mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-25 12:43:23 +00:00
Switched ANP w/ grpc to not use destHost strategy.
Factored in feedback from caesarxuchao
This commit is contained in:
Walter Fender
parent
f7185b0be1
commit
35737ff810
@ -737,9 +737,6 @@ function create-master-pki {
|
|||||||
|
|
||||||
if [[ -n "${KONNECTIVITY_SERVER_CA_CERT:-}" ]]; then
|
if [[ -n "${KONNECTIVITY_SERVER_CA_CERT:-}" ]]; then
|
||||||
mkdir -p "${pki_dir}"/konnectivity-server
|
mkdir -p "${pki_dir}"/konnectivity-server
|
||||||
#KONNECTIVITY_SERVER_CA_KEY_PATH="${pki_dir}/konnectivity-server/ca.key"
|
|
||||||
#write-pki-data "${KONNECTIVITY_SERVER_CA_KEY}" "${KONNECTIVITY_SERVER_CA_KEY_PATH}"
|
|
||||||
|
|
||||||
KONNECTIVITY_SERVER_CA_CERT_PATH="${pki_dir}/konnectivity-server/ca.crt"
|
KONNECTIVITY_SERVER_CA_CERT_PATH="${pki_dir}/konnectivity-server/ca.crt"
|
||||||
write-pki-data "${KONNECTIVITY_SERVER_CA_CERT}" "${KONNECTIVITY_SERVER_CA_CERT_PATH}"
|
write-pki-data "${KONNECTIVITY_SERVER_CA_CERT}" "${KONNECTIVITY_SERVER_CA_CERT_PATH}"
|
||||||
|
|
||||||
@ -1996,6 +1993,8 @@ function prepare-konnectivity-server-manifest {
|
|||||||
if [[ "${KONNECTIVITY_SERVICE_PROXY_PROTOCOL_MODE:-grpc}" == 'grpc' ]]; then
|
if [[ "${KONNECTIVITY_SERVICE_PROXY_PROTOCOL_MODE:-grpc}" == 'grpc' ]]; then
|
||||||
params+=("--uds-name=/etc/srv/kubernetes/konnectivity-server/konnectivity-server.socket")
|
params+=("--uds-name=/etc/srv/kubernetes/konnectivity-server/konnectivity-server.socket")
|
||||||
elif [[ "${KONNECTIVITY_SERVICE_PROXY_PROTOCOL_MODE:-grpc}" == 'http-connect' ]]; then
|
elif [[ "${KONNECTIVITY_SERVICE_PROXY_PROTOCOL_MODE:-grpc}" == 'http-connect' ]]; then
|
||||||
|
# HTTP-CONNECT can work with either UDS or mTLS.
|
||||||
|
# Linking them here to make sure we get good coverage with two test configurations.
|
||||||
params+=("--server-ca-cert=${KONNECTIVITY_SERVER_CA_CERT_PATH}")
|
params+=("--server-ca-cert=${KONNECTIVITY_SERVER_CA_CERT_PATH}")
|
||||||
params+=("--server-cert=${KONNECTIVITY_SERVER_CERT_PATH}")
|
params+=("--server-cert=${KONNECTIVITY_SERVER_CERT_PATH}")
|
||||||
params+=("--server-key=${KONNECTIVITY_SERVER_KEY_PATH}")
|
params+=("--server-key=${KONNECTIVITY_SERVER_KEY_PATH}")
|
||||||
@ -2010,7 +2009,9 @@ function prepare-konnectivity-server-manifest {
|
|||||||
params+=("--agent-service-account=konnectivity-agent")
|
params+=("--agent-service-account=konnectivity-agent")
|
||||||
params+=("--authentication-audience=system:konnectivity-server")
|
params+=("--authentication-audience=system:konnectivity-server")
|
||||||
params+=("--kubeconfig=/etc/srv/kubernetes/konnectivity-server/kubeconfig")
|
params+=("--kubeconfig=/etc/srv/kubernetes/konnectivity-server/kubeconfig")
|
||||||
|
params+=("--proxy-strategies=default")
|
||||||
elif [[ "${KONNECTIVITY_SERVICE_PROXY_PROTOCOL_MODE:-grpc}" == 'http-connect' ]]; then
|
elif [[ "${KONNECTIVITY_SERVICE_PROXY_PROTOCOL_MODE:-grpc}" == 'http-connect' ]]; then
|
||||||
|
# GRPC can work with either UDS or mTLS.
|
||||||
params+=("--mode=http-connect")
|
params+=("--mode=http-connect")
|
||||||
params+=("--server-port=8131")
|
params+=("--server-port=8131")
|
||||||
params+=("--agent-namespace=")
|
params+=("--agent-namespace=")
|
||||||
@ -2018,6 +2019,7 @@ function prepare-konnectivity-server-manifest {
|
|||||||
params+=("--authentication-audience=")
|
params+=("--authentication-audience=")
|
||||||
# Need to fix ANP code to allow kubeconfig to be set with mtls.
|
# Need to fix ANP code to allow kubeconfig to be set with mtls.
|
||||||
params+=("--kubeconfig=")
|
params+=("--kubeconfig=")
|
||||||
|
params+=("--proxy-strategies=destHost,default")
|
||||||
else
|
else
|
||||||
echo "KONNECTIVITY_SERVICE_PROXY_PROTOCOL_MODE must be set to either grpc or http-connect"
|
echo "KONNECTIVITY_SERVICE_PROXY_PROTOCOL_MODE must be set to either grpc or http-connect"
|
||||||
exit 1
|
exit 1
|
||||||
@ -2030,7 +2032,6 @@ function prepare-konnectivity-server-manifest {
|
|||||||
params+=("--kubeconfig-burst=150")
|
params+=("--kubeconfig-burst=150")
|
||||||
params+=("--keepalive-time=60s")
|
params+=("--keepalive-time=60s")
|
||||||
params+=("--frontend-keepalive-time=60s")
|
params+=("--frontend-keepalive-time=60s")
|
||||||
params+=("--proxy-strategies=destHost,default")
|
|
||||||
konnectivity_args=""
|
konnectivity_args=""
|
||||||
for param in "${params[@]}"; do
|
for param in "${params[@]}"; do
|
||||||
konnectivity_args+=", \"${param}\""
|
konnectivity_args+=", \"${param}\""
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user