Fix RBAC role for kube-proxy in Kubemark

2025-07-28 22:17:14 +00:00 · 2017-01-16 20:42:20 +01:00 · 2017-01-16 20:42:20 +01:00 · 491c26feca
commit 491c26feca
parent 8fa23586cf
3 changed files with 27 additions and 7 deletions
--- a/test/kubemark/resources/heapster_template.json
+++ b/test/kubemark/resources/heapster_template.json
@ -44,7 +44,7 @@
 						"/heapster"
 					],
 					"args": [
-						"--source=kubernetes:https://{{MASTER_IP}}:443?inClusterConfig=0&useServiceAccount=0&auth=/kubeconfig/kubeconfig"
+						"--source=kubernetes:https://{{MASTER_IP}}:443?inClusterConfig=0&useServiceAccount=0&auth=/kubeconfig/kubelet.kubeconfig"
 					],
 					"volumeMounts": [
 						{
@ -66,7 +66,7 @@
 						"/eventer"
 					],
 					"args": [
-						"--source=kubernetes:https://104.197.233.84:443?inClusterConfig=0&useServiceAccount=0&auth=/kubeconfig/kubeconfig"
+						"--source=kubernetes:https://104.197.233.84:443?inClusterConfig=0&useServiceAccount=0&auth=/kubeconfig/kubelet.kubeconfig"
 					],
 					"volumeMounts": [
 						{
--- a/test/kubemark/resources/hollow-node_template.json
+++ b/test/kubemark/resources/hollow-node_template.json
@ -76,7 +76,7 @@
 					"command": [
 						"/bin/sh",
 						"-c",
-						"./kubemark.sh --morph=kubelet $(CONTENT_TYPE) --v=2 1>>/var/logs/kubelet_$(MY_POD_NAME).log 2>&1"
+						"./kubemark.sh --morph=kubelet --kubeconfig=/kubeconfig/kubelet.kubeconfig $(CONTENT_TYPE) --v=2 1>>/var/logs/kubelet_$(MY_POD_NAME).log 2>&1"
 					],
 					"volumeMounts": [
 						{
@ -124,7 +124,7 @@
 					"command": [
 						"/bin/sh",
 						"-c",
-						"./kubemark.sh --morph=proxy $(CONTENT_TYPE) --v=2 1>>/var/logs/kube_proxy_$(MY_POD_NAME).log 2>&1"
+						"./kubemark.sh --morph=proxy --kubeconfig=/kubeconfig/kubeproxy.kubeconfig $(CONTENT_TYPE) --v=2 1>>/var/logs/kube_proxy_$(MY_POD_NAME).log 2>&1"
 					],
 					"volumeMounts": [
 						{
--- a/test/kubemark/start-kubemark.sh
+++ b/test/kubemark/start-kubemark.sh
@ -175,8 +175,8 @@ gcloud compute ssh "${MASTER_NAME}" --zone="${ZONE}" --project="${PROJECT}" \
    sudo chmod a+x /home/kubernetes/start-kubemark-master.sh && \
    sudo bash /home/kubernetes/start-kubemark-master.sh"
-# create kubeconfig for Kubelet:
+# Create kubeconfig for Kubelet.
-KUBECONFIG_CONTENTS=$(echo "apiVersion: v1
+KUBELET_KUBECONFIG_CONTENTS=$(echo "apiVersion: v1
 kind: Config
 users:
 - name: kubelet
@ -195,6 +195,25 @@ contexts:
  name: kubemark-context
 current-context: kubemark-context" | base64 | tr -d "\n\r")
 # Create kubeconfig for Kubeproxy.
 KUBEPROXY_KUBECONFIG_CONTENTS=$(echo "apiVersion: v1
 kind: Config
 users:
 - name: kube-proxy
  user:
    token: ${KUBE_PROXY_TOKEN}
 clusters:
 - name: kubemark
  cluster:
    insecure-skip-tls-verify: true
    server: https://${MASTER_IP}
 contexts:
 - context:
    cluster: kubemark
    user: kube-proxy
  name: kubemark-context
 current-context: kubemark-context" | base64 | tr -d "\n\r")
 KUBECONFIG_SECRET="${RESOURCE_DIRECTORY}/kubeconfig_secret.json"
 cat > "${KUBECONFIG_SECRET}" << EOF
 {
@ -205,7 +224,8 @@ cat > "${KUBECONFIG_SECRET}" << EOF
  },
  "type": "Opaque",
  "data": {
-    "kubeconfig": "${KUBECONFIG_CONTENTS}"
+    "kubelet.kubeconfig": "${KUBELET_KUBECONFIG_CONTENTS}",
    "kubeproxy.kubeconfig": "${KUBEPROXY_KUBECONFIG_CONTENTS}"
  }
 }
 EOF