diff --git a/cmd/kubeadm/app/apis/kubeadm/scheme/scheme.go b/cmd/kubeadm/app/apis/kubeadm/scheme/scheme.go index 5bc5519379a..45a1aa7b535 100644 --- a/cmd/kubeadm/app/apis/kubeadm/scheme/scheme.go +++ b/cmd/kubeadm/app/apis/kubeadm/scheme/scheme.go @@ -24,6 +24,7 @@ import ( utilruntime "k8s.io/apimachinery/pkg/util/runtime" "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm" "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1alpha3" + "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta1" ) // Scheme is the runtime.Scheme to which all kubeadm api types are registered. @@ -41,5 +42,6 @@ func init() { func AddToScheme(scheme *runtime.Scheme) { utilruntime.Must(kubeadm.AddToScheme(scheme)) utilruntime.Must(v1alpha3.AddToScheme(scheme)) - utilruntime.Must(scheme.SetVersionPriority(v1alpha3.SchemeGroupVersion)) + utilruntime.Must(v1beta1.AddToScheme(scheme)) + utilruntime.Must(scheme.SetVersionPriority(v1beta1.SchemeGroupVersion)) } diff --git a/cmd/kubeadm/app/apis/kubeadm/v1beta1/bootstraptokenstring.go b/cmd/kubeadm/app/apis/kubeadm/v1beta1/bootstraptokenstring.go new file mode 100644 index 00000000000..d9d1ed27c5c --- /dev/null +++ b/cmd/kubeadm/app/apis/kubeadm/v1beta1/bootstraptokenstring.go @@ -0,0 +1,86 @@ +/* +Copyright 2018 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1beta1 + +import ( + "fmt" + "strings" + + bootstrapapi "k8s.io/cluster-bootstrap/token/api" + bootstraputil "k8s.io/cluster-bootstrap/token/util" +) + +// BootstrapTokenString is a token of the format abcdef.abcdef0123456789 that is used +// for both validation of the practically of the API server from a joining node's point +// of view and as an authentication method for the node in the bootstrap phase of +// "kubeadm join". This token is and should be short-lived +type BootstrapTokenString struct { + ID string + Secret string +} + +// MarshalJSON implements the json.Marshaler interface. +func (bts BootstrapTokenString) MarshalJSON() ([]byte, error) { + return []byte(fmt.Sprintf(`"%s"`, bts.String())), nil +} + +// UnmarshalJSON implements the json.Unmarshaller interface. +func (bts *BootstrapTokenString) UnmarshalJSON(b []byte) error { + // If the token is represented as "", just return quickly without an error + if len(b) == 0 { + return nil + } + + // Remove unnecessary " characters coming from the JSON parser + token := strings.Replace(string(b), `"`, ``, -1) + // Convert the string Token to a BootstrapTokenString object + newbts, err := NewBootstrapTokenString(token) + if err != nil { + return err + } + bts.ID = newbts.ID + bts.Secret = newbts.Secret + return nil +} + +// String returns the string representation of the BootstrapTokenString +func (bts BootstrapTokenString) String() string { + if len(bts.ID) > 0 && len(bts.Secret) > 0 { + return bootstraputil.TokenFromIDAndSecret(bts.ID, bts.Secret) + } + return "" +} + +// NewBootstrapTokenString converts the given Bootstrap Token as a string +// to the BootstrapTokenString object used for serialization/deserialization +// and internal usage. It also automatically validates that the given token +// is of the right format +func NewBootstrapTokenString(token string) (*BootstrapTokenString, error) { + substrs := bootstraputil.BootstrapTokenRegexp.FindStringSubmatch(token) + // TODO: Add a constant for the 3 value here, and explain better why it's needed (other than because how the regexp parsin works) + if len(substrs) != 3 { + return nil, fmt.Errorf("the bootstrap token %q was not of the form %q", token, bootstrapapi.BootstrapTokenPattern) + } + + return &BootstrapTokenString{ID: substrs[1], Secret: substrs[2]}, nil +} + +// NewBootstrapTokenStringFromIDAndSecret is a wrapper around NewBootstrapTokenString +// that allows the caller to specify the ID and Secret separately +func NewBootstrapTokenStringFromIDAndSecret(id, secret string) (*BootstrapTokenString, error) { + return NewBootstrapTokenString(bootstraputil.TokenFromIDAndSecret(id, secret)) +} diff --git a/cmd/kubeadm/app/apis/kubeadm/v1beta1/bootstraptokenstring_test.go b/cmd/kubeadm/app/apis/kubeadm/v1beta1/bootstraptokenstring_test.go new file mode 100644 index 00000000000..a9460e19dd9 --- /dev/null +++ b/cmd/kubeadm/app/apis/kubeadm/v1beta1/bootstraptokenstring_test.go @@ -0,0 +1,236 @@ +/* +Copyright 2018 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1beta1 + +import ( + "encoding/json" + "fmt" + "reflect" + "testing" +) + +func TestMarshalJSON(t *testing.T) { + var tests = []struct { + bts BootstrapTokenString + expected string + }{ + {BootstrapTokenString{ID: "abcdef", Secret: "abcdef0123456789"}, `"abcdef.abcdef0123456789"`}, + {BootstrapTokenString{ID: "foo", Secret: "bar"}, `"foo.bar"`}, + {BootstrapTokenString{ID: "h", Secret: "b"}, `"h.b"`}, + } + for _, rt := range tests { + b, err := json.Marshal(rt.bts) + if err != nil { + t.Fatalf("json.Marshal returned an unexpected error: %v", err) + } + if string(b) != rt.expected { + t.Errorf( + "failed BootstrapTokenString.MarshalJSON:\n\texpected: %s\n\t actual: %s", + rt.expected, + string(b), + ) + } + } +} + +func TestUnmarshalJSON(t *testing.T) { + var tests = []struct { + input string + bts *BootstrapTokenString + expectedError bool + }{ + {`"f.s"`, &BootstrapTokenString{}, true}, + {`"abcdef."