diff --git a/cmd/kubeadm/app/cmd/BUILD b/cmd/kubeadm/app/cmd/BUILD index 73cb8dd6785..dc1b464a3b3 100644 --- a/cmd/kubeadm/app/cmd/BUILD +++ b/cmd/kubeadm/app/cmd/BUILD @@ -36,6 +36,7 @@ go_library( "//cmd/kubeadm/app/preflight:go_default_library", "//cmd/kubeadm/app/util:go_default_library", "//pkg/api:go_default_library", + "//pkg/bootstrap/api:go_default_library", "//pkg/kubectl:go_default_library", "//pkg/kubectl/cmd/util:go_default_library", "//pkg/util/initsystem:go_default_library", @@ -48,6 +49,7 @@ go_library( "//vendor:k8s.io/apimachinery/pkg/runtime", "//vendor:k8s.io/apimachinery/pkg/util/net", "//vendor:k8s.io/apiserver/pkg/util/flag", + "//vendor:k8s.io/client-go/pkg/api", "//vendor:k8s.io/client-go/util/cert", ], ) diff --git a/cmd/kubeadm/app/cmd/token.go b/cmd/kubeadm/app/cmd/token.go index c6c9957863d..996d674a0d6 100644 --- a/cmd/kubeadm/app/cmd/token.go +++ b/cmd/kubeadm/app/cmd/token.go @@ -29,11 +29,12 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/fields" + "k8s.io/client-go/pkg/api" kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm" kubemaster "k8s.io/kubernetes/cmd/kubeadm/app/master" "k8s.io/kubernetes/cmd/kubeadm/app/phases/kubeconfig" kubeadmutil "k8s.io/kubernetes/cmd/kubeadm/app/util" - "k8s.io/kubernetes/pkg/api" + bootstrapapi "k8s.io/kubernetes/pkg/bootstrap/api" "k8s.io/kubernetes/pkg/kubectl" ) @@ -164,7 +165,7 @@ func RunListTokens(out io.Writer, errW io.Writer, cmd *cobra.Command) error { tokenSelector := fields.SelectorFromSet( map[string]string{ - api.SecretTypeField: string(api.SecretTypeBootstrapToken), + api.SecretTypeField: string(bootstrapapi.SecretTypeBootstrapToken), }, ) listOptions := metav1.ListOptions{ diff --git a/cmd/kubeadm/app/util/BUILD b/cmd/kubeadm/app/util/BUILD index 8e369653048..acde1dbe7eb 100644 --- a/cmd/kubeadm/app/util/BUILD +++ b/cmd/kubeadm/app/util/BUILD @@ -21,8 +21,8 @@ go_library( "//cmd/kubeadm/app/apis/kubeadm:go_default_library", "//cmd/kubeadm/app/apis/kubeadm/v1alpha1:go_default_library", "//cmd/kubeadm/app/preflight:go_default_library", - "//pkg/api:go_default_library", "//pkg/api/v1:go_default_library", + "//pkg/bootstrap/api:go_default_library", "//pkg/client/clientset_generated/clientset:go_default_library", "//vendor:k8s.io/apimachinery/pkg/api/errors", "//vendor:k8s.io/apimachinery/pkg/apis/meta/v1", diff --git a/cmd/kubeadm/app/util/tokens.go b/cmd/kubeadm/app/util/tokens.go index e173cd32577..051fe5e777e 100644 --- a/cmd/kubeadm/app/util/tokens.go +++ b/cmd/kubeadm/app/util/tokens.go @@ -29,8 +29,8 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm" kubeadmapiext "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1alpha1" - "k8s.io/kubernetes/pkg/api" v1 "k8s.io/kubernetes/pkg/api/v1" + bootstrapapi "k8s.io/kubernetes/pkg/bootstrap/api" "k8s.io/kubernetes/pkg/client/clientset_generated/clientset" ) @@ -154,7 +154,9 @@ func UpdateOrCreateToken(client *clientset.Clientset, d *kubeadmapi.TokenDiscove ObjectMeta: metav1.ObjectMeta{ Name: secretName, }, - Type: api.SecretTypeBootstrapToken, + // TODO(jbeda): convert kubeadm to client-go + // https://github.com/kubernetes/kubeadm/issues/52 + Type: v1.SecretType(bootstrapapi.SecretTypeBootstrapToken), Data: encodeTokenSecretData(d, tokenDuration), } if _, err := client.Secrets(metav1.NamespaceSystem).Create(secret); err == nil { diff --git a/hack/.linted_packages b/hack/.linted_packages index 0a91d4c10d4..1e8a9c89280 100644 --- a/hack/.linted_packages +++ b/hack/.linted_packages @@ -87,6 +87,7 @@ pkg/apis/rbac/install pkg/apis/rbac/v1alpha1 pkg/apis/storage/install pkg/apis/storage/validation +pkg/bootstrap/api pkg/client/conditions pkg/client/informers/informers_generated/apps pkg/client/informers/informers_generated/apps/internalversion diff --git a/pkg/BUILD