diff --git a/cmd/kubeadm/app/master/addons.go b/cmd/kubeadm/app/master/addons.go index 9d84b99c61f..90d60e03e91 100644 --- a/cmd/kubeadm/app/master/addons.go +++ b/cmd/kubeadm/app/master/addons.go @@ -32,7 +32,7 @@ import ( ) // TODO(phase1+): kube-proxy should be a daemonset, three different daemonsets should not be here -func createKubeProxyPodSpec(s *kubeadmapi.MasterConfiguration, architecture string) api.PodSpec { +func createKubeProxyPodSpec(cfg *kubeadmapi.MasterConfiguration, architecture string) api.PodSpec { envParams := kubeadmapi.GetEnvParams() privilegedTrue := true return api.PodSpec{ @@ -42,8 +42,8 @@ func createKubeProxyPodSpec(s *kubeadmapi.MasterConfiguration, architecture stri }, Containers: []api.Container{{ Name: kubeProxy, - Image: images.GetCoreImage(images.KubeProxyImage, s, envParams["hyperkube_image"]), - Command: append(getComponentCommand("proxy", s), "--kubeconfig=/run/kubeconfig"), + Image: images.GetCoreImage(images.KubeProxyImage, cfg, envParams["hyperkube_image"]), + Command: append(getComponentCommand("proxy", cfg), "--kubeconfig=/run/kubeconfig"), SecurityContext: &api.SecurityContext{Privileged: &privilegedTrue}, VolumeMounts: []api.VolumeMount{ { @@ -85,7 +85,7 @@ func createKubeProxyPodSpec(s *kubeadmapi.MasterConfiguration, architecture stri } } -func createKubeDNSPodSpec(s *kubeadmapi.MasterConfiguration) api.PodSpec { +func createKubeDNSPodSpec(cfg *kubeadmapi.MasterConfiguration) api.PodSpec { dnsPodResources := api.ResourceList{ api.ResourceName(api.ResourceCPU): resource.MustParse("100m"), @@ -100,7 +100,7 @@ func createKubeDNSPodSpec(s *kubeadmapi.MasterConfiguration) api.PodSpec { kubeDNSPort := int32(10053) dnsmasqPort := int32(53) - nslookup := fmt.Sprintf("nslookup kubernetes.default.svc.%s 127.0.0.1", s.Networking.DNSDomain) + nslookup := fmt.Sprintf("nslookup kubernetes.default.svc.%s 127.0.0.1", cfg.Networking.DNSDomain) nslookup = fmt.Sprintf("-cmd=%s:%d >/dev/null && %s:%d >/dev/null", nslookup, dnsmasqPort, @@ -121,7 +121,7 @@ func createKubeDNSPodSpec(s *kubeadmapi.MasterConfiguration) api.PodSpec { Requests: dnsPodResources, }, Args: []string{ - fmt.Sprintf("--domain=%s", s.Networking.DNSDomain), + fmt.Sprintf("--domain=%s", cfg.Networking.DNSDomain), fmt.Sprintf("--dns-port=%d", kubeDNSPort), // TODO __PILLAR__FEDERATIONS__DOMAIN__MAP__ }, @@ -214,14 +214,14 @@ func createKubeDNSPodSpec(s *kubeadmapi.MasterConfiguration) api.PodSpec { } -func createKubeDNSServiceSpec(s *kubeadmapi.MasterConfiguration) (*api.ServiceSpec, error) { - _, n, err := net.ParseCIDR(s.Networking.ServiceSubnet) +func createKubeDNSServiceSpec(cfg *kubeadmapi.MasterConfiguration) (*api.ServiceSpec, error) { + _, n, err := net.ParseCIDR(cfg.Networking.ServiceSubnet) if err != nil { - return nil, fmt.Errorf("could not parse %q: %v", s.Networking.ServiceSubnet, err) + return nil, fmt.Errorf("could not parse %q: %v", cfg.Networking.ServiceSubnet, err) } ip, err := ipallocator.GetIndexedIP(n, 10) if err != nil { - return nil, fmt.Errorf("unable to allocate IP address for kube-dns addon from the given CIDR (%q) [%v]", s.Networking.ServiceSubnet, err) + return nil, fmt.Errorf("unable to allocate IP address for kube-dns addon from the given CIDR (%q) [%v]", cfg.Networking.ServiceSubnet, err) } svc := &api.ServiceSpec{ @@ -236,11 +236,11 @@ func createKubeDNSServiceSpec(s *kubeadmapi.MasterConfiguration) (*api.ServiceSp return svc, nil } -func CreateEssentialAddons(s *kubeadmapi.MasterConfiguration, client *clientset.Clientset) error { +func CreateEssentialAddons(cfg *kubeadmapi.MasterConfiguration, client *clientset.Clientset) error { arches := [3]string{"amd64", "arm", "arm64"} for _, arch := range arches { - kubeProxyDaemonSet := NewDaemonSet(kubeProxy+"-"+arch, createKubeProxyPodSpec(s, arch)) + kubeProxyDaemonSet := NewDaemonSet(kubeProxy+"-"+arch, createKubeProxyPodSpec(cfg, arch)) SetMasterTaintTolerations(&kubeProxyDaemonSet.Spec.Template.ObjectMeta) if _, err := client.Extensions().DaemonSets(api.NamespaceSystem).Create(kubeProxyDaemonSet); err != nil { @@ -250,14 +250,14 @@ func CreateEssentialAddons(s *kubeadmapi.MasterConfiguration, client *clientset. fmt.Println(" created essential addon: kube-proxy") - kubeDNSDeployment := NewDeployment("kube-dns", 1, createKubeDNSPodSpec(s)) + kubeDNSDeployment := NewDeployment("kube-dns", 1, createKubeDNSPodSpec(cfg)) SetMasterTaintTolerations(&kubeDNSDeployment.Spec.Template.ObjectMeta) if _, err := client.Extensions().Deployments(api.NamespaceSystem).Create(kubeDNSDeployment); err != nil { return fmt.Errorf(" failed creating essential kube-dns addon [%v]", err) } - kubeDNSServiceSpec, err := createKubeDNSServiceSpec(s) + kubeDNSServiceSpec, err := createKubeDNSServiceSpec(cfg) if err != nil { return fmt.Errorf(" failed creating essential kube-dns addon - %v", err) } diff --git a/cmd/kubeadm/app/master/discovery.go b/cmd/kubeadm/app/master/discovery.go index b8ef587396b..0959d9d5a95 100644 --- a/cmd/kubeadm/app/master/discovery.go +++ b/cmd/kubeadm/app/master/discovery.go @@ -40,18 +40,18 @@ const ( kubeDiscoverySecretName = "clusterinfo" ) -func encodeKubeDiscoverySecretData(s *kubeadmapi.MasterConfiguration, caCert *x509.Certificate) map[string][]byte { +func encodeKubeDiscoverySecretData(cfg *kubeadmapi.MasterConfiguration, caCert *x509.Certificate) map[string][]byte { var ( data = map[string][]byte{} endpointList = []string{} tokenMap = map[string]string{} ) - for _, addr := range s.API.AdvertiseAddresses { - endpointList = append(endpointList, fmt.Sprintf("https://%s:%d", addr, s.API.BindPort)) + for _, addr := range cfg.API.AdvertiseAddresses { + endpointList = append(endpointList, fmt.Sprintf("https://%s:%d", addr, cfg.API.BindPort)) } - tokenMap[s.Secrets.TokenID] = s.Secrets.BearerToken + tokenMap[cfg.Secrets.TokenID] = cfg.Secrets.BearerToken data["endpoint-list.json"], _ = json.Marshal(endpointList) data["token-map.json"], _ = json.Marshal(tokenMap) @@ -60,7 +60,7 @@ func encodeKubeDiscoverySecretData(s *kubeadmapi.MasterConfiguration, caCert *x5 return data } -func newKubeDiscoveryPodSpec(s *kubeadmapi.MasterConfiguration) api.PodSpec { +func newKubeDiscoveryPodSpec(cfg *kubeadmapi.MasterConfiguration) api.PodSpec { envParams := kubeadmapi.GetEnvParams() return api.PodSpec{ // We have to use host network namespace, as `HostPort`/`HostIP` are Docker's @@ -80,7 +80,7 @@ func newKubeDiscoveryPodSpec(s *kubeadmapi.MasterConfiguration) api.PodSpec { Ports: []api.ContainerPort{ // TODO when CNI issue (#31307) is resolved, we should consider adding // `HostIP: s.API.AdvertiseAddrs[0]`, if there is only one address` - {Name: "http", ContainerPort: kubeadmapi.DefaultDiscoveryBindPort, HostPort: s.Discovery.BindPort}, + {Name: "http", ContainerPort: kubeadmapi.DefaultDiscoveryBindPort, HostPort: cfg.Discovery.BindPort}, }, SecurityContext: &api.SecurityContext{ SELinuxOptions: &api.SELinuxOptions{ @@ -101,13 +101,13 @@ func newKubeDiscoveryPodSpec(s *kubeadmapi.MasterConfiguration) api.PodSpec { } } -func newKubeDiscovery(s *kubeadmapi.MasterConfiguration, caCert *x509.Certificate) kubeDiscovery { +func newKubeDiscovery(cfg *kubeadmapi.MasterConfiguration, caCert *x509.Certificate) kubeDiscovery { kd := kubeDiscovery{ - Deployment: NewDeployment(kubeDiscoveryName, 1, newKubeDiscoveryPodSpec(s)), + Deployment: NewDeployment(kubeDiscoveryName, 1, newKubeDiscoveryPodSpec(cfg)), Secret: &api.Secret{ ObjectMeta: api.ObjectMeta{Name: kubeDiscoverySecretName}, Type: api.SecretTypeOpaque, - Data: encodeKubeDiscoverySecretData(s, caCert), + Data: encodeKubeDiscoverySecretData(cfg, caCert), }, } @@ -117,8 +117,8 @@ func newKubeDiscovery(s *kubeadmapi.MasterConfiguration, caCert *x509.Certificat return kd } -func CreateDiscoveryDeploymentAndSecret(s *kubeadmapi.MasterConfiguration, client *clientset.Clientset, caCert *x509.Certificate) error { - kd := newKubeDiscovery(s, caCert) +func CreateDiscoveryDeploymentAndSecret(cfg *kubeadmapi.MasterConfiguration, client *clientset.Clientset, caCert *x509.Certificate) error { + kd := newKubeDiscovery(cfg, caCert) if _, err := client.Extensions().Deployments(api.NamespaceSystem).Create(kd.Deployment); err != nil { return fmt.Errorf(" failed to create %q deployment [%v]", kubeDiscoveryName, err) diff --git a/cmd/kubeadm/app/master/manifests.go b/cmd/kubeadm/app/master/manifests.go index df446d7b974..fa0316ecc4f 100644 --- a/cmd/kubeadm/app/master/manifests.go +++ b/cmd/kubeadm/app/master/manifests.go @@ -53,37 +53,37 @@ const ( // WriteStaticPodManifests builds manifest objects based on user provided configuration and then dumps it to disk // where kubelet will pick and schedule them. -func WriteStaticPodManifests(s *kubeadmapi.MasterConfiguration) error { +func WriteStaticPodManifests(cfg *kubeadmapi.MasterConfiguration) error { envParams := kubeadmapi.GetEnvParams() // Prepare static pod specs staticPodSpecs := map[string]api.Pod{ kubeAPIServer: componentPod(api.Container{ Name: kubeAPIServer, - Image: images.GetCoreImage(images.KubeAPIServerImage, s, envParams["hyperkube_image"]), - Command: getComponentCommand(apiServer, s), + Image: images.GetCoreImage(images.KubeAPIServerImage, cfg, envParams["hyperkube_image"]), + Command: getComponentCommand(apiServer, cfg), VolumeMounts: []api.VolumeMount{certsVolumeMount(), k8sVolumeMount()}, LivenessProbe: componentProbe(8080, "/healthz"), Resources: componentResources("250m"), - }, certsVolume(s), k8sVolume(s)), + }, certsVolume(cfg), k8sVolume(cfg)), kubeControllerManager: componentPod(api.Container{ Name: kubeControllerManager, - Image: images.GetCoreImage(images.KubeControllerManagerImage, s, envParams["hyperkube_image"]), - Command: