github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-03 17:30:00 +00:00
Code Issues Projects Releases Wiki Activity

Make kube2sky fall back on service accounts

Browse Source 
Service accounts are as yet unverified (no CA cert) but at least it will work.
This commit is contained in:
Tim Hockin 2015-06-19 20:59:58 -07:00
parent 88ce0ad8e9
commit 2b4da35499
4 changed files with 29 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cluster/addons/dns/kube2sky/Changelog
View File

@ -1,3 +1,7 @@
## Version 1.10 (Jun 19 2015 Tim Hockin <thockin@google.com>)
- Fall back on service account tokens if no other auth is specified.
## Version 1.9 (May 28 2015 Abhishek Shah <abshah@google.com>) ## Version 1.9 (May 28 2015 Abhishek Shah <abshah@google.com>)
- Add SRV support. - Add SRV support.

2
cluster/addons/dns/kube2sky/Makefile
View File

@ -4,7 +4,7 @@
.PHONY: all kube2sky container push clean test .PHONY: all kube2sky container push clean test
TAG = 1.9 TAG = 1.10
PREFIX = gcr.io/google_containers PREFIX = gcr.io/google_containers
all: container all: container

32
cluster/addons/dns/kube2sky/kube2sky.go
View File

@ -46,10 +46,11 @@ import (
) )
var ( var (
// TODO: switch to pflag and make - and _ equivalent.
argDomain = flag.String("domain", "cluster.local", "domain under which to create names") argDomain = flag.String("domain", "cluster.local", "domain under which to create names")
argEtcdMutationTimeout = flag.Duration("etcd_mutation_timeout", 10*time.Second, "crash after retrying etcd mutation for a specified duration") argEtcdMutationTimeout = flag.Duration("etcd_mutation_timeout", 10*time.Second, "crash after retrying etcd mutation for a specified duration")
argEtcdServer = flag.String("etcd-server", "http://127.0.0.1:4001", "URL to etcd server") argEtcdServer = flag.String("etcd-server", "http://127.0.0.1:4001", "URL to etcd server")
argKubecfgFile = flag.String("kubecfg_file", "", "Location of kubecfg file for access to kubernetes service") argKubecfgFile = flag.String("kubecfg_file", "", "Location of kubecfg file for access to kubernetes master service; --kube_master_url overrides the URL part of this; if neither this nor --kube_master_url are provided, defaults to service account tokens")
argKubeMasterURL = flag.String("kube_master_url", "", "URL to reach kubernetes master. Env variables in this flag will be expanded.") argKubeMasterURL = flag.String("kube_master_url", "", "URL to reach kubernetes master. Env variables in this flag will be expanded.")
) )
@ -405,7 +406,7 @@ func newEtcdClient(etcdServer string) (*etcd.Client, error) {
return client, nil return client, nil
} }
func getKubeMasterURL() (string, error) { func expandKubeMasterURL() (string, error) {
parsedURL, err := url.Parse(os.ExpandEnv(*argKubeMasterURL)) parsedURL, err := url.Parse(os.ExpandEnv(*argKubeMasterURL))
if err != nil { if err != nil {
return "", fmt.Errorf("failed to parse --kube_master_url %s - %v", *argKubeMasterURL, err) return "", fmt.Errorf("failed to parse --kube_master_url %s - %v", *argKubeMasterURL, err)
@ -423,31 +424,34 @@ func newKubeClient() (*kclient.Client, error) {
err error err error
masterURL string masterURL string
) )
// If the user specified --kube_master_url, expand env vars and verify it.
if *argKubeMasterURL != "" { if *argKubeMasterURL != "" {
masterURL, err = getKubeMasterURL() masterURL, err = expandKubeMasterURL()
if err != nil { if err != nil {
return nil, err return nil, err
} }
} }
if *argKubecfgFile == "" { if masterURL != "" && *argKubecfgFile == "" {
if masterURL == "" { // Only --kube_master_url was provided.
return nil, fmt.Errorf("--kube_master_url must be set when --kubecfg_file is not set")
}
config = &kclient.Config{ config = &kclient.Config{
Host: masterURL, Host: masterURL,
Version: "v1beta3", Version: "v1",
} }
} else { } else {
// We either have:
// 1) --kube_master_url and --kubecfg_file
// 2) just --kubecfg_file
// 3) neither flag
// In any case, the logic is the same. If (3), this will automatically
// fall back on the service account token.
overrides := &kclientcmd.ConfigOverrides{} overrides := &kclientcmd.ConfigOverrides{}
if masterURL != "" { overrides.ClusterInfo.Server = masterURL // might be "", but that is OK
overrides.ClusterInfo.Server = masterURL rules := &kclientcmd.ClientConfigLoadingRules{ExplicitPath: *argKubecfgFile} // might be "", but that is OK
} if config, err = kclientcmd.NewNonInteractiveDeferredLoadingClientConfig(rules, overrides).ClientConfig(); err != nil {
if config, err = kclientcmd.NewNonInteractiveDeferredLoadingClientConfig(
&kclientcmd.ClientConfigLoadingRules{ExplicitPath: *argKubecfgFile},
overrides).ClientConfig(); err != nil {
return nil, err return nil, err
} }
} }
glog.Infof("Using %s for kubernetes master", config.Host) glog.Infof("Using %s for kubernetes master", config.Host)
glog.Infof("Using kubernetes API %s", config.Version) glog.Infof("Using kubernetes API %s", config.Version)
return kclient.New(config) return kclient.New(config)

11
cluster/addons/dns/skydns-rc.yaml.in
View File

@ -1,21 +1,22 @@
apiVersion: v1beta3 apiVersion: v1beta3
kind: ReplicationController kind: ReplicationController
metadata: metadata:
name: kube-dns-v3 name: kube-dns-v4
namespace: default namespace: default
labels: labels:
k8s-app: kube-dns-v3 k8s-app: kube-dns
version: v4
kubernetes.io/cluster-service: "true" kubernetes.io/cluster-service: "true"
spec: spec:
replicas: {{ pillar['dns_replicas'] }} replicas: {{ pillar['dns_replicas'] }}
selector: selector:
k8s-app: kube-dns k8s-app: kube-dns
version: v3 version: v4
template: template:
metadata: metadata:
labels: labels:
k8s-app: kube-dns k8s-app: kube-dns
version: v3 version: v4
kubernetes.io/cluster-service: "true" kubernetes.io/cluster-service: "true"
spec: spec:
containers: containers:
@ -30,7 +31,7 @@ spec:
- -initial-cluster-token - -initial-cluster-token
- skydns-etcd - skydns-etcd
- name: kube2sky - name: kube2sky
image: gcr.io/google_containers/kube2sky:1.9 image: gcr.io/google_containers/kube2sky:1.10
args: args:
# command = "/kube2sky" # command = "/kube2sky"
- -domain={{ pillar['dns_domain'] }} - -domain={{ pillar['dns_domain'] }}