github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-29 14:37:00 +00:00
Code Issues Projects Releases Wiki Activity

Make sshproxy use a hostmount on master PD (don't spam sshKeys on upgrade/reboot).

Browse Source 
Add comment describing what SSHTunnelList.Close() does.
Simplify util.FileExists.
This commit is contained in:
CJ Cullen 2015-06-05 14:49:26 -07:00
parent cb317604ab
commit 04cd9b3c75
4 changed files with 17 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
cluster/gce/configure-vm.sh
View File

@ -220,9 +220,12 @@ mount-master-pd() {
mkdir -p /mnt/master-pd/srv/kubernetes mkdir -p /mnt/master-pd/srv/kubernetes
# Contains the cluster's initial config parameters and auth tokens # Contains the cluster's initial config parameters and auth tokens
mkdir -p /mnt/master-pd/srv/salt-overlay mkdir -p /mnt/master-pd/srv/salt-overlay
# Directory for kube-apiserver to store SSH key (if necessary)
mkdir -p /mnt/master-pd/srv/sshproxy
ln -s -f /mnt/master-pd/var/etcd /var/etcd ln -s -f /mnt/master-pd/var/etcd /var/etcd
ln -s -f /mnt/master-pd/srv/kubernetes /srv/kubernetes ln -s -f /mnt/master-pd/srv/kubernetes /srv/kubernetes
ln -s -f /mnt/master-pd/srv/sshproxy /srv/sshproxy
ln -s -f /mnt/master-pd/srv/salt-overlay /srv/salt-overlay ln -s -f /mnt/master-pd/srv/salt-overlay /srv/salt-overlay
# This is a bit of a hack to get around the fact that salt has to run after the # This is a bit of a hack to get around the fact that salt has to run after the

11
cluster/saltbase/salt/kube-apiserver/kube-apiserver.manifest
View File

@ -25,7 +25,7 @@
{% set proxy_ssh_options = "" -%} {% set proxy_ssh_options = "" -%}
{% if grains.proxy_ssh_user is defined -%} {% if grains.proxy_ssh_user is defined -%}
{% set proxy_ssh_options = "--ssh-user=" + grains.proxy_ssh_user + " --ssh-keyfile=/sshproxy/.sshkeyfile" -%} {% set proxy_ssh_options = "--ssh-user=" + grains.proxy_ssh_user + " --ssh-keyfile=/srv/sshproxy/.sshkeyfile" -%}
{% endif -%} {% endif -%}
{% set address = "--address=127.0.0.1" -%} {% set address = "--address=127.0.0.1" -%}
@ -143,8 +143,8 @@
{ "name": "etcpkitls", { "name": "etcpkitls",
"mountPath": "/etc/pki/tls", "mountPath": "/etc/pki/tls",
"readOnly": true}, "readOnly": true},
{ "name": "sshproxy", { "name": "srvsshproxy",
"mountPath": "/sshproxy", "mountPath": "/srv/sshproxy",
"readOnly": false} "readOnly": false}
] ]
} }
@ -191,8 +191,9 @@
"hostPath": { "hostPath": {
"path": "/etc/pki/tls"} "path": "/etc/pki/tls"}
}, },
{ "name": "sshproxy", { "name": "srvsshproxy",
"emptyDir": {} "hostPath": {
"path": "/srv/sshproxy"}
} }
] ]
}} }}

4
pkg/util/ssh.go
View File

@ -91,7 +91,6 @@ func (s *SSHTunnel) tunnel(conn net.Conn, remoteHost, remotePort string) error {
} }
func (s *SSHTunnel) Close() error { func (s *SSHTunnel) Close() error {
glog.Infof("Closing tunnel for host: %q", s.Host)
if err := s.client.Close(); err != nil { if err := s.client.Close(); err != nil {
return err return err
} }
@ -183,6 +182,9 @@ func (l SSHTunnelList) Open() error {
return nil return nil
} }
// Close asynchronously closes all tunnels in the list after waiting for 1
// minute. Tunnels will still be open upon this function's return, but should
// no longer be used.
func (l SSHTunnelList) Close() { func (l SSHTunnelList) Close() {
for ix := range l { for ix := range l {
entry := l[ix] entry := l[ix]

13
pkg/util/util.go
View File

@ -515,16 +515,13 @@ func ShortenString(str string, n int) string {
} else { } else {
return str[:n] return str[:n]
} }
}
func FileExists(filename string) (bool, error) { func FileExists(filename string) (bool, error) {
file, err := os.Open(filename) if _, err := os.Stat(filename); os.IsNotExist(err) {
defer file.Close() return false, nil
if err != nil { } else if err != nil {
if os.IsNotExist(err) { return false, err
return false, nil
} else {
return false, err
}
} }
return true, nil return true, nil
} }