github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-26 05:03:09 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #39629 from deads2k/generic-18-move-ssh

Browse Source 
Automatic merge from submit-queue

move tunneler out of generic

moves the tunneler out of genericapiserver and under master where its used.

@sttts
This commit is contained in:
Kubernetes Submit Queue 2017-01-12 10:33:49 -08:00 committed by GitHub
commit 1144c2b64c
8 changed files with 71 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cmd/kube-apiserver/app/BUILD
View File

@ -33,6 +33,7 @@ go_library(
"//pkg/kubeapiserver/admission:go_default_library", "//pkg/kubeapiserver/admission:go_default_library",
"//pkg/kubeapiserver/authenticator:go_default_library", "//pkg/kubeapiserver/authenticator:go_default_library",
"//pkg/master:go_default_library", "//pkg/master:go_default_library",
"//pkg/master/tunneler:go_default_library",
"//pkg/registry/cachesize:go_default_library", "//pkg/registry/cachesize:go_default_library",
"//pkg/version:go_default_library", "//pkg/version:go_default_library",
"//plugin/pkg/admission/admit:go_default_library", "//plugin/pkg/admission/admit:go_default_library",

23
cmd/kube-apiserver/app/server.go
View File

@ -57,6 +57,7 @@ import (
kubeadmission "k8s.io/kubernetes/pkg/kubeapiserver/admission" kubeadmission "k8s.io/kubernetes/pkg/kubeapiserver/admission"
kubeauthenticator "k8s.io/kubernetes/pkg/kubeapiserver/authenticator" kubeauthenticator "k8s.io/kubernetes/pkg/kubeapiserver/authenticator"
"k8s.io/kubernetes/pkg/master" "k8s.io/kubernetes/pkg/master"
"k8s.io/kubernetes/pkg/master/tunneler"
"k8s.io/kubernetes/pkg/registry/cachesize" "k8s.io/kubernetes/pkg/registry/cachesize"
"k8s.io/kubernetes/pkg/version" "k8s.io/kubernetes/pkg/version"
) )
@ -123,19 +124,19 @@ func Run(s *options.ServerRunOptions) error {
PerConnectionBandwidthLimitBytesPerSec: s.MaxConnectionBytesPerSec, PerConnectionBandwidthLimitBytesPerSec: s.MaxConnectionBytesPerSec,
}) })
// Setup tunneler if needed // Setup nodeTunneler if needed
var tunneler genericapiserver.Tunneler var nodeTunneler tunneler.Tunneler
var proxyDialerFn utilnet.DialFunc var proxyDialerFn utilnet.DialFunc
if len(s.SSHUser) > 0 { if len(s.SSHUser) > 0 {
// Get ssh key distribution func, if supported // Get ssh key distribution func, if supported
var installSSH genericapiserver.InstallSSHKey var installSSHKey tunneler.InstallSSHKey
cloud, err := cloudprovider.InitCloudProvider(s.CloudProvider.CloudProvider, s.CloudProvider.CloudConfigFile) cloud, err := cloudprovider.InitCloudProvider(s.CloudProvider.CloudProvider, s.CloudProvider.CloudConfigFile)
if err != nil { if err != nil {
return fmt.Errorf("cloud provider could not be initialized: %v", err) return fmt.Errorf("cloud provider could not be initialized: %v", err)
} }
if cloud != nil { if cloud != nil {
if instances, supported := cloud.Instances(); supported { if instances, supported := cloud.Instances(); supported {
installSSH = instances.AddSSHKeyToAllInstances installSSHKey = instances.AddSSHKeyToAllInstances
} }
} }
if s.KubeletConfig.Port == 0 { if s.KubeletConfig.Port == 0 {
@ -144,7 +145,7 @@ func Run(s *options.ServerRunOptions) error {
if s.KubeletConfig.ReadOnlyPort == 0 { if s.KubeletConfig.ReadOnlyPort == 0 {
return fmt.Errorf("must enable kubelet readonly port if proxy ssh-tunneling is specified") return fmt.Errorf("must enable kubelet readonly port if proxy ssh-tunneling is specified")
} }
// Set up the tunneler // Set up the nodeTunneler
// TODO(cjcullen): If we want this to handle per-kubelet ports or other // TODO(cjcullen): If we want this to handle per-kubelet ports or other
// kubelet listen-addresses, we need to plumb through options. // kubelet listen-addresses, we need to plumb through options.
healthCheckPath := &url.URL{ healthCheckPath := &url.URL{
@ -152,12 +153,12 @@ func Run(s *options.ServerRunOptions) error {
Host: net.JoinHostPort("127.0.0.1", strconv.FormatUint(uint64(s.KubeletConfig.ReadOnlyPort), 10)), Host: net.JoinHostPort("127.0.0.1", strconv.FormatUint(uint64(s.KubeletConfig.ReadOnlyPort), 10)),
Path: "healthz", Path: "healthz",
} }
tunneler = genericapiserver.NewSSHTunneler(s.SSHUser, s.SSHKeyfile, healthCheckPath, installSSH) nodeTunneler = tunneler.New(s.SSHUser, s.SSHKeyfile, healthCheckPath, installSSHKey)
// Use the tunneler's dialer to connect to the kubelet // Use the nodeTunneler's dialer to connect to the kubelet
s.KubeletConfig.Dial = tunneler.Dial s.KubeletConfig.Dial = nodeTunneler.Dial
// Use the tunneler's dialer when proxying to pods, services, and nodes // Use the nodeTunneler's dialer when proxying to pods, services, and nodes
proxyDialerFn = tunneler.Dial proxyDialerFn = nodeTunneler.Dial
} }
// Proxying to pods and services is IP-based... don't expect to be able to verify the hostname // Proxying to pods and services is IP-based... don't expect to be able to verify the hostname
@ -311,7 +312,7 @@ func Run(s *options.ServerRunOptions) error {
EnableLogsSupport: true, EnableLogsSupport: true,
ProxyTransport: proxyTransport, ProxyTransport: proxyTransport,
Tunneler: tunneler, Tunneler: nodeTunneler,
ServiceIPRange: serviceIPRange, ServiceIPRange: serviceIPRange,
APIServerServiceIP: apiServerServiceIP, APIServerServiceIP: apiServerServiceIP,

