mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-29 22:46:12 +00:00
remove --ssh- options, deprecated 13 releases, that only work on GCE
This commit is contained in:
David Eads
parent
9d6e5049bb
commit
84590fe27c
@ -75,8 +75,6 @@ type ServerRunOptions struct {
|
|||||||
APIServerServiceIP net.IP
|
APIServerServiceIP net.IP
|
||||||
|
|
||||||
ServiceNodePortRange utilnet.PortRange
|
ServiceNodePortRange utilnet.PortRange
|
||||||
SSHKeyfile string
|
|
||||||
SSHUser string
|
|
||||||
|
|
||||||
ProxyClientCertFile string
|
ProxyClientCertFile string
|
||||||
ProxyClientKeyFile string
|
ProxyClientKeyFile string
|
||||||
@ -196,16 +194,6 @@ func (s *ServerRunOptions) Flags() (fss cliflag.NamedFlagSets) {
|
|||||||
"If true, install a /logs handler for the apiserver logs.")
|
"If true, install a /logs handler for the apiserver logs.")
|
||||||
fs.MarkDeprecated("enable-logs-handler", "This flag will be removed in v1.19")
|
fs.MarkDeprecated("enable-logs-handler", "This flag will be removed in v1.19")
|
||||||
|
|
||||||
// Deprecated in release 1.9
|
|
||||||
fs.StringVar(&s.SSHUser, "ssh-user", s.SSHUser,
|
|
||||||
"If non-empty, use secure SSH proxy to the nodes, using this user name")
|
|
||||||
fs.MarkDeprecated("ssh-user", "This flag will be removed in a future version.")
|
|
||||||
|
|
||||||
// Deprecated in release 1.9
|
|
||||||
fs.StringVar(&s.SSHKeyfile, "ssh-keyfile", s.SSHKeyfile,
|
|
||||||
"If non-empty, use secure SSH proxy to the nodes, using this user keyfile")
|
|
||||||
fs.MarkDeprecated("ssh-keyfile", "This flag will be removed in a future version.")
|
|
||||||
|
|
||||||
fs.Int64Var(&s.MaxConnectionBytesPerSec, "max-connection-bytes-per-sec", s.MaxConnectionBytesPerSec, ""+
|
fs.Int64Var(&s.MaxConnectionBytesPerSec, "max-connection-bytes-per-sec", s.MaxConnectionBytesPerSec, ""+
|
||||||
"If non-zero, throttle each user connection to this number of bytes/sec. "+
|
"If non-zero, throttle each user connection to this number of bytes/sec. "+
|
||||||
"Currently only applies to long-running requests.")
|
"Currently only applies to long-running requests.")
|
||||||
|
|||||||
@ -26,7 +26,6 @@ import (
|
|||||||
"net/http"
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
"os"
|
"os"
|
||||||
"strconv"
|
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
@ -55,7 +54,6 @@ import (
|
|||||||
clientgoclientset "k8s.io/client-go/kubernetes"
|
clientgoclientset "k8s.io/client-go/kubernetes"
|
||||||
"k8s.io/client-go/rest"
|
"k8s.io/client-go/rest"
|
||||||
"k8s.io/client-go/util/keyutil"
|
"k8s.io/client-go/util/keyutil"
|
||||||
cloudprovider "k8s.io/cloud-provider"
|
|
||||||
cliflag "k8s.io/component-base/cli/flag"
|
cliflag "k8s.io/component-base/cli/flag"
|
||||||
"k8s.io/component-base/cli/globalflag"
|
"k8s.io/component-base/cli/globalflag"
|
||||||
_ "k8s.io/component-base/metrics/prometheus/workqueue" // for workqueue metric registration
|
_ "k8s.io/component-base/metrics/prometheus/workqueue" // for workqueue metric registration
|
||||||
@ -71,8 +69,6 @@ import (
|
|||||||
"k8s.io/kubernetes/pkg/capabilities"
|
"k8s.io/kubernetes/pkg/capabilities"
|
||||||
"k8s.io/kubernetes/pkg/controlplane"
|
"k8s.io/kubernetes/pkg/controlplane"
|
||||||
"k8s.io/kubernetes/pkg/controlplane/reconcilers"
|
"k8s.io/kubernetes/pkg/controlplane/reconcilers"
|
||||||
"k8s.io/kubernetes/pkg/controlplane/tunneler"
|
|
||||||
"k8s.io/kubernetes/pkg/features"
|
|
||||||
generatedopenapi "k8s.io/kubernetes/pkg/generated/openapi"
|
generatedopenapi "k8s.io/kubernetes/pkg/generated/openapi"
|
||||||
"k8s.io/kubernetes/pkg/kubeapiserver"
|
"k8s.io/kubernetes/pkg/kubeapiserver"
|
||||||
kubeapiserveradmission "k8s.io/kubernetes/pkg/kubeapiserver/admission"
|
kubeapiserveradmission "k8s.io/kubernetes/pkg/kubeapiserver/admission"
|
||||||
@ -186,19 +182,14 @@ func Run(completeOptions completedServerRunOptions, stopCh <-chan struct{}) erro
|
|||||||
|
|
||||||
// CreateServerChain creates the apiservers connected via delegation.