b/pkg/BUILD index e7451b72e77..d8acf431ecd 100644 --- a/pkg/BUILD +++ b/pkg/BUILD @@ -31,6 +31,7 @@ filegroup( "//pkg/apis/storage:all-srcs", "//pkg/auth/authorizer/abac:all-srcs", "//pkg/auth/user:all-srcs", + "//pkg/bootstrap/api:all-srcs", "//pkg/capabilities:all-srcs", "//pkg/client/chaosclient:all-srcs", "//pkg/client/clientset_generated/clientset:all-srcs", diff --git a/pkg/api/types.go b/pkg/api/types.go index 457a5f64566..80e6f430421 100644 --- a/pkg/api/types.go +++ b/pkg/api/types.go @@ -189,6 +189,8 @@ const ( NamespaceNone string = "" // NamespaceSystem is the system namespace where we place system components. NamespaceSystem string = "kube-system" + // NamespacePublic is the namespace where we place public info (ConfigMaps) + NamespacePublic string = "kube-public" // TerminationMessagePathDefault means the default path to capture the application termination message running in a container TerminationMessagePathDefault string = "/dev/termination-log" ) @@ -3344,9 +3346,6 @@ const ( // - Secret.Data["token"] - a token that identifies the service account to the API SecretTypeServiceAccountToken SecretType = "kubernetes.io/service-account-token" - // SecretTypeBootstrapToken is the key for tokens used by kubeadm to validate cluster info during discovery. - SecretTypeBootstrapToken = "bootstrap.kubernetes.io/token" - // ServiceAccountNameKey is the key of the required annotation for SecretTypeServiceAccountToken secrets ServiceAccountNameKey = "kubernetes.io/service-account.name" // ServiceAccountUIDKey is the key of the required annotation for SecretTypeServiceAccountToken secrets diff --git a/pkg/bootstrap/api/BUILD b/pkg/bootstrap/api/BUILD new file mode 100644 index 00000000000..192e9698062 --- /dev/null +++ b/pkg/bootstrap/api/BUILD @@ -0,0 +1,31 @@ +package(default_visibility = ["//visibility:public"]) + +licenses(["notice"]) + +load( + "@io_bazel_rules_go//go:def.bzl", + "go_library", +) + +go_library( + name = "go_default_library", + srcs = [ + "doc.go", + "types.go", + ], + tags = ["automanaged"], + deps = ["//vendor:k8s.io/client-go/pkg/api/v1"], +) + +filegroup( + name = "package-srcs", + srcs = glob(["**"]), + tags = ["automanaged"], + visibility = ["//visibility:private"], +) + +filegroup( + name = "all-srcs", + srcs = [":package-srcs"], + tags = ["automanaged"], +) diff --git a/pkg/bootstrap/api/doc.go b/pkg/bootstrap/api/doc.go new file mode 100644 index 00000000000..9fed79198db --- /dev/null +++ b/pkg/bootstrap/api/doc.go @@ -0,0 +1,20 @@ +/* +Copyright 2017 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package api (pkg/bootstrap/api) contains constants and types needed for +// bootstrap tokens as maintained by the BootstrapSigner and TokenCleaner +// controllers (in pkg/controller/bootstrap) +package api // import "k8s.io/kubernetes/pkg/bootstrap/api" diff --git a/pkg/bootstrap/api/types.go b/pkg/bootstrap/api/types.go new file mode 100644 index 00000000000..8f046792a56 --- /dev/null +++ b/pkg/bootstrap/api/types.go @@ -0,0 +1,48 @@ +/* +Copyright 2017 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package api + +import ( + "k8s.io/client-go/pkg/api/v1" +) + +const ( + // SecretTypeBootstrapToken is used during the automated bootstrap process (first + // implemented by kubeadm). It stores tokens that are used to sign well known + // ConfigMaps. They may also eventually be used for authentication. + SecretTypeBootstrapToken v1.SecretType = "bootstrap.kubernetes.io/token" + + // BootstrapTokenIDKey is the id of this token. This can be transmitted in the + // clear and encoded in the name of the secret. It should be a random 6 + // character string. Required + BootstrapTokenIDKey = "token-id" + + // BootstrapTokenSecretKey is the actual secret. Typically this is a random 16 + // character