mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-23 19:56:01 +00:00
Plumb tls and cert options into kubelet start
This commit is contained in:
parent
f901a67ff3
commit
02622b1401
@ -211,13 +211,13 @@ func startComponents(manifestURL string) (apiServerURL string) {
|
|||||||
// Kubelet (localhost)
|
// Kubelet (localhost)
|
||||||
testRootDir := makeTempDirOrDie("kubelet_integ_1.")
|
testRootDir := makeTempDirOrDie("kubelet_integ_1.")
|
||||||
glog.Infof("Using %s as root dir for kubelet #1", testRootDir)
|
glog.Infof("Using %s as root dir for kubelet #1", testRootDir)
|
||||||
kubeletapp.SimpleRunKubelet(cl, nil, &fakeDocker1, machineList[0], testRootDir, manifestURL, "127.0.0.1", 10250, api.NamespaceDefault, empty_dir.ProbeVolumePlugins())
|
kubeletapp.SimpleRunKubelet(cl, nil, &fakeDocker1, machineList[0], testRootDir, manifestURL, "127.0.0.1", 10250, api.NamespaceDefault, empty_dir.ProbeVolumePlugins(), nil)
|
||||||
// Kubelet (machine)
|
// Kubelet (machine)
|
||||||
// Create a second kubelet so that the guestbook example's two redis slaves both
|
// Create a second kubelet so that the guestbook example's two redis slaves both
|
||||||
// have a place they can schedule.
|
// have a place they can schedule.
|
||||||
testRootDir = makeTempDirOrDie("kubelet_integ_2.")
|
testRootDir = makeTempDirOrDie("kubelet_integ_2.")
|
||||||
glog.Infof("Using %s as root dir for kubelet #2", testRootDir)
|
glog.Infof("Using %s as root dir for kubelet #2", testRootDir)
|
||||||
kubeletapp.SimpleRunKubelet(cl, nil, &fakeDocker2, machineList[1], testRootDir, "", "127.0.0.1", 10251, api.NamespaceDefault, empty_dir.ProbeVolumePlugins())
|
kubeletapp.SimpleRunKubelet(cl, nil, &fakeDocker2, machineList[1], testRootDir, "", "127.0.0.1", 10251, api.NamespaceDefault, empty_dir.ProbeVolumePlugins(), nil)
|
||||||
|
|
||||||
return apiServer.URL
|
return apiServer.URL
|
||||||
}
|
}
|
||||||
|
@ -255,7 +255,8 @@ func SimpleRunKubelet(client *client.Client,
|
|||||||
hostname, rootDir, manifestURL, address string,
|
hostname, rootDir, manifestURL, address string,
|
||||||
port uint,
|
port uint,
|
||||||
masterServiceNamespace string,
|
masterServiceNamespace string,
|
||||||
volumePlugins []volume.Plugin) {
|
volumePlugins []volume.Plugin,
|
||||||
|
tlsOptions *kubelet.TLSOptions) {
|
||||||
kcfg := KubeletConfig{
|
kcfg := KubeletConfig{
|
||||||
KubeClient: client,
|
KubeClient: client,
|
||||||
EtcdClient: etcdClient,
|
EtcdClient: etcdClient,
|
||||||
@ -273,6 +274,7 @@ func SimpleRunKubelet(client *client.Client,
|
|||||||
MaxContainerCount: 5,
|
MaxContainerCount: 5,
|
||||||
MasterServiceNamespace: masterServiceNamespace,
|
MasterServiceNamespace: masterServiceNamespace,
|
||||||
VolumePlugins: volumePlugins,
|
VolumePlugins: volumePlugins,
|
||||||
|
TLSOptions: tlsOptions,
|
||||||
}
|
}
|
||||||
RunKubelet(&kcfg)
|
RunKubelet(&kcfg)
|
||||||
}
|
}
|
||||||
@ -318,7 +320,7 @@ func startKubelet(k *kubelet.Kubelet, podCfg *config.PodConfig, kc *KubeletConfi
|
|||||||
// start the kubelet server
|
// start the kubelet server
|
||||||
if kc.EnableServer {
|
if kc.EnableServer {
|
||||||
go util.Forever(func() {
|
go util.Forever(func() {
|
||||||
kubelet.ListenAndServeKubeletServer(k, net.IP(kc.Address), kc.Port, kc.EnableDebuggingHandlers)
|
kubelet.ListenAndServeKubeletServer(k, net.IP(kc.Address), kc.Port, kc.TLSOptions, kc.EnableDebuggingHandlers)
|
||||||
}, 0)
|
}, 0)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -381,6 +383,7 @@ type KubeletConfig struct {