`, &BootstrapTokenString{}, true}, + {`"abcdef:abcdef0123456789"`, &BootstrapTokenString{}, true}, + {`abcdef.abcdef0123456789`, &BootstrapTokenString{}, true}, + {`"abcdef.abcdef0123456789`, &BootstrapTokenString{}, true}, + {`"abcdef.ABCDEF0123456789"`, &BootstrapTokenString{}, true}, + {`"abcdef.abcdef0123456789"`, &BootstrapTokenString{ID: "abcdef", Secret: "abcdef0123456789"}, false}, + {`"123456.aabbccddeeffgghh"`, &BootstrapTokenString{ID: "123456", Secret: "aabbccddeeffgghh"}, false}, + } + for _, rt := range tests { + newbts := &BootstrapTokenString{} + err := json.Unmarshal([]byte(rt.input), newbts) + if (err != nil) != rt.expectedError { + t.Errorf("failed BootstrapTokenString.UnmarshalJSON:\n\texpected error: %t\n\t actual error: %v", rt.expectedError, err) + } else if !reflect.DeepEqual(rt.bts, newbts) { + t.Errorf( + "failed BootstrapTokenString.UnmarshalJSON:\n\texpected: %v\n\t actual: %v", + rt.bts, + newbts, + ) + } + } +} + +func TestJSONRoundtrip(t *testing.T) { + var tests = []struct { + input string + bts *BootstrapTokenString + }{ + {`"abcdef.abcdef0123456789"`, nil}, + {"", &BootstrapTokenString{ID: "abcdef", Secret: "abcdef0123456789"}}, + } + for _, rt := range tests { + if err := roundtrip(rt.input, rt.bts); err != nil { + t.Errorf("failed BootstrapTokenString JSON roundtrip with error: %v", err) + } + } +} + +func roundtrip(input string, bts *BootstrapTokenString) error { + var b []byte + var err error + newbts := &BootstrapTokenString{} + // If string input was specified, roundtrip like this: string -> (unmarshal) -> object -> (marshal) -> string + if len(input) > 0 { + if err := json.Unmarshal([]byte(input), newbts); err != nil { + return fmt.Errorf("expected no unmarshal error, got error: %v", err) + } + if b, err = json.Marshal(newbts); err != nil { + return fmt.Errorf("expected no marshal error, got error: %v", err) + } + if input != string(b) { + return fmt.Errorf( + "expected token: %s\n\t actual: %s", + input, + string(b), + ) + } + } else { // Otherwise, roundtrip like this: object -> (marshal) -> string -> (unmarshal) -> object + if b, err = json.Marshal(bts); err != nil { + return fmt.Errorf("expected no marshal error, got error: %v", err) + } + if err := json.Unmarshal(b, newbts); err != nil { + return fmt.Errorf("expected no unmarshal error, got error: %v", err) + } + if !reflect.DeepEqual(bts, newbts) { + return fmt.Errorf( + "expected object: %v\n\t actual: %v", + bts, + newbts, + ) + } + } + return nil +} + +func TestTokenFromIDAndSecret(t *testing.T) { + var tests = []struct { + bts BootstrapTokenString + expected string + }{ + {BootstrapTokenString{ID: "foo", Secret: "bar"}, "foo.bar"}, + {BootstrapTokenString{ID: "abcdef", Secret: "abcdef0123456789"}, "abcdef.abcdef0123456789"}, + {BootstrapTokenString{ID: "h", Secret: "b"}, "h.b"}, + } + for _, rt := range tests { + actual := rt.bts.String() + if actual != rt.expected { + t.Errorf( + "failed BootstrapTokenString.String():\n\texpected: %s\n\t actual: %s", + rt.expected, + actual, + ) + } + } +} + +func TestNewBootstrapTokenString(t *testing.T) { + var tests = []struct { + token string + expectedError bool + bts *BootstrapTokenString + }{ + {token: "", expectedError: true, bts: nil}, + {token: ".", expectedError: true, bts: nil}, + {token: "1234567890123456789012", expectedError: true, bts: nil}, // invalid parcel size + {token: "12345.1234567890123456", expectedError: true, bts: nil}, // invalid parcel size + {token: ".1234567890123456", expectedError: true, bts: nil}, // invalid parcel size + {token: "123456.", expectedError: true, bts: nil}, // invalid parcel size + {token: "123456:1234567890.123456", expectedError: true, bts: nil}, // invalid separation + {token: "abcdef:1234567890123456", expectedError: true, bts: nil}, // invalid separation + {token: "Abcdef.1234567890123456", expectedError: true, bts: nil}, // invalid token id + {token: "123456.AABBCCDDEEFFGGHH", expectedError: true, bts: nil}, // invalid token secret + {token: "123456.AABBCCD-EEFFGGHH", expectedError: true, bts: nil}, // invalid character + {token: "abc*ef.1234567890123456", expectedError: true, bts: nil}, // invalid character + {token: "abcdef.1234567890123456", expectedError: false, bts: &BootstrapTokenString{ID: "abcdef", Secret: "1234567890123456"}}, + {token: "123456.aabbccddeeffgghh", expectedError: false, bts: &BootstrapTokenString{ID: "123456", Secret: "aabbccddeeffgghh"}}, + {token: "abcdef.abcdef0123456789", expectedError: false, bts: &BootstrapTokenString{ID: "abcdef", Secret: "abcdef0123456789"}}, + {token: "123456.1234560123456789", expectedError: false, bts: &BootstrapTokenString{ID: "123456", Secret: "1234560123456789"}}, + } + for _, rt := range tests { + actual, err := NewBootstrapTokenString(rt.token) + if (err != nil) != rt.expectedError { + t.Errorf( + "failed NewBootstrapTokenString for the token %q\n\texpected error: %t\n\t actual error: %v", + rt.token, + rt.expectedError, + err, + ) + } else if !reflect.DeepEqual(actual, rt.bts) { + t.Errorf( + "failed NewBootstrapTokenString for the token %q\n\texpected: %v\n\t actual: %v", + rt.token, + rt.bts, + actual, + ) + } + } +} + +func TestNewBootstrapTokenStringFromIDAndSecret(t *testing.T) { + var tests = []struct { + id, secret