From 327dec43fb4a79160993acd8cd448269237f281c Mon Sep 17 00:00:00 2001 From: Ilya Dmitrichenko Date: Thu, 13 Oct 2016 11:18:43 +0100 Subject: [PATCH] Add flags for alternative API and discovery ports (close #34311 #34307 #33638) --- cmd/kubeadm/app/apis/kubeadm/defaults.go | 2 ++ cmd/kubeadm/app/apis/kubeadm/types.go | 8 +++++ .../app/apis/kubeadm/v1alpha1/types.go | 8 +++++ cmd/kubeadm/app/cmd/init.go | 32 ++++++++++++++----- cmd/kubeadm/app/cmd/join.go | 10 ++++++ cmd/kubeadm/app/master/discovery.go | 8 ++--- cmd/kubeadm/app/master/kubeconfig.go | 5 +-- cmd/kubeadm/app/master/manifests.go | 2 +- cmd/kubeadm/app/node/discovery.go | 2 +- cmd/kubeadm/app/preflight/checks.go | 6 ++-- hack/verify-flags/known-flags.txt | 2 ++ 11 files changed, 67 insertions(+), 18 deletions(-) diff --git a/cmd/kubeadm/app/apis/kubeadm/defaults.go b/cmd/kubeadm/app/apis/kubeadm/defaults.go index 98b77a56064..87aa038cd95 100644 --- a/cmd/kubeadm/app/apis/kubeadm/defaults.go +++ b/cmd/kubeadm/app/apis/kubeadm/defaults.go @@ -20,4 +20,6 @@ const ( DefaultServiceDNSDomain = "cluster.local" DefaultServicesSubnet = "10.12.0.0/12" DefaultKubernetesVersion = "v1.4.1" + DefaultAPIBindPort = 6443 + DefaultDiscoveryBindPort = 9898 ) diff --git a/cmd/kubeadm/app/apis/kubeadm/types.go b/cmd/kubeadm/app/apis/kubeadm/types.go index 52e3e667d4f..0dbf8c97581 100644 --- a/cmd/kubeadm/app/apis/kubeadm/types.go +++ b/cmd/kubeadm/app/apis/kubeadm/types.go @@ -23,6 +23,7 @@ type MasterConfiguration struct { Secrets Secrets API API + Discovery Discovery Etcd Etcd Networking Networking KubernetesVersion string @@ -32,6 +33,11 @@ type MasterConfiguration struct { type API struct { AdvertiseAddresses []string ExternalDNSNames []string + BindPort int32 +} + +type Discovery struct { + BindPort int32 } type Networking struct { @@ -59,6 +65,8 @@ type NodeConfiguration struct { MasterAddresses []string Secrets Secrets + APIPort int32 + DiscoveryPort int32 } // ClusterInfo TODO add description diff --git a/cmd/kubeadm/app/apis/kubeadm/v1alpha1/types.go b/cmd/kubeadm/app/apis/kubeadm/v1alpha1/types.go index be73ee25587..59c53e4b458 100644 --- a/cmd/kubeadm/app/apis/kubeadm/v1alpha1/types.go +++ b/cmd/kubeadm/app/apis/kubeadm/v1alpha1/types.go @@ -24,6 +24,7 @@ type MasterConfiguration struct { Secrets Secrets `json:"secrets"` API API `json:"api"` Etcd Etcd `json:"etcd"` + Discovery Discovery `json:"discovery"` Networking Networking `json:"networking"` KubernetesVersion string `json:"kubernetesVersion"` CloudProvider string `json:"cloudProvider"` @@ -32,6 +33,11 @@ type MasterConfiguration struct { type API struct { AdvertiseAddresses []string `json:"advertiseAddresses"` ExternalDNSNames []string `json:"externalDNSNames"` + BindPort int32 `json:"bindPort"` +} + +type Discovery struct { + BindPort int32 `json:"bindPort"` } type Networking struct { @@ -59,6 +65,8 @@ type NodeConfiguration struct { MasterAddresses []string `json:"masterAddresses"` Secrets Secrets `json:"secrets"` + APIPort int32 `json:"apiPort"` + DiscoveryPort