8
pkg/genericapiserver/BUILD
View File

@ -23,7 +23,6 @@ go_library(
"resource_encoding_config.go", "resource_encoding_config.go",
"serve.go", "serve.go",
"storage_factory.go", "storage_factory.go",
"tunneler.go",
], ],
tags = ["automanaged"], tags = ["automanaged"],
deps = [ deps = [
@ -42,11 +41,8 @@ go_library(
"//pkg/genericapiserver/mux:go_default_library", "//pkg/genericapiserver/mux:go_default_library",
"//pkg/genericapiserver/options:go_default_library", "//pkg/genericapiserver/options:go_default_library",
"//pkg/genericapiserver/routes:go_default_library", "//pkg/genericapiserver/routes:go_default_library",
"//pkg/ssh:go_default_library",
"//pkg/storage/storagebackend:go_default_library", "//pkg/storage/storagebackend:go_default_library",
"//pkg/util:go_default_library",
"//pkg/util/cert:go_default_library", "//pkg/util/cert:go_default_library",
"//pkg/util/clock:go_default_library",
"//pkg/util/config:go_default_library", "//pkg/util/config:go_default_library",
"//pkg/version:go_default_library", "//pkg/version:go_default_library",
"//vendor:github.com/coreos/go-systemd/daemon", "//vendor:github.com/coreos/go-systemd/daemon",
@ -56,7 +52,6 @@ go_library(
"//vendor:github.com/golang/glog", "//vendor:github.com/golang/glog",
"//vendor:github.com/pborman/uuid", "//vendor:github.com/pborman/uuid",
"//vendor:github.com/pkg/errors", "//vendor:github.com/pkg/errors",
"//vendor:github.com/prometheus/client_golang/prometheus",
"//vendor:gopkg.in/natefinch/lumberjack.v2", "//vendor:gopkg.in/natefinch/lumberjack.v2",
"//vendor:k8s.io/apimachinery/pkg/apimachinery", "//vendor:k8s.io/apimachinery/pkg/apimachinery",
"//vendor:k8s.io/apimachinery/pkg/apimachinery/registered", "//vendor:k8s.io/apimachinery/pkg/apimachinery/registered",
@ -69,7 +64,6 @@ go_library(
"//vendor:k8s.io/apimachinery/pkg/util/runtime", "//vendor:k8s.io/apimachinery/pkg/util/runtime",
"//vendor:k8s.io/apimachinery/pkg/util/sets", "//vendor:k8s.io/apimachinery/pkg/util/sets",
"//vendor:k8s.io/apimachinery/pkg/util/validation", "//vendor:k8s.io/apimachinery/pkg/util/validation",
"//vendor:k8s.io/apimachinery/pkg/util/wait",
"//vendor:k8s.io/apiserver/pkg/authentication/authenticator", "//vendor:k8s.io/apiserver/pkg/authentication/authenticator",
"//vendor:k8s.io/apiserver/pkg/authentication/request/union", "//vendor:k8s.io/apiserver/pkg/authentication/request/union",
"//vendor:k8s.io/apiserver/pkg/authentication/user", "//vendor:k8s.io/apiserver/pkg/authentication/user",
@ -88,7 +82,6 @@ go_test(
"serve_test.go", "serve_test.go",
"server_run_options_test.go", "server_run_options_test.go",
"storage_factory_test.go", "storage_factory_test.go",
"tunneler_test.go",
], ],
library = ":go_default_library", library = ":go_default_library",
tags = ["automanaged"], tags = ["automanaged"],
@ -107,7 +100,6 @@ go_test(
"//pkg/storage/etcd/testing:go_default_library", "//pkg/storage/etcd/testing:go_default_library",
"//pkg/storage/storagebackend:go_default_library", "//pkg/storage/storagebackend:go_default_library",
"//pkg/util/cert:go_default_library", "//pkg/util/cert:go_default_library",
"//pkg/util/clock:go_default_library",
"//pkg/util/config:go_default_library", "//pkg/util/config:go_default_library",
"//pkg/version:go_default_library", "//pkg/version:go_default_library",
"//vendor:github.com/go-openapi/spec", "//vendor:github.com/go-openapi/spec",