|
// CreateServerChain creates the apiservers connected via delegation.
|
||||||
func CreateServerChain(completedOptions completedServerRunOptions, stopCh <-chan struct{}) (*aggregatorapiserver.APIAggregator, error) {
|
func CreateServerChain(completedOptions completedServerRunOptions, stopCh <-chan struct{}) (*aggregatorapiserver.APIAggregator, error) {
|
||||||
nodeTunneler, proxyTransport, err := CreateNodeDialer(completedOptions)
|
kubeAPIServerConfig, serviceResolver, pluginInitializer, err := CreateKubeAPIServerConfig(completedOptions)
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
kubeAPIServerConfig, serviceResolver, pluginInitializer, err := CreateKubeAPIServerConfig(completedOptions, nodeTunneler, proxyTransport)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
// If additional API servers are added, they should be gated.
|
// If additional API servers are added, they should be gated.
|
||||||
apiExtensionsConfig, err := createAPIExtensionsConfig(*kubeAPIServerConfig.GenericConfig, kubeAPIServerConfig.ExtraConfig.VersionedInformers, pluginInitializer, completedOptions.ServerRunOptions, completedOptions.MasterCount,
|
apiExtensionsConfig, err := createAPIExtensionsConfig(*kubeAPIServerConfig.GenericConfig, kubeAPIServerConfig.ExtraConfig.VersionedInformers, pluginInitializer, completedOptions.ServerRunOptions, completedOptions.MasterCount,
|
||||||
serviceResolver, webhook.NewDefaultAuthenticationInfoResolverWrapper(proxyTransport, kubeAPIServerConfig.GenericConfig.EgressSelector, kubeAPIServerConfig.GenericConfig.LoopbackClientConfig))
|
serviceResolver, webhook.NewDefaultAuthenticationInfoResolverWrapper(kubeAPIServerConfig.ExtraConfig.ProxyTransport, kubeAPIServerConfig.GenericConfig.EgressSelector, kubeAPIServerConfig.GenericConfig.LoopbackClientConfig))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
@ -213,7 +204,7 @@ func CreateServerChain(completedOptions completedServerRunOptions, stopCh <-chan
|
|||||||
}
|
}
|
||||||
|
|
||||||
// aggregator comes last in the chain
|
// aggregator comes last in the chain
|
||||||
aggregatorConfig, err := createAggregatorConfig(*kubeAPIServerConfig.GenericConfig, completedOptions.ServerRunOptions, kubeAPIServerConfig.ExtraConfig.VersionedInformers, serviceResolver, proxyTransport, pluginInitializer)
|
aggregatorConfig, err := createAggregatorConfig(*kubeAPIServerConfig.GenericConfig, completedOptions.ServerRunOptions, kubeAPIServerConfig.ExtraConfig.VersionedInformers, serviceResolver, kubeAPIServerConfig.ExtraConfig.ProxyTransport, pluginInitializer)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
@ -236,72 +227,27 @@ func CreateKubeAPIServer(kubeAPIServerConfig *controlplane.Config, delegateAPISe
|
|||||||
return kubeAPIServer, nil
|
return kubeAPIServer, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// CreateNodeDialer creates the dialer infrastructure to connect to the nodes.
|
// CreateProxyTransport creates the dialer infrastructure to connect to the nodes.
