 @@ func SimpleRunKubelet(client *client.Client, hostname, rootDir, manifestURL, address string, port uint, masterServiceNamespace string, - volumePlugins []volume.Plugin) { + volumePlugins []volume.Plugin, + tlsOptions *kubelet.TLSOptions) { kcfg := KubeletConfig{ KubeClient: client, EtcdClient: etcdClient, @@ -273,6 +274,7 @@ func SimpleRunKubelet(client *client.Client, MaxContainerCount: 5, MasterServiceNamespace: masterServiceNamespace, VolumePlugins: volumePlugins, + TLSOptions: tlsOptions, } RunKubelet(&kcfg) } @@ -318,7 +320,7 @@ func startKubelet(k *kubelet.Kubelet, podCfg *config.PodConfig, kc *KubeletConfi // start the kubelet server if kc.EnableServer { go util.Forever(func() { - kubelet.ListenAndServeKubeletServer(k, net.IP(kc.Address), kc.Port, kc.EnableDebuggingHandlers) + kubelet.ListenAndServeKubeletServer(k, net.IP(kc.Address), kc.Port, kc.TLSOptions, kc.EnableDebuggingHandlers) }, 0) } } @@ -381,6 +383,7 @@ type KubeletConfig struct { VolumePlugins []volume.Plugin StreamingConnectionIdleTimeout time.Duration Recorder record.EventRecorder + TLSOptions *kubelet.TLSOptions } func createAndInitKubelet(kc *KubeletConfig, pc *config.PodConfig) (*kubelet.Kubelet, error) { diff --git a/cmd/kubernetes/kubernetes.go b/cmd/kubernetes/kubernetes.go index 66446920041..be9a3e365cb 100644 --- a/cmd/kubernetes/kubernetes.go +++ b/cmd/kubernetes/kubernetes.go @@ -144,7 +144,7 @@ func startComponents(etcdClient tools.EtcdClient, cl *client.Client, addr net.IP runControllerManager(machineList, cl, *nodeMilliCPU, *nodeMemory) dockerClient := dockertools.ConnectToDockerOrDie(*dockerEndpoint) - kubeletapp.SimpleRunKubelet(cl, nil, dockerClient, machineList[0], "/tmp/kubernetes", "", "127.0.0.1", 10250, *masterServiceNamespace, kubeletapp.ProbeVolumePlugins()) + kubeletapp.SimpleRunKubelet(cl, nil, dockerClient, machineList[0], "/tmp/kubernetes", "", "127.0.0.1", 10250, *masterServiceNamespace, kubeletapp.ProbeVolumePlugins(), nil) } func newApiClient(addr net.IP, port int) *client.Client { diff --git a/pkg/kubelet/server.go b/pkg/kubelet/server.go index 88f444c2708..607bd00c79b 100644 --- a/pkg/kubelet/server.go +++ b/pkg/kubelet/server.go @@ -17,6 +17,7 @@ limitations under the License. package kubelet import ( + "crypto/tls" "encoding/json" "errors" "fmt" @@ -48,8 +49,14 @@ type Server struct { mux *http.ServeMux } +type TLSOptions struct { + Config *tls.Config + CertFile string + KeyFile string +} + // ListenAndServeKubeletServer initializes a server to respond to HTTP network requests on the Kubelet. -func ListenAndServeKubeletServer(host HostInterface, address net.IP, port uint, enableDebuggingHandlers bool) { +func ListenAndServeKubeletServer(host HostInterface, address net.IP, port uint, tlsOptions *TLSOptions, enableDebuggingHandlers bool) { glog.V(1).Infof("Starting to listen on %s:%d", address, port) handler := NewServer(host, enableDebuggingHandlers) s := &http.Server{ @@ -59,7 +66,12 @@ func ListenAndServeKubeletServer(host HostInterface, address net.IP, port uint, WriteTimeout: 5 * time.Minute, MaxHeaderBytes: 1 << 20, } - glog.Fatal(s.ListenAndServe()) + if tlsOptions != nil { + s.TLSConfig = tlsOptions.Config + glog.Fatal(s.ListenAndServeTLS(tlsOptions.CertFile, tlsOptions.KeyFile)) + } else { + glog.Fatal(s.ListenAndServe()) + } } // HostInterface contains all the kubelet methods required by the server.