github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-26 21:17:23 +00:00
Code Issues Projects Releases Wiki Activity

Fix so setup-files don't recreate/invalidate certificates that already exist

Browse Source
This commit is contained in:
Lucas Käldström 2016-04-01 21:23:58 +03:00
parent 76fde46b16
commit 858b9539d5
1 changed files with 37 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
cluster/images/hyperkube/setup-files.sh
View File

@ -23,17 +23,19 @@ set -o errexit
set -o nounset set -o nounset
set -o pipefail set -o pipefail
create_token() {
echo $(cat /dev/urandom | base64 | tr -d "=+/" | dd bs=32 count=1 2> /dev/null)
}
# Additional address of the API server to be added to the # Additional address of the API server to be added to the
# list of Subject Alternative Names of the server TLS certificate # list of Subject Alternative Names of the server TLS certificate
# Should contain internal IP, i.e. IP:10.0.0.1 for 10.0.0.0/24 cluster IP range # Should contain internal IP, i.e. IP:10.0.0.1 for 10.0.0.0/24 cluster IP range
EXTRA_SANS=$1 EXTRA_SANS=$1
create_token() { # Files in /data are persistent across reboots, so we don't want to re-create the files if they already
echo $(cat /dev/urandom | base64 | tr -d "=+/" | dd bs=32 count=1 2> /dev/null) # exist, because the state is persistent in etcd too, and we don't want a conflict between "old" data in
} # etcd and "new" data that this script would create for apiserver. Therefore, if the file exist, skip it.
if [[ ! -f /data/ca.crt ]]; then
# Create basic token authorization
echo "admin,admin,admin" > /data/basic_auth.csv
# Create HTTPS certificates # Create HTTPS certificates
groupadd -f -r kube-cert-test groupadd -f -r kube-cert-test
@ -41,11 +43,33 @@ groupadd -f -r kube-cert-test
# hostname -I gets the ip of the node # hostname -I gets the ip of the node
CERT_DIR=/data CERT_GROUP=kube-cert-test /make-ca-cert.sh $(hostname -I | awk '{print $1}') ${EXTRA_SANS} CERT_DIR=/data CERT_GROUP=kube-cert-test /make-ca-cert.sh $(hostname -I | awk '{print $1}') ${EXTRA_SANS}
echo "Certificates created $(date)"
else
echo "Certificates already found, not recreating."
fi
if [[ ! -f /data/basic_auth.csv ]]; then
# Create basic token authorization
echo "admin,admin,admin" > /data/basic_auth.csv
echo "basic_auth.csv created $(date)"
else
echo "basic_auth.csv already found, not recreating."
fi
if [[ ! -f /data/known_tokens.csv ]]; then
# Create known tokens for service accounts # Create known tokens for service accounts
echo "$(create_token),admin,admin" >> /data/known_tokens.csv echo "$(create_token),admin,admin" >> /data/known_tokens.csv
echo "$(create_token),kubelet,kubelet" >> /data/known_tokens.csv echo "$(create_token),kubelet,kubelet" >> /data/known_tokens.csv
echo "$(create_token),kube_proxy,kube_proxy" >> /data/known_tokens.csv echo "$(create_token),kube_proxy,kube_proxy" >> /data/known_tokens.csv
echo "known_tokens.csv created $(date)"
else
echo "known_tokens.csv already found, not recreating."
fi
while true; do while true; do
sleep 3600 sleep 3600
done done