|
||||||
func CreateNodeDialer(s completedServerRunOptions) (tunneler.Tunneler, *http.Transport, error) {
|
func CreateProxyTransport() *http.Transport {
|
||||||
// Setup nodeTunneler if needed
|
|
||||||
var nodeTunneler tunneler.Tunneler
|
|
||||||
var proxyDialerFn utilnet.DialFunc
|
var proxyDialerFn utilnet.DialFunc
|
||||||
if len(s.SSHUser) > 0 {
|
|
||||||
// Get ssh key distribution func, if supported
|
|
||||||
var installSSHKey tunneler.InstallSSHKey
|
|
||||||
|
|
||||||
if utilfeature.DefaultFeatureGate.Enabled(features.DisableCloudProviders) && cloudprovider.IsDeprecatedInternal(s.CloudProvider.CloudProvider) {
|
|
||||||
cloudprovider.DisableWarningForProvider(s.CloudProvider.CloudProvider)
|
|
||||||
return nil, nil, fmt.Errorf("cloud provider %q and ssh-user %q was specified, but built-in cloud providers are disabled. "+
|
|
||||||
"Please set --cloud-provider=external and use an external network proxy, see https://github.com/kubernetes-sigs/apiserver-network-proxy",
|
|
||||||
s.CloudProvider.CloudProvider, s.SSHUser)
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
cloudprovider.DeprecationWarningForProvider(s.CloudProvider.CloudProvider)
|
|
||||||
cloud, err := cloudprovider.InitCloudProvider(s.CloudProvider.CloudProvider, s.CloudProvider.CloudConfigFile)
|
|
||||||
if err != nil {
|
|
||||||
return nil, nil, fmt.Errorf("cloud provider could not be initialized: %v", err)
|
|
||||||
}
|
|
||||||
if cloud != nil {
|
|
||||||
if instances, supported := cloud.Instances(); supported {
|
|
||||||
installSSHKey = instances.AddSSHKeyToAllInstances
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if s.KubeletConfig.Port == 0 {
|
|
||||||
return nil, nil, fmt.Errorf("must enable kubelet port if proxy ssh-tunneling is specified")
|
|
||||||
}
|
|
||||||
if s.KubeletConfig.ReadOnlyPort == 0 {
|
|
||||||
return nil, nil, fmt.Errorf("must enable kubelet readonly port if proxy ssh-tunneling is specified")
|
|
||||||
}
|
|
||||||
// Set up the nodeTunneler
|
|
||||||
// TODO(cjcullen): If we want this to handle per-kubelet ports or other
|
|
||||||
// kubelet listen-addresses, we need to plumb through options.
|
|
||||||
healthCheckPath := &url.URL{
|
|
||||||
Scheme: "http",
|
|
||||||
Host: net.JoinHostPort("127.0.0.1", strconv.FormatUint(uint64(s.KubeletConfig.ReadOnlyPort), 10)),
|
|
||||||
Path: "healthz",
|
|
||||||
}
|
|
||||||
nodeTunneler = tunneler.New(s.SSHUser, s.SSHKeyfile, healthCheckPath, installSSHKey)
|
|
||||||
|
|
||||||
// Use the nodeTunneler's dialer when proxying to pods, services, and nodes
|
|
||||||
proxyDialerFn = nodeTunneler.Dial
|
|
||||||
}
|
|
||||||
// Proxying to pods and services is IP-based... don't expect to be able to verify the hostname
|
// Proxying to pods and services is IP-based... don't expect to be able to verify the hostname
|
||||||
proxyTLSClientConfig := &tls.Config{InsecureSkipVerify: true}
|
proxyTLSClientConfig := &tls.Config{InsecureSkipVerify: true}
|
||||||
proxyTransport := utilnet.SetTransportDefaults(&http.Transport{
|
proxyTransport := utilnet.SetTransportDefaults(&http.Transport{
|
||||||
DialContext: proxyDialerFn,
|
DialContext: proxyDialerFn,
|
||||||
TLSClientConfig: proxyTLSClientConfig,
|
TLSClientConfig: proxyTLSClientConfig,
|
||||||
})
|
})
|
||||||
return nodeTunneler, proxyTransport, nil
|
return proxyTransport
|
||||||
}
|
}
|
||||||
|
|
||||||
// CreateKubeAPIServerConfig creates all the resources for running the API server, but runs none of them
|
// CreateKubeAPIServerConfig creates all the resources for running the API server, but runs none of them
|
||||||
func CreateKubeAPIServerConfig(
|
func CreateKubeAPIServerConfig(s completedServerRunOptions) (
|
||||||
s completedServerRunOptions,
