github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-21 19:01:49 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #66690 from spiffxp/verify-no-libressl

Browse Source 
Automatic merge from submit-queue (batch tested with PRs 66284, 66690). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Exit gce kube-up.sh early if openssl is LibreSSL

**What this PR does / why we need it**:

macOS has an openssl binary, but it's actually LibreSSL, which doesn't play well with the easyrsa script that cluster/gce/util.sh uses to generate certs

Instead of waiting until we generate certs to discover easyrsa doesn't work, consider openssl a prereq for gce, and include a check for the version string starting with OpenSSL

Also, mirror kube-up.sh's "... calling" output in kube-down.sh

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes kubernetes/community#1954

```release-note
NONE
```
This commit is contained in:
Kubernetes Submit Queue 2018-07-30 20:01:58 -07:00 committed by GitHub
commit 1b6a505451
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
cluster/gce/util.sh
View File

@ -109,6 +109,11 @@ function split_csv() {
# Verify prereqs
function verify-prereqs() {
local cmd
# we use openssl to generate certs
kube::util::test_openssl_installed
# we use gcloud to create the cluster, gsutil to stage binaries and data
for cmd in gcloud gsutil; do
if ! which "${cmd}" >/dev/null; then
local resp="n"

3
cluster/kube-down.sh
View File

@ -30,8 +30,11 @@ source "${KUBE_ROOT}/cluster/kube-util.sh"
echo "Bringing down cluster using provider: $KUBERNETES_PROVIDER"
echo "... calling verify-prereqs" >&2
verify-prereqs
echo "... calling verify-kube-binaries" >&2
verify-kube-binaries
echo "... calling kube-down" >&2
kube-down
echo "Done"

7
hack/lib/util.sh
View File

@ -539,7 +539,14 @@ function kube::util::test_openssl_installed {
if [ "$?" != "0" ]; then
echo "Failed to run openssl. Please ensure openssl is installed"
exit 1
elif [ "$(openssl version | cut -d\ -f1)" == "LibreSSL" ]; then
echo "LibreSSL is not supported. Please ensure openssl points to an OpenSSL binary"
if [ "$(uname -s)" == "Darwin" ]; then
echo 'On macOS we recommend using homebrew and adding "$(brew --prefix openssl)/bin" to your PATH'
fi
exit 1
fi
OPENSSL_BIN=$(command -v openssl)
}