|
|||||||
VolumePlugins []volume.Plugin
|
VolumePlugins []volume.Plugin
|
||||||
StreamingConnectionIdleTimeout time.Duration
|
StreamingConnectionIdleTimeout time.Duration
|
||||||
Recorder record.EventRecorder
|
Recorder record.EventRecorder
|
||||||
|
TLSOptions *kubelet.TLSOptions
|
||||||
}
|
}
|
||||||
|
|
||||||
func createAndInitKubelet(kc *KubeletConfig, pc *config.PodConfig) (*kubelet.Kubelet, error) {
|
func createAndInitKubelet(kc *KubeletConfig, pc *config.PodConfig) (*kubelet.Kubelet, error) {
|
||||||
|
@ -144,7 +144,7 @@ func startComponents(etcdClient tools.EtcdClient, cl *client.Client, addr net.IP
|
|||||||
runControllerManager(machineList, cl, *nodeMilliCPU, *nodeMemory)
|
runControllerManager(machineList, cl, *nodeMilliCPU, *nodeMemory)
|
||||||
|
|
||||||
dockerClient := dockertools.ConnectToDockerOrDie(*dockerEndpoint)
|
dockerClient := dockertools.ConnectToDockerOrDie(*dockerEndpoint)
|
||||||
kubeletapp.SimpleRunKubelet(cl, nil, dockerClient, machineList[0], "/tmp/kubernetes", "", "127.0.0.1", 10250, *masterServiceNamespace, kubeletapp.ProbeVolumePlugins())
|
kubeletapp.SimpleRunKubelet(cl, nil, dockerClient, machineList[0], "/tmp/kubernetes", "", "127.0.0.1", 10250, *masterServiceNamespace, kubeletapp.ProbeVolumePlugins(), nil)
|
||||||
}
|
}
|
||||||
|
|
||||||
func newApiClient(addr net.IP, port int) *client.Client {
|
func newApiClient(addr net.IP, port int) *client.Client {
|
||||||
|
@ -17,6 +17,7 @@ limitations under the License.
|
|||||||
package kubelet
|
package kubelet
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"crypto/tls"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
@ -48,8 +49,14 @@ type Server struct {
|
|||||||
mux *http.ServeMux
|
mux *http.ServeMux
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type TLSOptions struct {
|
||||||
|
Config *tls.Config
|
||||||
|
CertFile string
|
||||||
|
KeyFile string
|
||||||
|
}
|
||||||
|
|
||||||
// ListenAndServeKubeletServer initializes a server to respond to HTTP network requests on the Kubelet.
|
// ListenAndServeKubeletServer initializes a server to respond to HTTP network requests on the Kubelet.
|
||||||
func ListenAndServeKubeletServer(host HostInterface, address net.IP, port uint, enableDebuggingHandlers bool) {
|
func ListenAndServeKubeletServer(host HostInterface, address net.IP, port uint, tlsOptions *TLSOptions, enableDebuggingHandlers bool) {
|
||||||
glog.V(1).Infof("Starting to listen on %s:%d", address, port)
|
glog.V(1).Infof("Starting to listen on %s:%d", address, port)
|
||||||
handler := NewServer(host, enableDebuggingHandlers)
|
handler := NewServer(host, enableDebuggingHandlers)
|
||||||
s := &http.Server{
|
s := &http.Server{
|
||||||
@ -59,7 +66,12 @@ func ListenAndServeKubeletServer(host HostInterface, address net.IP, port uint,
|
|||||||
WriteTimeout: 5 * time.Minute,
|
WriteTimeout: 5 * time.Minute,
|
||||||
MaxHeaderBytes: 1 << 20,
|
MaxHeaderBytes: 1 << 20,
|
||||||
}
|
}
|
||||||
glog.Fatal(s.ListenAndServe())
|
if tlsOptions != nil {
|
||||||
|
s.TLSConfig = tlsOptions.Config
|
||||||
|
glog.Fatal(s.ListenAndServeTLS(tlsOptions.CertFile, tlsOptions.KeyFile))
|
||||||
|
} else {
|
||||||
|
glog.Fatal(s.ListenAndServe())
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// HostInterface contains all the kubelet methods required by the server.
|
// HostInterface contains all the kubelet methods required by the server.
|
||||||
|
Loading…
Reference in New Issue
Block a user