Plumb tls and cert options into kubelet start

This commit is contained in:
Jordan Liggitt 2015-03-05 16:30:52 -05:00
parent f901a67ff3
commit 02622b1401
4 changed files with 22 additions and 7 deletions

View File

@ -211,13 +211,13 @@ func startComponents(manifestURL string) (apiServerURL string) {
// Kubelet (localhost) // Kubelet (localhost)
testRootDir := makeTempDirOrDie("kubelet_integ_1.") testRootDir := makeTempDirOrDie("kubelet_integ_1.")
glog.Infof("Using %s as root dir for kubelet #1", testRootDir) glog.Infof("Using %s as root dir for kubelet #1", testRootDir)
kubeletapp.SimpleRunKubelet(cl, nil, &fakeDocker1, machineList[0], testRootDir, manifestURL, "127.0.0.1", 10250, api.NamespaceDefault, empty_dir.ProbeVolumePlugins()) kubeletapp.SimpleRunKubelet(cl, nil, &fakeDocker1, machineList[0], testRootDir, manifestURL, "127.0.0.1", 10250, api.NamespaceDefault, empty_dir.ProbeVolumePlugins(), nil)
// Kubelet (machine) // Kubelet (machine)
// Create a second kubelet so that the guestbook example's two redis slaves both // Create a second kubelet so that the guestbook example's two redis slaves both
// have a place they can schedule. // have a place they can schedule.
testRootDir = makeTempDirOrDie("kubelet_integ_2.") testRootDir = makeTempDirOrDie("kubelet_integ_2.")
glog.Infof("Using %s as root dir for kubelet #2", testRootDir) glog.Infof("Using %s as root dir for kubelet #2", testRootDir)
kubeletapp.SimpleRunKubelet(cl, nil, &fakeDocker2, machineList[1], testRootDir, "", "127.0.0.1", 10251, api.NamespaceDefault, empty_dir.ProbeVolumePlugins()) kubeletapp.SimpleRunKubelet(cl, nil, &fakeDocker2, machineList[1], testRootDir, "", "127.0.0.1", 10251, api.NamespaceDefault, empty_dir.ProbeVolumePlugins(), nil)
return apiServer.URL return apiServer.URL
} }

View File

@ -255,7 +255,8 @@ func SimpleRunKubelet(client *client.Client,
hostname, rootDir, manifestURL, address string, hostname, rootDir, manifestURL, address string,
port uint, port uint,
masterServiceNamespace string, masterServiceNamespace string,
volumePlugins []volume.Plugin) { volumePlugins []volume.Plugin,
tlsOptions *kubelet.TLSOptions) {
kcfg := KubeletConfig{ kcfg := KubeletConfig{
KubeClient: client, KubeClient: client,
EtcdClient: etcdClient, EtcdClient: etcdClient,
@ -273,6 +274,7 @@ func SimpleRunKubelet(client *client.Client,
MaxContainerCount: 5, MaxContainerCount: 5,
MasterServiceNamespace: masterServiceNamespace, MasterServiceNamespace: masterServiceNamespace,
VolumePlugins: volumePlugins, VolumePlugins: volumePlugins,
TLSOptions: tlsOptions,
} }
RunKubelet(&kcfg) RunKubelet(&kcfg)
} }
@ -318,7 +320,7 @@ func startKubelet(k *kubelet.Kubelet, podCfg *config.PodConfig, kc *KubeletConfi
// start the kubelet server // start the kubelet server
if kc.EnableServer { if kc.EnableServer {
go util.Forever(func() { go util.Forever(func() {
kubelet.ListenAndServeKubeletServer(k, net.IP(kc.Address), kc.Port, kc.EnableDebuggingHandlers) kubelet.ListenAndServeKubeletServer(k, net.IP(kc.Address), kc.Port, kc.TLSOptions, kc.EnableDebuggingHandlers)
}, 0) }, 0)
} }
} }
@ -381,6 +383,7 @@ type KubeletConfig struct {
VolumePlugins []volume.Plugin VolumePlugins []volume.Plugin
StreamingConnectionIdleTimeout time.Duration StreamingConnectionIdleTimeout time.Duration
Recorder record.EventRecorder Recorder record.EventRecorder
TLSOptions *kubelet.TLSOptions
} }
func createAndInitKubelet(kc *KubeletConfig, pc *config.PodConfig) (*kubelet.Kubelet, error) { func createAndInitKubelet(kc *KubeletConfig, pc *config.PodConfig) (*kubelet.Kubelet, error) {

View File

@ -144,7 +144,7 @@ func startComponents(etcdClient tools.EtcdClient, cl *client.Client, addr net.IP
runControllerManager(machineList, cl, *nodeMilliCPU, *nodeMemory) runControllerManager(machineList, cl, *nodeMilliCPU, *nodeMemory)
dockerClient := dockertools.ConnectToDockerOrDie(*dockerEndpoint) dockerClient := dockertools.ConnectToDockerOrDie(*dockerEndpoint)
kubeletapp.SimpleRunKubelet(cl, nil, dockerClient, machineList[0], "/tmp/kubernetes", "", "127.0.0.1", 10250, *masterServiceNamespace, kubeletapp.ProbeVolumePlugins()) kubeletapp.SimpleRunKubelet(cl, nil, dockerClient, machineList[0], "/tmp/kubernetes", "", "127.0.0.1", 10250, *masterServiceNamespace, kubeletapp.ProbeVolumePlugins(), nil)
} }
func newApiClient(addr net.IP, port int) *client.Client { func newApiClient(addr net.IP, port int) *client.Client {

View File

@ -17,6 +17,7 @@ limitations under the License.
package kubelet package kubelet
import ( import (
"crypto/tls"
"encoding/json" "encoding/json"
"errors" "errors"
"fmt" "fmt"
@ -48,8 +49,14 @@ type Server struct {
mux *http.ServeMux mux *http.ServeMux
} }
type TLSOptions struct {
Config *tls.Config
CertFile string
KeyFile string
}
// ListenAndServeKubeletServer initializes a server to respond to HTTP network requests on the Kubelet. // ListenAndServeKubeletServer initializes a server to respond to HTTP network requests on the Kubelet.
func ListenAndServeKubeletServer(host HostInterface, address net.IP, port uint, enableDebuggingHandlers bool) { func ListenAndServeKubeletServer(host HostInterface, address net.IP, port uint, tlsOptions *TLSOptions, enableDebuggingHandlers bool) {
glog.V(1).Infof("Starting to listen on %s:%d", address, port) glog.V(1).Infof("Starting to listen on %s:%d", address, port)
handler := NewServer(host, enableDebuggingHandlers) handler := NewServer(host, enableDebuggingHandlers)
s := &http.Server{ s := &http.Server{
@ -59,7 +66,12 @@ func ListenAndServeKubeletServer(host HostInterface, address net.IP, port uint,
WriteTimeout: 5 * time.Minute, WriteTimeout: 5 * time.Minute,
MaxHeaderBytes: 1 << 20, MaxHeaderBytes: 1 << 20,
} }
glog.Fatal(s.ListenAndServe()) if tlsOptions != nil {
s.TLSConfig = tlsOptions.Config
glog.Fatal(s.ListenAndServeTLS(tlsOptions.CertFile, tlsOptions.KeyFile))
} else {
glog.Fatal(s.ListenAndServe())
}
} }
// HostInterface contains all the kubelet methods required by the server. // HostInterface contains all the kubelet methods required by the server.