int32 `json:"discoveryPort"` } // ClusterInfo TODO add description diff --git a/cmd/kubeadm/app/cmd/init.go b/cmd/kubeadm/app/cmd/init.go index 97659ff7586..58628a9aba7 100644 --- a/cmd/kubeadm/app/cmd/init.go +++ b/cmd/kubeadm/app/cmd/init.go @@ -20,6 +20,7 @@ import ( "fmt" "io" "io/ioutil" + "strings" "github.com/renstrom/dedent" "github.com/spf13/cobra" @@ -41,7 +42,7 @@ var ( You can now join any number of machines by running the following on each node: - kubeadm join --token %s %s + kubeadm join %s `) ) @@ -126,6 +127,16 @@ func NewCmdInit(out io.Writer) *cobra.Command { "skip preflight checks normally run before modifying the system", ) + cmd.PersistentFlags().Int32Var( + &cfg.API.BindPort, "api-port", kubeadmapi.DefaultAPIBindPort, + "Port for API to bind to", + ) + + cmd.PersistentFlags().Int32Var( + &cfg.Discovery.BindPort, "discovery-port", kubeadmapi.DefaultDiscoveryBindPort, + "Port for JWS discovery service to bind to", + ) + return cmd } @@ -146,7 +157,7 @@ func NewInit(cfgPath string, cfg *kubeadmapi.MasterConfiguration, skipPreFlight if !skipPreFlight { fmt.Println("Running pre-flight checks") - err := preflight.RunInitMasterChecks() + err := preflight.RunInitMasterChecks(cfg) if err != nil { return nil, &preflight.PreFlightError{Msg: err.Error()} } @@ -190,7 +201,7 @@ func (i *Init) Run(out io.Writer) error { return err } - kubeconfigs, err := kubemaster.CreateCertsAndConfigForClients(i.cfg.API.AdvertiseAddresses, []string{"kubelet", "admin"}, caKey, caCert) + kubeconfigs, err := kubemaster.CreateCertsAndConfigForClients(i.cfg.API, []string{"kubelet", "admin"}, caKey, caCert) if err != nil { return err } @@ -228,11 +239,16 @@ func (i *Init) Run(out io.Writer) error { return err } - // TODO(phase1+) use templates to reference struct fields directly as order of args is fragile - fmt.Fprintf(out, initDoneMsgf, - i.cfg.Secrets.GivenToken, - i.cfg.API.AdvertiseAddresses[0], - ) + // TODO(phase1+) we could probably use templates for this logic, and reference struct fields directly etc + joinArgs := []string{fmt.Sprintf("--token=%s", i.cfg.Secrets.GivenToken)} + if i.cfg.API.BindPort != kubeadmapi.DefaultAPIBindPort { + joinArgs = append(joinArgs, fmt.Sprintf("--api-port=%d", i.cfg.API.BindPort)) + } + if i.cfg.Discovery.BindPort != kubeadmapi.DefaultDiscoveryBindPort { + joinArgs = append(joinArgs, fmt.Sprintf("--discovery-port=%d", i.cfg.Discovery.BindPort)) + } + joinArgs = append(joinArgs, i.cfg.API.AdvertiseAddresses[0]) + fmt.Fprintf(out, initDoneMsgf, strings.Join(joinArgs, " ")) return nil } diff --git a/cmd/kubeadm/app/cmd/join.go b/cmd/kubeadm/app/cmd/join.go index 35c18ebcf9e..fb6c781021d 100644 --- a/cmd/kubeadm/app/cmd/join.go +++ b/cmd/kubeadm/app/cmd/join.go @@ -70,6 +70,16 @@ func NewCmdJoin(out io.Writer) *cobra.Command { "skip preflight checks normally run before modifying the system", ) + cmd.PersistentFlags().Int32Var( + &cfg.APIPort, "api-port", kubeadmapi.DefaultAPIBindPort, + "(optional) API server port on the