getComponentCommand(controllerManager, s), + Image: images.GetCoreImage(images.KubeControllerManagerImage, cfg, envParams["hyperkube_image"]), + Command: getComponentCommand(controllerManager, cfg), VolumeMounts: []api.VolumeMount{certsVolumeMount(), k8sVolumeMount()}, LivenessProbe: componentProbe(10252, "/healthz"), Resources: componentResources("200m"), - }, certsVolume(s), k8sVolume(s)), + }, certsVolume(cfg), k8sVolume(cfg)), kubeScheduler: componentPod(api.Container{ Name: kubeScheduler, - Image: images.GetCoreImage(images.KubeSchedulerImage, s, envParams["hyperkube_image"]), - Command: getComponentCommand(scheduler, s), + Image: images.GetCoreImage(images.KubeSchedulerImage, cfg, envParams["hyperkube_image"]), + Command: getComponentCommand(scheduler, cfg), LivenessProbe: componentProbe(10251, "/healthz"), Resources: componentResources("100m"), }), } // Add etcd static pod spec only if external etcd is not configured - if len(s.Etcd.Endpoints) == 0 { + if len(cfg.Etcd.Endpoints) == 0 { staticPodSpecs[etcd] = componentPod(api.Container{ Name: etcd, Command: []string{ @@ -93,7 +93,7 @@ func WriteStaticPodManifests(s *kubeadmapi.MasterConfiguration) error { "--data-dir=/var/etcd/data", }, VolumeMounts: []api.VolumeMount{certsVolumeMount(), etcdVolumeMount(), k8sVolumeMount()}, - Image: images.GetCoreImage(images.KubeEtcdImage, s, envParams["etcd_image"]), + Image: images.GetCoreImage(images.KubeEtcdImage, cfg, envParams["etcd_image"]), LivenessProbe: componentProbe(2379, "/health"), Resources: componentResources("200m"), SecurityContext: &api.SecurityContext{ @@ -105,7 +105,7 @@ func WriteStaticPodManifests(s *kubeadmapi.MasterConfiguration) error { Type: "unconfined_t", }, }, - }, certsVolume(s), etcdVolume(s), k8sVolume(s)) + }, certsVolume(cfg), etcdVolume(cfg), k8sVolume(cfg)) } manifestsPath := path.Join(envParams["kubernetes_dir"], "manifests") @@ -126,7 +126,7 @@ func WriteStaticPodManifests(s *kubeadmapi.MasterConfiguration) error { } // etcdVolume exposes a path on the host in order to guarantee data survival during reboot. -func etcdVolume(s *kubeadmapi.MasterConfiguration) api.Volume { +func etcdVolume(cfg *kubeadmapi.MasterConfiguration) api.Volume { envParams := kubeadmapi.GetEnvParams() return api.Volume{ Name: "etcd", @@ -144,7 +144,7 @@ func etcdVolumeMount() api.VolumeMount { } // certsVolume exposes host SSL certificates to pod containers. -func certsVolume(s *kubeadmapi.MasterConfiguration) api.Volume { +func certsVolume(cfg *kubeadmapi.MasterConfiguration) api.Volume { return api.Volume{ Name: "certs", VolumeSource: api.VolumeSource{ @@ -161,7 +161,7 @@ func certsVolumeMount() api.VolumeMount { } } -func k8sVolume(s *kubeadmapi.MasterConfiguration) api.Volume { +func k8sVolume(cfg *kubeadmapi.MasterConfiguration) api.Volume { envParams := kubeadmapi.GetEnvParams() return api.Volume{ Name: "pki", @@ -221,18 +221,18 @@ func componentPod(container api.Container, volumes ...api.Volume) api.Pod { } } -func getComponentCommand(component string, s *kubeadmapi.MasterConfiguration) (command []string) { +func getComponentCommand(component string, cfg *kubeadmapi.MasterConfiguration) (command []string) { baseFlags := map[string][]string{ apiServer: { "--insecure-bind-address=127.0.0.1", "--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota", - "--service-cluster-ip-range=" + s.Networking.ServiceSubnet, + "--service-cluster-ip-range=" + cfg.Networking.ServiceSubnet, "--service-account-key-file=" + pkiDir + "/apiserver-key.pem", "--client-ca-file=" + pkiDir + "/ca.pem", "--tls-cert-file=" + pkiDir + "/apiserver.pem", "--tls-private-key-file=" + pkiDir + "/apiserver-key.pem", "--token-auth-file=" + pkiDir + "/tokens.csv", - fmt.Sprintf("--secure-port=%d", s.API.BindPort), + fmt.Sprintf("--secure-port=%d", cfg.API.BindPort), "--allow-privileged", }, controllerManager: { @@ -266,30 +266,30 @@ func getComponentCommand(component string, s *kubeadmapi.MasterConfiguration) (c if component == apiServer { // Use first address we are given - if len(s.API.AdvertiseAddresses) > 0 { - command = append(command, fmt.Sprintf("--advertise-address=%s", s.API.AdvertiseAddresses[0])) + if len(cfg.API.AdvertiseAddresses) > 0 { + command = append(command, fmt.Sprintf("--advertise-address=%s", cfg.API.AdvertiseAddresses[0])) } // Check if the user decided to use an external etcd cluster - if len(s.Etcd.Endpoints) > 0 { - command = append(command, fmt.Sprintf("--etcd-servers=%s", strings.Join(s.Etcd.Endpoints, ","))) + if len(cfg.Etcd.Endpoints) > 0 { + command = append(command, fmt.Sprintf("--etcd-servers=%s", strings.Join(cfg.Etcd.Endpoints, ","))) } else { command = append(command, "--etcd-servers=http://127.0.0.1:2379") } // Is etcd secured? - if s.Etcd.CAFile != "" { - command = append(command, fmt.Sprintf("--etcd-cafile=%s", s.Etcd.CAFile)) + if cfg.Etcd.CAFile != "" { + command = append(command, fmt.Sprintf("--etcd-cafile=%s", cfg.Etcd.CAFile)) } - if s.Etcd.CertFile != "" && s.Etcd.KeyFile != "" { - etcdClientFileArg := fmt.Sprintf("--etcd-certfile=%s", s.Etcd.CertFile) - etcdKeyFileArg := fmt.Sprintf("--etcd-keyfile=%s", s.Etcd.KeyFile) + if cfg.Etcd.CertFile != "" && cfg.Etcd.KeyFile != "" { + etcdClientFileArg := fmt.Sprintf("--etcd-certfile=%s", cfg.Etcd.CertFile) + etcdKeyFileArg := fmt.Sprintf("--etcd-keyfile=%s", cfg.Etcd.KeyFile) command = append(command, etcdClientFileArg, etcdKeyFileArg) } } if component == controllerManager { - if s.CloudProvider != "" { - command = append(command, "--cloud-provider="+s.CloudProvider) + if cfg.CloudProvider != "" { + command = append(command, "--cloud-provider="+cfg.CloudProvider) // Only append the --cloud-config option if there's a such file // TODO(phase1+) this won't work unless it's in one of the few directories we bind-mount @@ -299,8 +299,8 @@ func getComponentCommand(component string, s *kubeadmapi.MasterConfiguration) (c } // Let the controller-manager allocate Node CIDRs for the Pod network. // Each node will get a subspace of the address CIDR provided with --pod-network-cidr. - if s.Networking.PodSubnet != "" { - command = append(command, "--allocate-node-cidrs=true", "--cluster-cidr="+s.Networking.PodSubnet) + if cfg.Networking.PodSubnet != "" { + command = append(command, "--allocate-node-cidrs=true", "--cluster-cidr="+cfg.Networking.PodSubnet) } } diff --git a/cmd/kubeadm/app/master/pki.go b/cmd/kubeadm/app/master/pki.go index 485fc93fa71..4ea02a15c51 100644 --- a/cmd/kubeadm/app/master/pki.go +++ b/cmd/kubeadm/app/master/pki.go @@ -46,7 +46,7 @@ func newCertificateAuthority() (*rsa.PrivateKey, *x509.Certificate, error) { return key, cert, nil } -func newServerKeyAndCert(s *kubeadmapi.MasterConfiguration, caCert *x509.Certificate, caKey *rsa.PrivateKey, altNames certutil.AltNames) (*rsa.PrivateKey, *x509.Certificate, error) { +func newServerKeyAndCert(cfg *kubeadmapi.MasterConfiguration, caCert *x509.Certificate, caKey *rsa.PrivateKey, altNames certutil.AltNames) (*rsa.PrivateKey, *x509.Certificate, error) { key, err := certutil.NewPrivateKey() if err != nil { return nil, nil, fmt.Errorf("unabel to create private key [%v]", err) @@ -56,16 +56,16 @@ func newServerKeyAndCert(s *kubeadmapi.MasterConfiguration, caCert *x509.Certifi "kubernetes", "kubernetes.default", "kubernetes.default.svc", - fmt.Sprintf("kubernetes.default.svc.%s", s.Networking.DNSDomain), + fmt.Sprintf("kubernetes.default.svc.%s", cfg.Networking.DNSDomain), } - _, n, err := net.ParseCIDR(s.Networking.ServiceSubnet) + _, n, err := net.ParseCIDR(cfg.Networking.ServiceSubnet) if err != nil { - return nil, nil, fmt.Errorf("error parsing CIDR %q: %v", s.Networking.ServiceSubnet, err) + return nil, nil, fmt.Errorf("error parsing CIDR %q: %v", cfg.Networking.ServiceSubnet, err) } internalAPIServerVirtualIP, err := ipallocator.GetIndexedIP(n, 1) if err != nil { - return nil, nil, fmt.Errorf("unable to allocate IP address for the API server from the given CIDR (%q) [%v]", &s.Networking.ServiceSubnet, err) + return nil, nil, fmt.Errorf("unable to allocate IP address for the API server from the given CIDR (%q) [%v]", &cfg.Networking.ServiceSubnet, err) } altNames.IPs = append(altNames.IPs, internalAPIServerVirtualIP) @@ -143,20 +143,20 @@ func newServiceAccountKey() (*rsa.PrivateKey, error) { // It first generates a self-signed CA certificate, a server certificate (signed by the CA) and a key for // signing service account tokens. It returns CA key and certificate, which is convenient for use with // client config funcs. -func CreatePKIAssets(s *kubeadmapi.MasterConfiguration) (*rsa.PrivateKey, *x509.Certificate, error) { +func CreatePKIAssets(cfg *kubeadmapi.MasterConfiguration) (*rsa.PrivateKey, *x509.Certificate, error) { var ( err error altNames certutil.AltNames ) - for _, a := range s.API.AdvertiseAddresses { + for _, a := range cfg.API.AdvertiseAddresses { if ip := net.ParseIP(a); ip != nil { altNames.IPs = append(altNames.IPs, ip) } else { return nil, nil, fmt.Errorf("could not parse ip %q", a) } } - altNames.DNSNames = append(altNames.DNSNames, s.API.ExternalDNSNames...) + altNames.DNSNames = append(altNames.DNSNames, cfg.API.ExternalDNSNames...) pkiPath := path.Join(kubeadmapi.GetEnvParams()["host_pki_path"]) @@ -172,7 +172,7 @@ func CreatePKIAssets(s *kubeadmapi.MasterConfiguration) (*rsa.PrivateKey, *x509. pub, prv, cert := pathsKeysCerts(pkiPath, "ca") fmt.Printf("Public: %s\nPrivate: %s\nCert: %s\n", pub, prv, cert) - apiKey, apiCert, err := newServerKeyAndCert(s, caCert, caKey, altNames) + apiKey, apiCert, err := newServerKeyAndCert(cfg, caCert, caKey, altNames) if err != nil { return nil, nil, fmt.Errorf(" failure while creating API server keys and certificate - %v", err) }