github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-09-02 17:57:33 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #40193 from xilabao/add-basic-auth-to-local-cluster

Browse Source 
Automatic merge from submit-queue

add basic auth option to apiserver in local cluster

Add this can fix #40192 @liggitt
This commit is contained in:
Kubernetes Submit Queue
2017-02-07 01:24:13 -08:00
committed by GitHub
parent 9dec47dc28 544e7aaee4
commit 3527153426
1 changed files with 14 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
hack/local-up-cluster.sh
View File

@@ -450,16 +450,16 @@ function start_apiserver {
kube::util::write_client_kubeconfig "${CONTROLPLANE_SUDO}" "${CERT_DIR}" "${ROOT_CA_FILE}" "${API_HOST}" "${API_SECURE_PORT}" controller kube::util::write_client_kubeconfig "${CONTROLPLANE_SUDO}" "${CERT_DIR}" "${ROOT_CA_FILE}" "${API_HOST}" "${API_SECURE_PORT}" controller
kube::util::write_client_kubeconfig "${CONTROLPLANE_SUDO}" "${CERT_DIR}" "${ROOT_CA_FILE}" "${API_HOST}" "${API_SECURE_PORT}" scheduler kube::util::write_client_kubeconfig "${CONTROLPLANE_SUDO}" "${CERT_DIR}" "${ROOT_CA_FILE}" "${API_HOST}" "${API_SECURE_PORT}" scheduler
if [[ -z "${AUTH_ARGS}" ]]; then if [[ -z "${AUTH_ARGS}" ]]; then
if [[ "${ALLOW_ANY_TOKEN}" = true ]]; then if [[ "${ALLOW_ANY_TOKEN}" = true ]]; then
# use token authentication # use token authentication
if [[ -n "${KUBECONFIG_TOKEN}" ]]; then if [[ -n "${KUBECONFIG_TOKEN}" ]]; then
AUTH_ARGS="--token=${KUBECONFIG_TOKEN}" AUTH_ARGS="--token=${KUBECONFIG_TOKEN}"
else else
AUTH_ARGS="--token=system:admin/system:masters" AUTH_ARGS="--token=system:admin/system:masters"
fi fi
else else
# default to use certificate authentication # default to the admin client cert/key
AUTH_ARGS="--client-key=${CERT_DIR}/client-admin.key --client-certificate=${CERT_DIR}/client-admin.crt" AUTH_ARGS="--client-key=${CERT_DIR}/client-admin.key --client-certificate=${CERT_DIR}/client-admin.crt"
fi fi
fi fi
@@ -688,7 +688,12 @@ fi
if [[ "${START_MODE}" != "kubeletonly" ]]; then if [[ "${START_MODE}" != "kubeletonly" ]]; then
echo echo
cat <<EOF cat <<EOF
To start using your cluster, open up another terminal/tab and run: To start using your cluster, you can open up another terminal/tab and run:
export KUBECONFIG=${CERT_DIR}/admin.kubeconfig
cluster/kubectl.sh
Alternatively, you can write to the default kubeconfig:
export KUBERNETES_PROVIDER=local export KUBERNETES_PROVIDER=local
@@ -728,13 +733,13 @@ kube::util::test_cfssl_installed
### IF the user didn't supply an output/ for the build... Then we detect. ### IF the user didn't supply an output/ for the build... Then we detect.
if [ "$GO_OUT" == "" ]; then if [ "$GO_OUT" == "" ]; then
detect_binary detect_binary
fi fi
echo "Detected host and ready to start services. Doing some housekeeping first..." echo "Detected host and ready to start services. Doing some housekeeping first..."
echo "Using GO_OUT $GO_OUT" echo "Using GO_OUT $GO_OUT"
KUBELET_CIDFILE=/tmp/kubelet.cid KUBELET_CIDFILE=/tmp/kubelet.cid
if [[ "${ENABLE_DAEMON}" = false ]]; then if [[ "${ENABLE_DAEMON}" = false ]]; then
trap cleanup EXIT trap cleanup EXIT
fi fi
echo "Starting services now!" echo "Starting services now!"
@@ -765,13 +770,13 @@ if [[ "${START_MODE}" != "nokubelet" ]]; then
fi fi
if [[ -n "${PSP_ADMISSION}" && "${ENABLE_RBAC}" = true ]]; then if [[ -n "${PSP_ADMISSION}" && "${ENABLE_RBAC}" = true ]]; then
create_psp_policy create_psp_policy
fi fi
print_success print_success
if [[ "${ENABLE_DAEMON}" = false ]]; then if [[ "${ENABLE_DAEMON}" = false ]]; then
while true; do sleep 1; done while true; do sleep 1; done
fi fi