From 657a7ef6a4b144398d9018c9e1ecbc1f9f50915d Mon Sep 17 00:00:00 2001 From: nikhiljindal Date: Mon, 13 Jun 2016 18:37:07 -0700 Subject: [PATCH] Create kubeconfig for cluster secrets on other cloud providers as well --- cluster/aws/util.sh | 11 +++++++++++ cluster/gke/config-common.sh | 1 + cluster/gke/util.sh | 16 ++++++++++++++++ cluster/vagrant/util.sh | 10 ++++++++++ 4 files changed, 38 insertions(+) diff --git a/cluster/aws/util.sh b/cluster/aws/util.sh index 3a3d7c759be..76e6a8cd1fb 100755 --- a/cluster/aws/util.sh +++ b/cluster/aws/util.sh @@ -1304,7 +1304,18 @@ function build-config() { export CONTEXT="aws_${INSTANCE_PREFIX}" ( umask 077 + + # Update the user's kubeconfig to include credentials for this apiserver. create-kubeconfig + + if [[ "${FEDERATION:-}" == "true" ]]; then + # Create a kubeconfig with credentials for this apiserver. We will later use + # this kubeconfig to create a secret which the federation control plane can + # use to talk to this apiserver. + KUBECONFIG_DIR=$(dirname ${KUBECONFIG:-$DEFAULT_KUBECONFIG}) + KUBECONFIG="${KUBECONFIG_DIR}/federation/kubernetes-apiserver/${CONTEXT}/kubeconfig" \ + create-kubeconfig + fi ) } diff --git a/cluster/gke/config-common.sh b/cluster/gke/config-common.sh index 9850542611a..f84004ae9a0 100644 --- a/cluster/gke/config-common.sh +++ b/cluster/gke/config-common.sh @@ -26,6 +26,7 @@ NETWORK="${NETWORK:-default}" NETWORK_RANGE="${NETWORK_RANGE:-10.240.0.0/16}" FIREWALL_SSH="${FIREWALL_SSH:-${NETWORK}-allow-ssh}" GCLOUD="${GCLOUD:-gcloud}" +KUBECTL="${KUBECTL:-kubectl}" CMD_GROUP="${CMD_GROUP:-}" GCLOUD_CONFIG_DIR="${GCLOUD_CONFIG_DIR:-${HOME}/.config/gcloud/kubernetes}" MACHINE_TYPE="${MACHINE_TYPE:-n1-standard-2}" diff --git a/cluster/gke/util.sh b/cluster/gke/util.sh index ae7064d1c15..607b8efdeeb 100755 --- a/cluster/gke/util.sh +++ b/cluster/gke/util.sh @@ -193,6 +193,22 @@ function kube-up() { # Bring up the cluster. "${GCLOUD}" ${CMD_GROUP:-} container clusters create "${CLUSTER_NAME}" "${create_args[@]}" + if [[ "${FEDERATION:-}" == "true" ]]; then + # Create a kubeconfig with credentials for this apiserver. We will later use + # this kubeconfig to create a secret which the federation control plane can + # use to talk to this apiserver. + KUBECONFIG=${KUBECONFIG:-${HOME}/.kube/config} + KUBECONFIG_DIR=$(dirname $KUBECONFIG) + CONTEXT=$($KUBECTL config current-context) + DEST_KUBECONFIG="${KUBECONFIG_DIR}/federation/kubernetes-apiserver/${CONTEXT}/kubeconfig" + mkdir -p $(dirname $DEST_KUBECONFIG) >&2 + # TODO: Original kubeconfig can contain credential information about + # other clusters as well. Extract the information about only this cluster + # and then create a file with that. + # For now, we use the whole kubeconfig file. + cp $KUBECONFIG $DEST_KUBECONFIG >&2 + fi + if [[ ! -z "${HEAPSTER_MACHINE_TYPE:-}" ]]; then "${GCLOUD}" ${CMD_GROUP:-} container node-pools create "heapster-pool" --cluster "${CLUSTER_NAME}" --num-nodes=1 --machine-type="${HEAPSTER_MACHINE_TYPE}" "${shared_args[@]}" fi diff --git a/cluster/vagrant/util.sh b/cluster/vagrant/util.sh index a04dd8c9d1a..b97afba7a05 100755 --- a/cluster/vagrant/util.sh +++ b/cluster/vagrant/util.sh @@ -295,7 +295,17 @@ function kube-up { vagrant ssh master -- sudo cat /srv/kubernetes/kubecfg.key >"${KUBE_KEY}" 2>/dev/null vagrant ssh master -- sudo cat /srv/kubernetes/ca.crt >"${CA_CERT}" 2>/dev/null + # Update the user's kubeconfig to include credentials for this apiserver. create-kubeconfig + + if [[ "${FEDERATION:-}" == "true" ]]; then + # Create a kubeconfig with credentials for this apiserver. We will later use + # this kubeconfig to create a secret which the federation control plane can + # use to talk to this apiserver. + KUBECONFIG_DIR=$(dirname ${KUBECONFIG:-$DEFAULT_KUBECONFIG}) + KUBECONFIG="${KUBECONFIG_DIR}/federation/kubernetes-apiserver/${CONTEXT}/kubeconfig" \ + create-kubeconfig + fi ) verify-cluster