master", + ) + + cmd.PersistentFlags().Int32Var( + &cfg.DiscoveryPort, "discovery-port", kubeadmapi.DefaultDiscoveryBindPort, + "(optional) Discovery port on the master", + ) + return cmd } diff --git a/cmd/kubeadm/app/master/discovery.go b/cmd/kubeadm/app/master/discovery.go index 2eab1799ace..b8ef587396b 100644 --- a/cmd/kubeadm/app/master/discovery.go +++ b/cmd/kubeadm/app/master/discovery.go @@ -48,7 +48,7 @@ func encodeKubeDiscoverySecretData(s *kubeadmapi.MasterConfiguration, caCert *x5 ) for _, addr := range s.API.AdvertiseAddresses { - endpointList = append(endpointList, fmt.Sprintf("https://%s:443", addr)) + endpointList = append(endpointList, fmt.Sprintf("https://%s:%d", addr, s.API.BindPort)) } tokenMap[s.Secrets.TokenID] = s.Secrets.BearerToken @@ -60,7 +60,7 @@ func encodeKubeDiscoverySecretData(s *kubeadmapi.MasterConfiguration, caCert *x5 return data } -func newKubeDiscoveryPodSpec() api.PodSpec { +func newKubeDiscoveryPodSpec(s *kubeadmapi.MasterConfiguration) api.PodSpec { envParams := kubeadmapi.GetEnvParams() return api.PodSpec{ // We have to use host network namespace, as `HostPort`/`HostIP` are Docker's @@ -80,7 +80,7 @@ func newKubeDiscoveryPodSpec() api.PodSpec { Ports: []api.ContainerPort{ // TODO when CNI issue (#31307) is resolved, we should consider adding // `HostIP: s.API.AdvertiseAddrs[0]`, if there is only one address` - {Name: "http", ContainerPort: 9898, HostPort: 9898}, + {Name: "http", ContainerPort: kubeadmapi.DefaultDiscoveryBindPort, HostPort: s.Discovery.BindPort}, }, SecurityContext: &api.SecurityContext{ SELinuxOptions: &api.SELinuxOptions{ @@ -103,7 +103,7 @@ func newKubeDiscoveryPodSpec() api.PodSpec { func newKubeDiscovery(s *kubeadmapi.MasterConfiguration, caCert *x509.Certificate) kubeDiscovery { kd := kubeDiscovery{ - Deployment: NewDeployment(kubeDiscoveryName, 1, newKubeDiscoveryPodSpec()), + Deployment: NewDeployment(kubeDiscoveryName, 1, newKubeDiscoveryPodSpec(s)), Secret: &api.Secret{ ObjectMeta: api.ObjectMeta{Name: kubeDiscoverySecretName}, Type: api.SecretTypeOpaque, diff --git a/cmd/kubeadm/app/master/kubeconfig.go b/cmd/kubeadm/app/master/kubeconfig.go index e6bf07feaf0..e1dfe400636 100644 --- a/cmd/kubeadm/app/master/kubeconfig.go +++ b/cmd/kubeadm/app/master/kubeconfig.go @@ -22,19 +22,20 @@ import ( "fmt" // TODO: "k8s.io/client-go/client/tools/clientcmd/api" + kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm" kubeadmutil "k8s.io/kubernetes/cmd/kubeadm/app/util" clientcmdapi "k8s.io/kubernetes/pkg/client/unversioned/clientcmd/api" certutil "k8s.io/kubernetes/pkg/util/cert" ) -func CreateCertsAndConfigForClients(advertiseAddresses, clientNames []string, caKey *rsa.PrivateKey, caCert *x509.Certificate) (map[string]*clientcmdapi.Config, error) { +func CreateCertsAndConfigForClients(cfg kubeadmapi.API, clientNames []string, caKey *rsa.PrivateKey, caCert *x509.Certificate) (map[string]*clientcmdapi.Config, error) { basicClientConfig := kubeadmutil.CreateBasicClientConfig( "kubernetes", // TODO this is not great, but there is only