string + expectedError bool + bts *BootstrapTokenString + }{ + {id: "", secret: "", expectedError: true, bts: nil}, + {id: "1234567890123456789012", secret: "", expectedError: true, bts: nil}, // invalid parcel size + {id: "12345", secret: "1234567890123456", expectedError: true, bts: nil}, // invalid parcel size + {id: "", secret: "1234567890123456", expectedError: true, bts: nil}, // invalid parcel size + {id: "123456", secret: "", expectedError: true, bts: nil}, // invalid parcel size + {id: "Abcdef", secret: "1234567890123456", expectedError: true, bts: nil}, // invalid token id + {id: "123456", secret: "AABBCCDDEEFFGGHH", expectedError: true, bts: nil}, // invalid token secret + {id: "123456", secret: "AABBCCD-EEFFGGHH", expectedError: true, bts: nil}, // invalid character + {id: "abc*ef", secret: "1234567890123456", expectedError: true, bts: nil}, // invalid character + {id: "abcdef", secret: "1234567890123456", expectedError: false, bts: &BootstrapTokenString{ID: "abcdef", Secret: "1234567890123456"}}, + {id: "123456", secret: "aabbccddeeffgghh", expectedError: false, bts: &BootstrapTokenString{ID: "123456", Secret: "aabbccddeeffgghh"}}, + {id: "abcdef", secret: "abcdef0123456789", expectedError: false, bts: &BootstrapTokenString{ID: "abcdef", Secret: "abcdef0123456789"}}, + {id: "123456", secret: "1234560123456789", expectedError: false, bts: &BootstrapTokenString{ID: "123456", Secret: "1234560123456789"}}, + } + for _, rt := range tests { + actual, err := NewBootstrapTokenStringFromIDAndSecret(rt.id, rt.secret) + if (err != nil) != rt.expectedError { + t.Errorf( + "failed NewBootstrapTokenStringFromIDAndSecret for the token with id %q and secret %q\n\texpected error: %t\n\t actual error: %v", + rt.id, + rt.secret, + rt.expectedError, + err, + ) + } else if !reflect.DeepEqual(actual, rt.bts) { + t.Errorf( + "failed NewBootstrapTokenStringFromIDAndSecret for the token with id %q and secret %q\n\texpected: %v\n\t actual: %v", + rt.id, + rt.secret, + rt.bts, + actual, + ) + } + } +} diff --git a/cmd/kubeadm/app/apis/kubeadm/v1beta1/defaults.go b/cmd/kubeadm/app/apis/kubeadm/v1beta1/defaults.go new file mode 100644 index 00000000000..0b66549e6df --- /dev/null +++ b/cmd/kubeadm/app/apis/kubeadm/v1beta1/defaults.go @@ -0,0 +1,202 @@ +/* +Copyright 2018 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1beta1 + +import ( + "net/url" + "time" + + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/kubernetes/cmd/kubeadm/app/constants" +) + +const ( + // DefaultServiceDNSDomain defines default cluster-internal domain name for Services and Pods + DefaultServiceDNSDomain = "cluster.local" + // DefaultServicesSubnet defines default service subnet range + DefaultServicesSubnet = "10.96.0.0/12" + // DefaultClusterDNSIP defines default DNS IP + DefaultClusterDNSIP = "10.96.0.10" + // DefaultKubernetesVersion defines default kubernetes version + DefaultKubernetesVersion = "stable-1" + // DefaultAPIBindPort defines default API port + DefaultAPIBindPort = 6443 + // DefaultCertificatesDir defines default certificate directory + DefaultCertificatesDir = "/etc/kubernetes/pki" + // DefaultImageRepository defines default image registry + DefaultImageRepository = "k8s.gcr.io" + // DefaultManifestsDir defines default manifests directory + DefaultManifestsDir = "/etc/kubernetes/manifests" + // DefaultClusterName defines the default cluster name + DefaultClusterName = "kubernetes" + + // DefaultEtcdDataDir defines default location of etcd where static pods will save data to + DefaultEtcdDataDir = "/var/lib/etcd" + // DefaultProxyBindAddressv4 is the default bind address when the advertise address is v4 + DefaultProxyBindAddressv4 = "0.0.0.0" + // DefaultProxyBindAddressv6 is the default bind address when the advertise address is v6 + DefaultProxyBindAddressv6 = "::" + // DefaultDiscoveryTimeout specifies the default discovery timeout for kubeadm (used unless one is specified in the JoinConfiguration) + DefaultDiscoveryTimeout = 5 * time.Minute +) + +var ( + // DefaultAuditPolicyLogMaxAge is defined as a var so its address can be taken + // It is the number of days to store audit logs + DefaultAuditPolicyLogMaxAge = int32(2) +) + +func addDefaultingFuncs(scheme *runtime.Scheme) error { + return RegisterDefaults(scheme) +} + +// SetDefaults_InitConfiguration assigns default values for the InitConfiguration +func SetDefaults_InitConfiguration(obj *InitConfiguration) { + SetDefaults_ClusterConfiguration(&obj.ClusterConfiguration) + SetDefaults_NodeRegistrationOptions(&obj.NodeRegistration) + SetDefaults_BootstrapTokens(obj) + SetDefaults_APIEndpoint(&obj.APIEndpoint) +} + +// SetDefaults_ClusterConfiguration assigns default values for the ClusterConfiguration +func SetDefaults_ClusterConfiguration(obj *ClusterConfiguration) { + if obj.KubernetesVersion == "" { + obj.KubernetesVersion = DefaultKubernetesVersion + } + + if obj.Networking.ServiceSubnet == "" { + obj.Networking.ServiceSubnet = DefaultServicesSubnet + } + + if obj.Networking.DNSDomain == "" { + obj.Networking.DNSDomain = DefaultServiceDNSDomain + } + + if obj.CertificatesDir == "" { + obj.CertificatesDir = DefaultCertificatesDir + } + + if obj.ImageRepository == "" { + obj.ImageRepository = DefaultImageRepository + } + + if obj.ClusterName == "" { + obj.ClusterName = DefaultClusterName + } + + SetDefaults_Etcd(obj) + SetDefaults_AuditPolicyConfiguration(obj) +} + +// SetDefaults_Etcd assigns default values for the Proxy +func SetDefaults_Etcd(obj *ClusterConfiguration) { + if obj.Etcd.External == nil && obj.Etcd.Local == nil { + obj.Etcd.Local = &LocalEtcd{} + } + if obj.Etcd.Local != nil { + if obj.Etcd.Local.DataDir == "" { + obj.Etcd.Local.DataDir = DefaultEtcdDataDir + } + } +} + +// SetDefaults_JoinConfiguration assigns default values to a regular node +func SetDefaults_JoinConfiguration(obj *JoinConfiguration) { + if obj.CACertPath == "" { + obj.CACertPath = DefaultCACertPath + } + if len(obj.TLSBootstrapToken) == 0 { + obj.TLSBootstrapToken = obj.Token + } + if len(obj.DiscoveryToken) == 0 && len(obj.DiscoveryFile) == 0 { + obj.DiscoveryToken = obj.Token + } + // Make sure file URLs become paths + if len(obj.DiscoveryFile) != 0 { + u, err := url.Parse(obj.DiscoveryFile) + if err == nil && u.Scheme == "file" { + obj.DiscoveryFile = u.Path + } + } + if obj.DiscoveryTimeout == nil { + obj.DiscoveryTimeout = &metav1.Duration{ + Duration: DefaultDiscoveryTimeout, + } + } + if obj.ClusterName == "" { + obj.ClusterName = DefaultClusterName + } + + SetDefaults_NodeRegistrationOptions(&obj.NodeRegistration) + SetDefaults_APIEndpoint(&obj.APIEndpoint) +} + +func SetDefaults_NodeRegistrationOptions(obj *NodeRegistrationOptions) { + if obj.CRISocket == "" { + obj.CRISocket = DefaultCRISocket + } +} + +// SetDefaults_AuditPolicyConfiguration sets default values for the AuditPolicyConfiguration +func SetDefaults_AuditPolicyConfiguration(obj *ClusterConfiguration) { + if obj.AuditPolicyConfiguration.LogDir == "" { + obj.AuditPolicyConfiguration.LogDir = constants.StaticPodAuditPolicyLogDir + } + if obj.AuditPolicyConfiguration.LogMaxAge == nil { + obj.AuditPolicyConfiguration.LogMaxAge = &DefaultAuditPolicyLogMaxAge + } +} + +// SetDefaults_BootstrapTokens sets the defaults for the .BootstrapTokens field +// If the slice is empty, it's defaulted with one token. Otherwise it just loops +// through the slice and sets the defaults for the omitempty fields that are TTL, +// Usages and Groups. Token is NOT defaulted with a random one in the API defaulting +// layer, but set to a random value later at runtime if not set before. +func SetDefaults_BootstrapTokens(obj *InitConfiguration) { + + if obj.BootstrapTokens == nil || len(obj.BootstrapTokens) == 0 { + obj.BootstrapTokens = []BootstrapToken{{}} + } + + for i := range obj.BootstrapTokens { + SetDefaults_BootstrapToken(&obj.BootstrapTokens[i]) + } +} + +// SetDefaults_BootstrapToken sets the defaults for an individual Bootstrap Token +func SetDefaults_BootstrapToken(bt *BootstrapToken) { + if bt.TTL == nil { + bt.TTL = &metav1.Duration{ + Duration: constants.DefaultTokenDuration, + } + } + if len(bt.Usages) == 0 { + bt.Usages = constants.DefaultTokenUsages + } + + if len(bt.Groups) == 0 { + bt.Groups = constants.DefaultTokenGroups + } +} + +// SetDefaults_APIEndpoint sets the defaults for the API server instance deployed on a node. +func SetDefaults_APIEndpoint(obj *APIEndpoint) { + if obj.BindPort == 0 { + obj.BindPort = DefaultAPIBindPort + } +} diff --git a/cmd/kubeadm/app/apis/kubeadm/v1beta1/defaults_unix.go b/cmd/kubeadm/app/apis/kubeadm/v1beta1/defaults_unix.go new file mode 100644 index 00000000000..1c0161bffc6 --- /dev/null +++ b/cmd/kubeadm/app/apis/kubeadm/v1beta1/defaults_unix.go @@ -0,0 +1,28 @@ +// +build !windows + +/* +Copyright 2018 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1beta1 + +const ( + // DefaultCACertPath defines default location of CA certificate on Linux + DefaultCACertPath = "/etc/kubernetes/pki/ca.crt" + // DefaultSocketUrlScheme defines default socket url prefix + DefaultUrlScheme = "unix" + // DefaultCRISocket defines the default cri socket + DefaultCRISocket = "/var/run/dockershim.sock" +) diff --git a/cmd/kubeadm/app/apis/kubeadm/v1beta1/defaults_windows.go b/cmd/kubeadm/app/apis/kubeadm/v1beta1/defaults_windows.go new file mode 100644 index 00000000000..8261f2e8919 --- /dev/null +++ b/cmd/kubeadm/app/apis/kubeadm/v1beta1/defaults_windows.go @@ -0,0 +1,28 @@ +// +build windows + +/* +Copyright 2018 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1beta1 + +const ( + // DefaultCACertPath defines default location of CA certificate on Windows + DefaultCACertPath = "C:/etc/kubernetes/pki/ca.crt" + // DefaultSocketUrlScheme defines default socket url prefix + DefaultUrlScheme = "tcp" + // DefaultCRISocket defines the default cri socket + DefaultCRISocket = "tcp://localhost:2375" +) diff --git a/cmd/kubeadm/app/apis/kubeadm/v1beta1/doc.go b/cmd/kubeadm/app/apis/kubeadm/v1beta1/doc.go new file mode 100644 index 00000000000..e6db0b95267 --- /dev/null +++ b/cmd/kubeadm/app/apis/kubeadm/v1beta1/doc.go @@ -0,0 +1,145 @@ +/* +Copyright 2018 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// +k8s:defaulter-gen=TypeMeta +// +groupName=kubeadm.k8s.io +// +k8s:deepcopy-gen=package +// +k8s:conversion-gen=k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm + +// Package v1beta1 is the API (config file) for driving the kubeadm binary. +// Some of these options are also available as command line