Fix RBAC role for kube-proxy in Kubemark

2025-07-28 14:07:14 +00:00 · 2017-01-16 20:42:20 +01:00 · 2017-01-16 20:42:20 +01:00 · 491c26feca
commit 491c26feca
parent 8fa23586cf
3 changed files with 27 additions and 7 deletions
--- a/test/kubemark/resources/heapster_template.json
+++ b/test/kubemark/resources/heapster_template.json
@ -44,7 +44,7 @@
 						"/heapster"
 					],
 					"args": [
-						"--source=kubernetes:https://{{MASTER_IP}}:443?inClusterConfig=0&useServiceAccount=0&auth=/kubeconfig/kubeconfig"
+						"--source=kubernetes:https://{{MASTER_IP}}:443?inClusterConfig=0&useServiceAccount=0&auth=/kubeconfig/kubelet.kubeconfig"
 					],
 					"volumeMounts": [
 						{
@ -66,7 +66,7 @@
 						"/eventer"
 					],
 					"args": [
-						"--source=kubernetes:https://104.197.233.84:443?inClusterConfig=0&useServiceAccount=0&auth=/kubeconfig/kubeconfig"
+						"--source=kubernetes:https://104.197.233.84:443?inClusterConfig=0&useServiceAccount=0&auth=/kubeconfig/kubelet.kubeconfig"
 					],
 					"volumeMounts": [
 						{
--- a/test/kubemark/resources/hollow-node_template.json
+++ b/test/kubemark/resources/hollow-node_template.json
@ -76,7 +76,7 @@
 					"command": [
 						"/bin/sh",
 						"-c",
-						"./kubemark.sh --morph=kubelet $(CONTENT_TYPE) --v=2 1>>/var/logs/kubelet_$(MY_POD_NAME).log 2>&1"
+						"./kubemark.sh --morph=kubelet --kubeconfig=/kubeconfig/kubelet.kubeconfig $(CONTENT_TYPE) --v=2 1>>/var/logs/kubelet_$(MY_POD_NAME).log 2>&1"
 					],
 					"volumeMounts": [
 						{
@ -124,7 +124,7 @@
 					"command": [
 						"/bin/sh",
 						"-c",
-						"./kubemark.sh --morph=proxy $(CONTENT_TYPE) --v=2 1>>/var/logs/kube_proxy_$(MY_POD_NAME).log 2>&1"
+						"./kubemark.sh --morph=proxy --kubeconfig=/kubeconfig/kubeproxy.kubeconfig $(CONTENT_TYPE) --v=2 1>>/var/logs/kube_proxy_$(MY_POD_NAME).log 2>&1"
 					],
 					"volumeMounts": [
 						{
--- a/test/kubemark/start-kubemark.sh
+++ b/test/kubemark/start-kubemark.sh
@ -175,8 +175,8 @@ gcloud compute ssh "${MASTER_NAME}" --zone="${ZONE}" --project="${PROJECT}" \
    sudo chmod a+x /home/kubernetes/start-kubemark-master.sh && \
    sudo bash /home/kubernetes/start-kubemark-master.sh"

-# create kubeconfig for Kubelet:
-KUBECONFIG_CONTENTS=$(echo "apiVersion: v1
+# Create kubeconfig for Kubelet.
+KUBELET_KUBECONFIG_CONTENTS=$(echo "apiVersion: v1
 kind: Config
 users:
 - name: kubelet
@ -195,6 +195,25 @@ contexts:
  name: kubemark-context
 current-context: kubemark-context" | base64 | tr -d "\n\r")

+# Create kubeconfig for Kubeproxy.
+KUBEPROXY_KUBECONFIG_CONTENTS=$(echo "apiVersion: v1
+kind: Config
+users:
+- name: kube-proxy
+  user:
+    token: ${KUBE_PROXY_TOKEN}
+clusters:
+- name: kubemark
+  cluster:
+    insecure-skip-tls-verify: true
+    server: https://${MASTER_IP}
+contexts:
+- context:
+    cluster: kubemark
+    user: kube-proxy
+  name: kubemark-context
+current-context: kubemark-context" | base64 | tr -d "\n\r")
+
 KUBECONFIG_SECRET="${RESOURCE_DIRECTORY}/kubeconfig_secret.json"
 cat > "${KUBECONFIG_SECRET}" << EOF
 {
@ -205,7 +224,8 @@ cat > "${KUBECONFIG_SECRET}" << EOF
  },
  "type": "Opaque",
  "data": {
-    "kubeconfig": "${KUBECONFIG_CONTENTS}"
+    "kubelet.kubeconfig": "${KUBELET_KUBECONFIG_CONTENTS}",
+    "kubeproxy.kubeconfig": "${KUBEPROXY_KUBECONFIG_CONTENTS}"
  }
 }
 EOF