|
|
||||||
nodeTunneler tunneler.Tunneler,
|
|
||||||
proxyTransport *http.Transport,
|
|
||||||
) (
|
|
||||||
*controlplane.Config,
|
*controlplane.Config,
|
||||||
aggregatorapiserver.ServiceResolver,
|
aggregatorapiserver.ServiceResolver,
|
||||||
[]admission.PluginInitializer,
|
[]admission.PluginInitializer,
|
||||||
error,
|
error,
|
||||||
) {
|
) {
|
||||||
|
proxyTransport := CreateProxyTransport()
|
||||||
|
|
||||||
genericConfig, versionedInformers, serviceResolver, pluginInitializers, admissionPostStartHook, storageFactory, err := buildGenericConfig(s.ServerRunOptions, proxyTransport)
|
genericConfig, versionedInformers, serviceResolver, pluginInitializers, admissionPostStartHook, storageFactory, err := buildGenericConfig(s.ServerRunOptions, proxyTransport)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, nil, nil, err
|
return nil, nil, nil, err
|
||||||
@ -339,8 +285,6 @@ func CreateKubeAPIServerConfig(
|
|||||||
EnableLogsSupport: s.EnableLogsHandler,
|
EnableLogsSupport: s.EnableLogsHandler,
|
||||||
ProxyTransport: proxyTransport,
|
ProxyTransport: proxyTransport,
|
||||||
|
|
||||||
Tunneler: nodeTunneler,
|
|
||||||
|
|
||||||
ServiceIPRange: s.PrimaryServiceClusterIPRange,
|
ServiceIPRange: s.PrimaryServiceClusterIPRange,
|
||||||
APIServerServiceIP: s.APIServerServiceIP,
|
APIServerServiceIP: s.APIServerServiceIP,
|
||||||
SecondaryServiceIPRange: s.SecondaryServiceClusterIPRange,
|
SecondaryServiceIPRange: s.SecondaryServiceClusterIPRange,
|
||||||
@ -386,10 +330,6 @@ func CreateKubeAPIServerConfig(
|
|||||||
return nil, nil, nil, err
|
return nil, nil, nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
if nodeTunneler != nil {
|
|
||||||
// Use the nodeTunneler's dialer to connect to the kubelet
|
|
||||||
config.ExtraConfig.KubeletClientConfig.Dial = nodeTunneler.Dial
|
|
||||||
}
|
|
||||||
if config.GenericConfig.EgressSelector != nil {
|
if config.GenericConfig.EgressSelector != nil {
|
||||||
// Use the config.GenericConfig.EgressSelector lookup to find the dialer to connect to the kubelet
|
// Use the config.GenericConfig.EgressSelector lookup to find the dialer to connect to the kubelet
|
||||||
config.ExtraConfig.KubeletClientConfig.Lookup = config.GenericConfig.EgressSelector.Lookup
|
config.ExtraConfig.KubeletClientConfig.Lookup = config.GenericConfig.EgressSelector.Lookup
|
||||||
|
|||||||
@ -149,7 +149,7 @@ type ExtraConfig struct {
|
|||||||
// Used to start and monitor tunneling
|
// Used to start and monitor tunneling
|
||||||
Tunneler tunneler.Tunneler
|
Tunneler tunneler.Tunneler
|
||||||
EnableLogsSupport bool
|
EnableLogsSupport bool
|
||||||
ProxyTransport http.RoundTripper
|
ProxyTransport *http.Transport
|
||||||
|
|
||||||
// Values to build the IP addresses used by discovery
|
// Values to build the IP addresses used by discovery
|
||||||
// The range of IPs to be assigned to services with type=ClusterIP or greater
|
// The range of IPs to be assigned to services with type=ClusterIP or greater
|
||||||
|
|||||||
@ -135,11 +135,7 @@ func StartTestServer(t *testing.T, stopCh <-chan struct{}, setup TestServerSetup
|
|||||||
t.Fatalf("failed to validate ServerRunOptions: %v", utilerrors.NewAggregate(errs))
|
t.Fatalf("failed to validate ServerRunOptions: %v", utilerrors.NewAggregate(errs))
|
||||||
}
|
}
|
||||||
|
|
||||||
tunneler, proxyTransport, err := app.CreateNodeDialer(completedOptions)
|
kubeAPIServerConfig, _, _, err := app.CreateKubeAPIServerConfig(completedOptions)
|
||||||
if err != nil {
|
|
||||||
t.Fatal(err)
|
|
||||||
}
|
|
||||||
kubeAPIServerConfig, _, _, err := app.CreateKubeAPIServerConfig(completedOptions, tunneler, proxyTransport)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user