flags, but +// the preferred way to configure kubeadm is to pass a single YAML file with +// multiple configuration types in with the --config option. +// The configuration types should be separated by a line with `---`. +// +// kubeadm uses several API types: +// * InitConfiguration +// https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta1#InitConfiguration +// * JoinConfiguration +// https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta1#JoinConfiguration +// * ClusterConfiguration +// https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta1#ClusterConfiguration +// * KubeProxyConfiguration +// https://godoc.org/k8s.io/kube-proxy/config/v1alpha1#KubeProxyConfiguration +// * KubeletConfiguration +// https://godoc.org/k8s.io/kubelet/config/v1beta1#KubeletConfiguration +// +// For `kubeadm init` you can include the following types: +// InitConfiguration, ClusterConfiguration, KubeProxyConfiguration, KubeletConfiguration +// +// For `kubeadm join` you can include the following types: +// JoinConfiguration, KubeProxyConfiguration, KubeletConfiguration +// +// To print the default values for certain API type you can use: +// kubeadm config print-default --api-objects=, +// +// Here is a fully populated example of a single YAML file containing multiple +// configuration types to be used during a `kubeadm init` run. +// +// apiVersion: kubeadm.k8s.io/v1beta1 +// kind: InitConfiguration +// bootstrapTokens: +// - token: "9a08jv.c0izixklcxtmnze7" +// description: "kubeadm bootstrap token" +// ttl: "24h" +// - token: "783bde.3f89s0fje9f38fhf" +// description: "another bootstrap token" +// usages: +// - signing +// groups: +// - system:anonymous +// nodeRegistration: +// name: "ec2-10-100-0-1" +// criSocket: "/var/run/dockershim.sock" +// taints: +// - key: "kubeadmNode" +// value: "master" +// effect: "NoSchedule" +// kubeletExtraArgs: +// cgroupDriver: "cgroupfs" +// apiEndpoint: +// advertiseAddress: "10.100.0.1" +// bindPort: 6443 +// --- +// apiVersion: kubeadm.k8s.io/v1beta1 +// kind: ClusterConfiguration +// etcd: +// # one of local or external +// local: +// image: "k8s.gcr.io/etcd-amd64:3.2.18" +// dataDir: "/var/lib/etcd" +// extraArgs: +// listen-client-urls: "http://10.100.0.1:2379" +// serverCertSANs: +// - "ec2-10-100-0-1.compute-1.amazonaws.com" +// peerCertSANs: +// - "10.100.0.1" +// external: +// endpoints: +// - "10.100.0.1:2379" +// - "10.100.0.2:2379" +// caFile: "/etcd/kubernetes/pki/etcd/etcd-ca.crt" +// certFile: "/etcd/kubernetes/pki/etcd/etcd.crt" +// certKey: "/etcd/kubernetes/pki/etcd/etcd.key" +// networking: +// serviceSubnet: "10.96.0.0/12" +// podSubnet: "10.100.0.1/24" +// dnsDomain: "cluster.local" +// kubernetesVersion: "v1.12.0" +// controlPlaneEndpoint: "10.100.0.1:6443" +// apiServerExtraArgs: +// authorization-mode: "Node,RBAC" +// controlManagerExtraArgs: +// node-cidr-mask-size: 20 +// schedulerExtraArgs: +// address: "10.100.0.1" +// apiServerExtraVolumes: +// - name: "some-volume" +// hostPath: "/etc/some-path" +// mountPath: "/etc/some-pod-path" +// writable: true +// pathType: File +// controllerManagerExtraVolumes: +// - name: "some-volume" +// hostPath: "/etc/some-path" +// mountPath: "/etc/some-pod-path" +// writable: true +// pathType: File +// schedulerExtraVolumes: +// - name: "some-volume" +// hostPath: "/etc/some-path" +// mountPath: "/etc/some-pod-path" +// writable: true +// pathType: File +// apiServerCertSANs: +// - "10.100.1.1" +// - "ec2-10-100-0-1.compute-1.amazonaws.com" +// certificatesDir: "/etc/kubernetes/pki" +// imageRepository: "k8s.gcr.io" +// unifiedControlPlaneImage: "k8s.gcr.io/controlplane:v1.12.0" +// auditPolicy: +// # https://kubernetes.io/docs/tasks/debug-application-cluster/audit/#audit-policy +// path: "/var/log/audit/audit.json" +// logDir: "/var/log/audit" +// logMaxAge: 7 # in days +// featureGates: +// selfhosting: false +// clusterName: "example-cluster" +// +// TODO: The BootstrapTokenString object should move out to either k8s.io/client-go or k8s.io/api in the future +// (probably as part of Bootstrap Tokens going GA). It should not be staged under the kubeadm API as it is now. +// +package v1beta1 // import "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta1" diff --git a/cmd/kubeadm/app/apis/kubeadm/v1beta1/register.go b/cmd/kubeadm/app/apis/kubeadm/v1beta1/register.go new file mode 100644 index 00000000000..4446e361aed --- /dev/null +++ b/cmd/kubeadm/app/apis/kubeadm/v1beta1/register.go @@ -0,0 +1,68 @@ +/* +Copyright 2018 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1beta1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +// GroupName is the group name use in this package +const GroupName = "kubeadm.k8s.io" + +// SchemeGroupVersion is group version used to register these objects +var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1beta1"} + +var ( + // TODO: move SchemeBuilder with zz_generated.deepcopy.go to k8s.io/api. + // localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes. + + // SchemeBuilder points to a list of functions added to Scheme. + SchemeBuilder runtime.SchemeBuilder + localSchemeBuilder = &SchemeBuilder + // AddToScheme applies all the stored functions to the scheme. + AddToScheme = localSchemeBuilder.AddToScheme +) + +func init() { + // We only register manually written functions here. The registration of the + // generated functions takes place in the generated files. The separation + // makes the code compile even when the generated files are missing. + localSchemeBuilder.Register(addKnownTypes, addDefaultingFuncs) +} + +// Kind takes an unqualified kind and returns a Group qualified GroupKind +func Kind(kind string) schema.GroupKind { + return SchemeGroupVersion.WithKind(kind).GroupKind() +} + +// Resource takes an unqualified resource and returns a Group qualified GroupResource +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} + +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(SchemeGroupVersion, + &InitConfiguration{}, + &ClusterConfiguration{}, + &ClusterStatus{}, + &JoinConfiguration{}, + ) + metav1.AddToGroupVersion(scheme, SchemeGroupVersion) + return nil +} diff --git a/cmd/kubeadm/app/apis/kubeadm/v1beta1/types.go b/cmd/kubeadm/app/apis/kubeadm/v1beta1/types.go new file mode 100644 index 00000000000..11336648121 --- /dev/null +++ b/cmd/kubeadm/app/apis/kubeadm/v1beta1/types.go @@ -0,0 +1,333 @@ +/* +Copyright 2018 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1beta1 + +import ( + "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// InitConfiguration contains a list of elements that is specific "kubeadm init"-only runtime +// information. +type InitConfiguration struct { + metav1.TypeMeta `json:",inline"` + + // ClusterConfiguration holds the cluster-wide information, and embeds that struct (which can be (un)marshalled separately as well) + // When InitConfiguration is marshalled to bytes in the external version, this information IS NOT preserved (which can be seen from + // the `json:"-"` tag. This is due to that when InitConfiguration is (un)marshalled, it turns into two YAML documents, one for the + // InitConfiguration and ClusterConfiguration. Hence, the information must not be duplicated, and is therefore omitted here. + ClusterConfiguration `json:"-"` + + // `kubeadm init`-only information. These fields are solely used the first time `kubeadm init` runs. + // After that, the information in the fields ARE NOT uploaded to the `kubeadm-config` ConfigMap + // that is used by `kubeadm upgrade` for instance. These fields must be omitempty. + + // BootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. + // This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature + BootstrapTokens []BootstrapToken `json:"bootstrapTokens,omitempty"` + + // NodeRegistration holds fields that relate to registering the new master node to the cluster + NodeRegistration NodeRegistrationOptions `json:"nodeRegistration,omitempty"` + + // APIEndpoint represents the endpoint of the instance of the API server to be deployed on this node. + APIEndpoint APIEndpoint `json:"apiEndpoint,omitempty"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// ClusterConfiguration contains cluster-wide configuration for a kubeadm cluster +type ClusterConfiguration struct { + metav1.TypeMeta `json:",inline"` + + // Etcd holds configuration for etcd. + Etcd Etcd `json:"etcd"` + + // Networking holds configuration for the networking topology of the cluster. + Networking Networking `json:"networking"` + + // KubernetesVersion is the target version of the control plane. + KubernetesVersion string `json:"kubernetesVersion"` + + // ControlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it + // can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. + // In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort + // are used; in case the ControlPlaneEndpoint is specified but without a TCP port, + // the BindPort is used. + // Possible usages are: + // e.g. In an cluster with more than one control plane instances, this field should be + // assigned the address of the external load balancer in front of the + // control plane instances. + // e.g. in environments with enforced node recycling, the ControlPlaneEndpoint + // could be used for assigning a stable DNS to the control plane. + ControlPlaneEndpoint string `json:"controlPlaneEndpoint"` + + // APIServerExtraArgs is a set of extra flags to pass to the API Server or override + // default ones in form of =. + // TODO: This is temporary and ideally we would like to switch all components to + // use ComponentConfig + ConfigMaps. + APIServerExtraArgs map[string]string `json:"apiServerExtraArgs,omitempty"` + // ControllerManagerExtraArgs is a set of extra flags to pass to the Controller Manager + // or override default ones in form of = + // TODO: This is temporary and ideally we would like to switch all components to + // use ComponentConfig + ConfigMaps. + ControllerManagerExtraArgs map[string]string `json:"controllerManagerExtraArgs,omitempty"` + // SchedulerExtraArgs is a set of extra flags to pass to the Scheduler or override + // default ones in form of = + // TODO: This is temporary and ideally we would like to switch all components to + // use ComponentConfig + ConfigMaps. + SchedulerExtraArgs map[string]string `json:"schedulerExtraArgs,omitempty"` + + // APIServerExtraVolumes is an extra set of host volumes mounted to the API server. + APIServerExtraVolumes []HostPathMount `json:"apiServerExtraVolumes,omitempty"` + // ControllerManagerExtraVolumes