2
pkg/master/BUILD
View File

@ -52,6 +52,7 @@ go_library(
"//pkg/genericapiserver:go_default_library", "//pkg/genericapiserver:go_default_library",
"//pkg/kubelet/client:go_default_library", "//pkg/kubelet/client:go_default_library",
"//pkg/master/thirdparty:go_default_library", "//pkg/master/thirdparty:go_default_library",
"//pkg/master/tunneler:go_default_library",
"//pkg/registry/apps/rest:go_default_library", "//pkg/registry/apps/rest:go_default_library",
"//pkg/registry/authentication/rest:go_default_library", "//pkg/registry/authentication/rest:go_default_library",
"//pkg/registry/authorization/rest:go_default_library", "//pkg/registry/authorization/rest:go_default_library",
@ -148,6 +149,7 @@ filegroup(
":package-srcs", ":package-srcs",
"//pkg/master/ports:all-srcs", "//pkg/master/ports:all-srcs",
"//pkg/master/thirdparty:all-srcs", "//pkg/master/thirdparty:all-srcs",
"//pkg/master/tunneler:all-srcs",
], ],
tags = ["automanaged"], tags = ["automanaged"],
) )

11
pkg/master/master.go
View File

@ -45,6 +45,7 @@ import (
"k8s.io/kubernetes/pkg/genericapiserver" "k8s.io/kubernetes/pkg/genericapiserver"
kubeletclient "k8s.io/kubernetes/pkg/kubelet/client" kubeletclient "k8s.io/kubernetes/pkg/kubelet/client"
"k8s.io/kubernetes/pkg/master/thirdparty" "k8s.io/kubernetes/pkg/master/thirdparty"
"k8s.io/kubernetes/pkg/master/tunneler"
"k8s.io/kubernetes/pkg/registry/generic" "k8s.io/kubernetes/pkg/registry/generic"
genericregistry "k8s.io/kubernetes/pkg/registry/generic/registry" genericregistry "k8s.io/kubernetes/pkg/registry/generic/registry"
"k8s.io/kubernetes/pkg/routes" "k8s.io/kubernetes/pkg/routes"
@ -86,7 +87,7 @@ type Config struct {
KubeletClientConfig kubeletclient.KubeletClientConfig KubeletClientConfig kubeletclient.KubeletClientConfig
// Used to start and monitor tunneling // Used to start and monitor tunneling
Tunneler genericapiserver.Tunneler Tunneler tunneler.Tunneler
EnableUISupport bool EnableUISupport bool
EnableLogsSupport bool EnableLogsSupport bool
ProxyTransport http.RoundTripper ProxyTransport http.RoundTripper
@ -283,13 +284,13 @@ func (m *Master) InstallLegacyAPI(c *Config, restOptionsGetter generic.RESTOptio
} }
} }
func (m *Master) installTunneler(tunneler genericapiserver.Tunneler, nodeClient corev1client.NodeInterface) { func (m *Master) installTunneler(nodeTunneler tunneler.Tunneler, nodeClient corev1client.NodeInterface) {
tunneler.Run(nodeAddressProvider{nodeClient}.externalAddresses) nodeTunneler.Run(nodeAddressProvider{nodeClient}.externalAddresses)