string. Required. + BootstrapTokenSecretKey = "token-secret" + + // BootstrapTokenExpirationKey is when this token should be expired and no + // longer used. A controller will delete this resource after this time. This + // is an absolute UTC time using RFC3339. If this cannot be parsed, the token + // should be considered invalid. Optional. + BootstrapTokenExpirationKey = "expiration" + + // BootstrapTokenUsageSigningKey signals that this token should be used to + // sign configs as part of the bootstrap process. Value must be "true". Any + // other value is assumed to be false. Optional. + BootstrapTokenUsageSigningKey = "usage-bootstrap-signing" +) diff --git a/staging/src/k8s.io/apimachinery/pkg/apis/meta/v1/types.go b/staging/src/k8s.io/apimachinery/pkg/apis/meta/v1/types.go index af78044bdf0..e9bade7690a 100644 --- a/staging/src/k8s.io/apimachinery/pkg/apis/meta/v1/types.go +++ b/staging/src/k8s.io/apimachinery/pkg/apis/meta/v1/types.go @@ -73,7 +73,7 @@ type ListMeta struct { // These are internal finalizer values for Kubernetes-like APIs, must be qualified name unless defined here const ( - FinalizerOrphan string = "orphan" + FinalizerOrphan string = "orphan" ) // ObjectMeta is metadata that all persisted resources must have, which includes all objects @@ -233,6 +233,8 @@ const ( NamespaceNone string = "" // NamespaceSystem is the system namespace where we place system components. NamespaceSystem string = "kube-system" + // NamespacePublic is the namespace where we place public info (ConfigMaps) + NamespacePublic string = "kube-public" ) // OwnerReference contains enough information to let you identify an owning diff --git a/staging/src/k8s.io/client-go/_vendor/k8s.io/apimachinery/pkg/apis/meta/v1/types.go b/staging/src/k8s.io/client-go/_vendor/k8s.io/apimachinery/pkg/apis/meta/v1/types.go index 11fc5b60f3e..653e8e714a0 100644 --- a/staging/src/k8s.io/client-go/_vendor/k8s.io/apimachinery/pkg/apis/meta/v1/types.go +++ b/staging/src/k8s.io/client-go/_vendor/k8s.io/apimachinery/pkg/apis/meta/v1/types.go @@ -228,6 +228,8 @@ const ( NamespaceNone string = "" // NamespaceSystem is the system namespace where we place system components. NamespaceSystem string = "kube-system" + // NamespacePublic is the namespace where we place public info (ConfigMaps) + NamespacePublic string = "kube-public" ) // OwnerReference contains enough information to let you identify an owning diff --git a/staging/src/k8s.io/client-go/pkg/api/types.go b/staging/src/k8s.io/client-go/pkg/api/types.go index 2e0ac770777..3fbdb1029b4 100644 --- a/staging/src/k8s.io/client-go/pkg/api/types.go +++ b/staging/src/k8s.io/client-go/pkg/api/types.go @@ -189,6 +189,8 @@ const ( NamespaceNone string = "" // NamespaceSystem is the system namespace where we place system components. NamespaceSystem string = "kube-system" + // NamespacePublic is the namespace where we place public info (ConfigMaps) + NamespacePublic string = "kube-public" // TerminationMessagePathDefault means the default path to capture the application termination message running in a container TerminationMessagePathDefault string = "/dev/termination-log" ) @@ -3344,9 +3346,6 @@ const ( // - Secret.Data["token"] - a token that identifies the service account to the API SecretTypeServiceAccountToken SecretType = "kubernetes.io/service-account-token" - // SecretTypeBootstrapToken is the key for tokens used by kubeadm to validate cluster info during discovery. - SecretTypeBootstrapToken = "bootstrap.kubernetes.io/token" - // ServiceAccountNameKey is the key of the required annotation for SecretTypeServiceAccountToken secrets ServiceAccountNameKey = "kubernetes.io/service-account.name" // ServiceAccountUIDKey is the key of the required annotation for SecretTypeServiceAccountToken secrets