one address we can use here // so we'll pick the first one, there is much of chance to have an empty // slice by the time this gets called - fmt.Sprintf("https://%s:443", advertiseAddresses[0]), + fmt.Sprintf("https://%s:%d", cfg.AdvertiseAddresses[0], cfg.BindPort), certutil.EncodeCertPEM(caCert), ) diff --git a/cmd/kubeadm/app/master/manifests.go b/cmd/kubeadm/app/master/manifests.go index e1819e22de9..df446d7b974 100644 --- a/cmd/kubeadm/app/master/manifests.go +++ b/cmd/kubeadm/app/master/manifests.go @@ -232,7 +232,7 @@ func getComponentCommand(component string, s *kubeadmapi.MasterConfiguration) (c "--tls-cert-file=" + pkiDir + "/apiserver.pem", "--tls-private-key-file=" + pkiDir + "/apiserver-key.pem", "--token-auth-file=" + pkiDir + "/tokens.csv", - "--secure-port=443", + fmt.Sprintf("--secure-port=%d", s.API.BindPort), "--allow-privileged", }, controllerManager: { diff --git a/cmd/kubeadm/app/node/discovery.go b/cmd/kubeadm/app/node/discovery.go index f615b804986..ad9cd5c0f41 100644 --- a/cmd/kubeadm/app/node/discovery.go +++ b/cmd/kubeadm/app/node/discovery.go @@ -33,7 +33,7 @@ import ( const discoveryRetryTimeout = 5 * time.Second func RetrieveTrustedClusterInfo(s *kubeadmapi.NodeConfiguration) (*kubeadmapi.ClusterInfo, error) { - host, port := s.MasterAddresses[0], 9898 + host, port := s.MasterAddresses[0], s.DiscoveryPort requestURL := fmt.Sprintf("http://%s:%d/cluster-info/v1/?token-id=%s", host, port, s.Secrets.TokenID) req, err := http.NewRequest("GET", requestURL, nil) if err != nil { diff --git a/cmd/kubeadm/app/preflight/checks.go b/cmd/kubeadm/app/preflight/checks.go index 02f6cebb7d8..0caac9fdd44 100644 --- a/cmd/kubeadm/app/preflight/checks.go +++ b/cmd/kubeadm/app/preflight/checks.go @@ -24,6 +24,7 @@ import ( "os" "os/exec" + kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm" "k8s.io/kubernetes/pkg/util/initsystem" ) @@ -156,15 +157,16 @@ func (ipc InPathCheck) Check() (warnings, errors []error) { return nil, nil } -func RunInitMasterChecks() error { +func RunInitMasterChecks(cfg *kubeadmapi.MasterConfiguration) error { // TODO: Some of these ports should come from kubeadm config eventually: checks := []PreFlightCheck{ IsRootCheck{root: true}, ServiceCheck{Service: "kubelet"}, ServiceCheck{Service: "docker"}, - PortOpenCheck{port: 443}, + PortOpenCheck{port: int(cfg.API.BindPort)}, PortOpenCheck{port: 2379}, PortOpenCheck{port: 8080}, + PortOpenCheck{port: int(cfg.Discovery.BindPort)}, PortOpenCheck{port: 10250}, PortOpenCheck{port: 10251}, PortOpenCheck{port: 10252}, diff --git a/hack/verify-flags/known-flags.txt b/hack/verify-flags/known-flags.txt index ddecfe82ba1..5625d703a0a 100644 --- a/hack/verify-flags/known-flags.txt +++ b/hack/verify-flags/known-flags.txt @@ -12,6 +12,7 @@ allowed-not-ready-nodes anonymous-auth api-advertise-addresses api-external-dns-names +api-port api-burst api-prefix api-rate @@ -129,6 +130,7 @@ dest-file disable-filter disable-kubenet dns-bind-address +discovery-port dns-port dns-provider dns-provider-config