Create kubeconfig for cluster secrets on other cloud providers as well

2025-07-22 19:31:44 +00:00 · 2016-06-13 18:37:07 -07:00 · 2016-06-13 18:37:07 -07:00 · 657a7ef6a4
commit 657a7ef6a4
parent a3f09700e5
4 changed files with 38 additions and 0 deletions
--- a/cluster/aws/util.sh
+++ b/cluster/aws/util.sh
@ -1304,7 +1304,18 @@ function build-config() {
  export CONTEXT="aws_${INSTANCE_PREFIX}"
  (
   umask 077
+
+   # Update the user's kubeconfig to include credentials for this apiserver.
   create-kubeconfig
+
+   if [[ "${FEDERATION:-}" == "true" ]]; then
+       # Create a kubeconfig with credentials for this apiserver. We will later use
+       # this kubeconfig to create a secret which the federation control plane can
+       # use to talk to this apiserver.
+       KUBECONFIG_DIR=$(dirname ${KUBECONFIG:-$DEFAULT_KUBECONFIG})
+       KUBECONFIG="${KUBECONFIG_DIR}/federation/kubernetes-apiserver/${CONTEXT}/kubeconfig" \
+         create-kubeconfig
+   fi
  )
 }

--- a/cluster/gke/config-common.sh
+++ b/cluster/gke/config-common.sh
@ -26,6 +26,7 @@ NETWORK="${NETWORK:-default}"
 NETWORK_RANGE="${NETWORK_RANGE:-10.240.0.0/16}"
 FIREWALL_SSH="${FIREWALL_SSH:-${NETWORK}-allow-ssh}"
 GCLOUD="${GCLOUD:-gcloud}"
+KUBECTL="${KUBECTL:-kubectl}"
 CMD_GROUP="${CMD_GROUP:-}"
 GCLOUD_CONFIG_DIR="${GCLOUD_CONFIG_DIR:-${HOME}/.config/gcloud/kubernetes}"
 MACHINE_TYPE="${MACHINE_TYPE:-n1-standard-2}"
--- a/cluster/gke/util.sh
+++ b/cluster/gke/util.sh
@ -193,6 +193,22 @@ function kube-up() {
  # Bring up the cluster.
  "${GCLOUD}" ${CMD_GROUP:-} container clusters create "${CLUSTER_NAME}" "${create_args[@]}"

+  if [[ "${FEDERATION:-}" == "true" ]]; then
+    # Create a kubeconfig with credentials for this apiserver. We will later use
+    # this kubeconfig to create a secret which the federation control plane can
+    # use to talk to this apiserver.
+    KUBECONFIG=${KUBECONFIG:-${HOME}/.kube/config}
+    KUBECONFIG_DIR=$(dirname $KUBECONFIG)
+    CONTEXT=$($KUBECTL config current-context)
+    DEST_KUBECONFIG="${KUBECONFIG_DIR}/federation/kubernetes-apiserver/${CONTEXT}/kubeconfig"
+    mkdir -p $(dirname $DEST_KUBECONFIG) >&2
+    # TODO: Original kubeconfig can contain credential information about
+    # other clusters as well. Extract the information about only this cluster
+    # and then create a file with that.
+    # For now, we use the whole kubeconfig file.
+    cp $KUBECONFIG $DEST_KUBECONFIG >&2
+  fi
+
  if [[ ! -z "${HEAPSTER_MACHINE_TYPE:-}" ]]; then
    "${GCLOUD}" ${CMD_GROUP:-} container node-pools create "heapster-pool" --cluster "${CLUSTER_NAME}" --num-nodes=1 --machine-type="${HEAPSTER_MACHINE_TYPE}" "${shared_args[@]}"
  fi
--- a/cluster/vagrant/util.sh
+++ b/cluster/vagrant/util.sh
@ -295,7 +295,17 @@ function kube-up {
   vagrant ssh master -- sudo cat /srv/kubernetes/kubecfg.key >"${KUBE_KEY}" 2>/dev/null
   vagrant ssh master -- sudo cat /srv/kubernetes/ca.crt >"${CA_CERT}" 2>/dev/null

+   # Update the user's kubeconfig to include credentials for this apiserver.
   create-kubeconfig
+
+   if [[ "${FEDERATION:-}" == "true" ]]; then
+       # Create a kubeconfig with credentials for this apiserver. We will later use
+       # this kubeconfig to create a secret which the federation control plane can
+       # use to talk to this apiserver.
+       KUBECONFIG_DIR=$(dirname ${KUBECONFIG:-$DEFAULT_KUBECONFIG})
+       KUBECONFIG="${KUBECONFIG_DIR}/federation/kubernetes-apiserver/${CONTEXT}/kubeconfig" \
+         create-kubeconfig
+   fi
  )

  verify-cluster