m.GenericAPIServer.AddHealthzChecks(healthz.NamedCheck("SSH Tunnel Check", genericapiserver.TunnelSyncHealthChecker(tunneler))) m.GenericAPIServer.AddHealthzChecks(healthz.NamedCheck("SSH Tunnel Check", tunneler.TunnelSyncHealthChecker(nodeTunneler)))
prometheus.NewGaugeFunc(prometheus.GaugeOpts{ prometheus.NewGaugeFunc(prometheus.GaugeOpts{
Name: "apiserver_proxy_tunnel_sync_latency_secs", Name: "apiserver_proxy_tunnel_sync_latency_secs",
Help: "The time since the last successful synchronization of the SSH tunnels for proxy requests.", Help: "The time since the last successful synchronization of the SSH tunnels for proxy requests.",
}, func() float64 { return float64(tunneler.SecondsSinceSync()) }) }, func() float64 { return float64(nodeTunneler.SecondsSinceSync()) })
} }
// RESTStorageProvider is a factory type for REST storage. // RESTStorageProvider is a factory type for REST storage.

47
pkg/master/tunneler/BUILD Normal file
View File

@ -0,0 +1,47 @@
package(default_visibility = ["//visibility:public"])
licenses(["notice"])
load(
"@io_bazel_rules_go//go:def.bzl",
"go_library",
"go_test",
)
go_test(
name = "go_default_test",
srcs = ["ssh_test.go"],
library = ":go_default_library",
tags = ["automanaged"],
deps = [
"//pkg/util/clock:go_default_library",
"//vendor:github.com/stretchr/testify/assert",
],
)
go_library(
name = "go_default_library",
srcs = ["ssh.go"],
tags = ["automanaged"],
deps = [
"//pkg/ssh:go_default_library",
"//pkg/util:go_default_library",
"//pkg/util/clock:go_default_library",
"//vendor:github.com/golang/glog",
"//vendor:github.com/prometheus/client_golang/prometheus",
"//vendor:k8s.io/apimachinery/pkg/util/wait",
],
)
filegroup(
name = "package-srcs",
srcs = glob(["**"]),
tags = ["automanaged"],
visibility = ["//visibility:private"],
)
filegroup(
name = "all-srcs",
srcs = [":package-srcs"],
tags = ["automanaged"],
)

4
pkg/genericapiserver/tunneler.go → pkg/master/tunneler/ssh.go
View File

@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/ */
package genericapiserver package tunneler
import ( import (
"fmt" "fmt"
@ -85,7 +85,7 @@ type SSHTunneler struct {
stopChan chan struct{} stopChan chan struct{}
} }
func NewSSHTunneler(sshUser, sshKeyfile string, healthCheckURL *url.URL, installSSHKey InstallSSHKey) Tunneler { func New(sshUser, sshKeyfile string, healthCheckURL *url.URL, installSSHKey InstallSSHKey) Tunneler {
return &SSHTunneler{ return &SSHTunneler{
SSHUser: sshUser, SSHUser: sshUser,
SSHKeyfile: sshKeyfile, SSHKeyfile: sshKeyfile,

2
pkg/genericapiserver/tunneler_test.go → pkg/master/tunneler/ssh_test.go
View File

@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/ */
package genericapiserver package tunneler
import ( import (
"fmt" "fmt"