From 5826cfe299112928ae29ac131b9447fd7194ff39 Mon Sep 17 00:00:00 2001 From: Tim Hockin Date: Fri, 19 Jun 2015 20:59:58 -0700 Subject: [PATCH] Make kube2sky fall back on service accounts Service accounts are as yet unverified (no CA cert) but at least it will work. (cherry picked from commit 2b4da35499ba0456ba898d8ad0b294cfd3d2b1d9) --- cluster/addons/dns/kube2sky/Changelog | 4 ++++ cluster/addons/dns/kube2sky/Makefile | 2 +- cluster/addons/dns/kube2sky/kube2sky.go | 32 ++++++++++++++----------- cluster/addons/dns/skydns-rc.yaml.in | 11 +++++---- 4 files changed, 29 insertions(+), 20 deletions(-) diff --git a/cluster/addons/dns/kube2sky/Changelog b/cluster/addons/dns/kube2sky/Changelog index 715849634e1..b0017cc9cfe 100644 --- a/cluster/addons/dns/kube2sky/Changelog +++ b/cluster/addons/dns/kube2sky/Changelog @@ -1,3 +1,7 @@ +## Version 1.10 (Jun 19 2015 Tim Hockin ) +- Fall back on service account tokens if no other auth is specified. + + ## Version 1.9 (May 28 2015 Abhishek Shah ) - Add SRV support. diff --git a/cluster/addons/dns/kube2sky/Makefile b/cluster/addons/dns/kube2sky/Makefile index bbf5c692270..7504446d80f 100644 --- a/cluster/addons/dns/kube2sky/Makefile +++ b/cluster/addons/dns/kube2sky/Makefile @@ -4,7 +4,7 @@ .PHONY: all kube2sky container push clean test -TAG = 1.9 +TAG = 1.10 PREFIX = gcr.io/google_containers all: container diff --git a/cluster/addons/dns/kube2sky/kube2sky.go b/cluster/addons/dns/kube2sky/kube2sky.go index fd85d8d00e4..3cc21d24d9a 100644 --- a/cluster/addons/dns/kube2sky/kube2sky.go +++ b/cluster/addons/dns/kube2sky/kube2sky.go @@ -46,10 +46,11 @@ import ( ) var ( + // TODO: switch to pflag and make - and _ equivalent. argDomain = flag.String("domain", "cluster.local", "domain under which to create names") argEtcdMutationTimeout = flag.Duration("etcd_mutation_timeout", 10*time.Second, "crash after retrying etcd mutation for a specified duration") argEtcdServer = flag.String("etcd-server", "http://127.0.0.1:4001", "URL to etcd server") - argKubecfgFile = flag.String("kubecfg_file", "", "Location of kubecfg file for access to kubernetes service") + argKubecfgFile = flag.String("kubecfg_file", "", "Location of kubecfg file for access to kubernetes master service; --kube_master_url overrides the URL part of this; if neither this nor --kube_master_url are provided, defaults to service account tokens") argKubeMasterURL = flag.String("kube_master_url", "", "URL to reach kubernetes master. Env variables in this flag will be expanded.") ) @@ -405,7 +406,7 @@ func newEtcdClient(etcdServer string) (*etcd.Client, error) { return client, nil } -func getKubeMasterURL() (string, error) { +func expandKubeMasterURL() (string, error) { parsedURL, err := url.Parse(os.ExpandEnv(*argKubeMasterURL)) if err != nil { return "", fmt.Errorf("failed to parse --kube_master_url %s - %v", *argKubeMasterURL, err) @@ -423,31 +424,34 @@ func newKubeClient() (*kclient.Client, error) { err error masterURL string ) + // If the user specified --kube_master_url, expand env vars and verify it. if *argKubeMasterURL != "" { - masterURL, err = getKubeMasterURL() + masterURL, err = expandKubeMasterURL() if err != nil { return nil, err } } - if *argKubecfgFile == "" { - if masterURL == "" { - return nil, fmt.Errorf("--kube_master_url must be set when --kubecfg_file is not set") - } + if masterURL != "" && *argKubecfgFile == "" { + // Only --kube_master_url was provided. config = &kclient.Config{ Host: masterURL, - Version: "v1beta3", + Version: "v1", } } else { + // We either have: + // 1) --kube_master_url and --kubecfg_file + // 2) just --kubecfg_file + // 3) neither flag + // In any case, the logic is the same. If (3), this will automatically + // fall back on the service account token. overrides := &kclientcmd.ConfigOverrides{} - if masterURL != "" { - overrides.ClusterInfo.Server = masterURL - } - if config, err = kclientcmd.NewNonInteractiveDeferredLoadingClientConfig( - &kclientcmd.ClientConfigLoadingRules{ExplicitPath: *argKubecfgFile}, - overrides).ClientConfig(); err != nil { + overrides.ClusterInfo.Server = masterURL // might be "", but that is OK + rules := &kclientcmd.ClientConfigLoadingRules{ExplicitPath: *argKubecfgFile} // might be "", but that is OK + if config, err = kclientcmd.NewNonInteractiveDeferredLoadingClientConfig(rules, overrides).ClientConfig(); err != nil { return nil, err } } + glog.Infof("Using %s for kubernetes master", config.Host) glog.Infof("Using kubernetes API %s", config.Version) return kclient.New(config) diff --git a/cluster/addons/dns/skydns-rc.yaml.in b/cluster/addons/dns/skydns-rc.yaml.in index 69dd8423093..63e43e61739 100644 --- a/cluster/addons/dns/skydns-rc.yaml.in +++ b/cluster/addons/dns/skydns-rc.yaml.in @@ -1,21 +1,22 @@ apiVersion: v1beta3 kind: ReplicationController metadata: - name: kube-dns-v3 + name: kube-dns-v4 namespace: default labels: - k8s-app: kube-dns-v3 + k8s-app: kube-dns + version: v4 kubernetes.io/cluster-service: "true" spec: replicas: {{ pillar['dns_replicas'] }} selector: k8s-app: kube-dns - version: v3 + version: v4 template: metadata: labels: k8s-app: kube-dns - version: v3 + version: v4 kubernetes.io/cluster-service: "true" spec: containers: @@ -30,7 +31,7 @@ spec: - -initial-cluster-token - skydns-etcd - name: kube2sky - image: gcr.io/google_containers/kube2sky:1.9 + image: gcr.io/google_containers/kube2sky:1.10 args: # command = "/kube2sky" - -domain={{ pillar['dns_domain'] }}