is an extra set of host volumes mounted to the + // Controller Manager. + ControllerManagerExtraVolumes []HostPathMount `json:"controllerManagerExtraVolumes,omitempty"` + // SchedulerExtraVolumes is an extra set of host volumes mounted to the scheduler. + SchedulerExtraVolumes []HostPathMount `json:"schedulerExtraVolumes,omitempty"` + + // APIServerCertSANs sets extra Subject Alternative Names for the API Server signing cert. + APIServerCertSANs []string `json:"apiServerCertSANs,omitempty"` + // CertificatesDir specifies where to store or look for all required certificates. + CertificatesDir string `json:"certificatesDir"` + + // ImageRepository what container registry to pull control plane images from + ImageRepository string `json:"imageRepository"` + // UnifiedControlPlaneImage specifies if a specific container image should + // be used for all control plane components. + UnifiedControlPlaneImage string `json:"unifiedControlPlaneImage"` + + // AuditPolicyConfiguration defines the options for the api server audit system + AuditPolicyConfiguration AuditPolicyConfiguration `json:"auditPolicy"` + + // FeatureGates enabled by the user. + FeatureGates map[string]bool `json:"featureGates,omitempty"` + + // The cluster name + ClusterName string `json:"clusterName,omitempty"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// ClusterStatus contains the cluster status. The ClusterStatus will be stored in the kubeadm-config +// ConfigMap in the cluster, and then updated by kubeadm when additional control plane instance joins or leaves the cluster. +type ClusterStatus struct { + metav1.TypeMeta `json:",inline"` + + // APIEndpoints currently available in the cluster, one for each control plane/api server instance. + // The key of the map is the IP of the host's default interface + APIEndpoints map[string]APIEndpoint `json:"apiEndpoints"` +} + +// APIEndpoint struct contains elements of API server instance deployed on a node. +type APIEndpoint struct { + // AdvertiseAddress sets the IP address for the API server to advertise. + AdvertiseAddress string `json:"advertiseAddress"` + + // BindPort sets the secure port for the API Server to bind to. + // Defaults to 6443. + BindPort int32 `json:"bindPort"` +} + +// NodeRegistrationOptions holds fields that relate to registering a new master or node to the cluster, either via "kubeadm init" or "kubeadm join" +type NodeRegistrationOptions struct { + + // Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm joiƄ` operation. + // This field is also used in the CommonName field of the kubelet's client certificate to the API server. + // Defaults to the hostname of the node if not provided. + Name string `json:"name,omitempty"` + + // CRISocket is used to retrieve container runtime info. This information will be annotated to the Node API object, for later re-use + CRISocket string `json:"criSocket,omitempty"` + + // Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process + // it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your master node, set this field to an + // empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration. + Taints []v1.Taint `json:"taints,omitempty"` + + // KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file + // kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap + // Flags have higher higher priority when parsing. These values are local and specific to the node kubeadm is executing on. + KubeletExtraArgs map[string]string `json:"kubeletExtraArgs,omitempty"` +} + +// Networking contains elements describing cluster's networking configuration +type Networking struct { + // ServiceSubnet is the subnet used by k8s services. Defaults to "10.96.0.0/12". + ServiceSubnet string `json:"serviceSubnet"` + // PodSubnet is the subnet used by pods. + PodSubnet string `json:"podSubnet"` + // DNSDomain is the dns domain used by k8s services. Defaults to "cluster.local". + DNSDomain string `json:"dnsDomain"` +} + +// BootstrapToken describes one bootstrap token, stored as a Secret in the cluster +type BootstrapToken struct { + // Token is used for establishing bidirectional trust between nodes and masters. + // Used for joining nodes in the cluster. + Token *BootstrapTokenString `json:"token"` + // Description sets a human-friendly message why this token exists and what it's used + // for, so other administrators can know its purpose. + Description string `json:"description,omitempty"` + // TTL defines the time to live for this token. Defaults to 24h. + // Expires and TTL are mutually exclusive. + TTL *metav1.Duration `json:"ttl,omitempty"` + // Expires specifies the timestamp when this token expires. Defaults to being set + // dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive. + Expires *metav1.Time `json:"expires,omitempty"` + // Usages describes the ways in which this token can be used. Can by default be used + // for establishing bidirectional trust, but that can be changed here. + Usages []string `json:"usages,omitempty"` + // Groups specifies the extra groups that this token will authenticate as when/if + // used for authentication + Groups []string `json:"groups,omitempty"` +} + +// Etcd contains elements describing Etcd configuration. +type Etcd struct { + + // Local provides configuration knobs for configuring the local etcd instance + // Local and External are mutually exclusive + Local *LocalEtcd `json:"local,omitempty"` + + // External describes how to connect to an external etcd cluster + // Local and External are mutually exclusive + External *ExternalEtcd `json:"external,omitempty"` +} + +// LocalEtcd describes that kubeadm should run an etcd cluster locally +type LocalEtcd struct { + + // Image specifies which container image to use for running etcd. + // If empty, automatically populated by kubeadm using the image + // repository and default etcd version. + Image string `json:"image"` + + // DataDir is the directory etcd will place its data. + // Defaults to "/var/lib/etcd". + DataDir string `json:"dataDir"` + + // ExtraArgs are extra arguments provided to the etcd binary + // when run inside a static pod. + ExtraArgs map[string]string `json:"extraArgs,omitempty"` + + // ServerCertSANs sets extra Subject Alternative Names for the etcd server signing cert. + ServerCertSANs []string `json:"serverCertSANs,omitempty"` + // PeerCertSANs sets extra Subject Alternative Names for the etcd peer signing cert. + PeerCertSANs []string `json:"peerCertSANs,omitempty"` +} + +// ExternalEtcd describes an external etcd cluster +type ExternalEtcd struct { + // Endpoints of etcd members. Required for ExternalEtcd. + Endpoints []string `json:"endpoints"` + // CAFile is an SSL Certificate Authority file used to secure etcd communication. + CAFile string `json:"caFile"` + // CertFile is an SSL certification file used to secure etcd communication. + CertFile string `json:"certFile"` + // KeyFile is an SSL key file used to secure etcd communication. + KeyFile string `json:"keyFile"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// JoinConfiguration contains elements describing a particular node. +// TODO: This struct should be replaced by dynamic kubelet configuration. +type JoinConfiguration struct { + metav1.TypeMeta `json:",inline"` + + // NodeRegistration holds fields that relate to registering the new master node to the cluster + NodeRegistration NodeRegistrationOptions `json:"nodeRegistration"` + + // CACertPath is the path to the SSL certificate authority used to + // secure comunications between node and master. + // Defaults to "/etc/kubernetes/pki/ca.crt". + CACertPath string `json:"caCertPath"` + // DiscoveryFile is a file or url to a kubeconfig file from which to + // load cluster information. + DiscoveryFile string `json:"discoveryFile"` + // DiscoveryToken is a token used to validate cluster information + // fetched from the master. + DiscoveryToken string `json:"discoveryToken"` + // DiscoveryTokenAPIServers is a set of IPs to API servers from which info + // will be fetched. Currently we only pay attention to one API server but + // hope to support >1 in the future. + DiscoveryTokenAPIServers []string `json:"discoveryTokenAPIServers,omitempty"` + // DiscoveryTimeout modifies the discovery timeout + DiscoveryTimeout *metav1.Duration `json:"discoveryTimeout,omitempty"` + // TLSBootstrapToken is a token used for TLS bootstrapping. + // Defaults to Token. + TLSBootstrapToken string `json:"tlsBootstrapToken"` + // Token is used for both discovery and TLS bootstrapping. + Token string `json:"token"` + + // ClusterName is the name for the cluster in kubeconfig. + ClusterName string `json:"clusterName,omitempty"` + + // DiscoveryTokenCACertHashes specifies a set of public key pins to verify + // when token-based discovery is used. The root CA found during discovery + // must match one of these values. Specifying an empty set disables root CA + // pinning, which can be unsafe. Each hash is specified as ":", + // where the only currently supported type is "sha256". This is a hex-encoded + // SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded + // ASN.1. These hashes can be calculated using, for example, OpenSSL: + // openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex + DiscoveryTokenCACertHashes []string `json:"discoveryTokenCACertHashes,omitempty"` + + // DiscoveryTokenUnsafeSkipCAVerification allows token-based discovery + // without CA verification via DiscoveryTokenCACertHashes. This can weaken + // the security of kubeadm since other nodes can impersonate the master. + DiscoveryTokenUnsafeSkipCAVerification bool `json:"discoveryTokenUnsafeSkipCAVerification"` + + // ControlPlane flag specifies that the joining node should host an additional + // control plane instance. + ControlPlane bool `json:"controlPlane,omitempty"` + + // APIEndpoint represents the endpoint of the instance of the API server eventually to be deployed on this node. + APIEndpoint APIEndpoint `json:"apiEndpoint,omitempty"` + + // FeatureGates enabled by the user. + FeatureGates map[string]bool `json:"featureGates,omitempty"` +} + +// HostPathMount contains elements describing volumes that are mounted from the +// host. +type HostPathMount struct { + // Name of the volume inside the pod template. + Name string `json:"name"` + // HostPath is the path in the host that will be mounted inside + // the pod. + HostPath string `json:"hostPath"` + // MountPath is the path inside the pod where hostPath will be mounted. + MountPath string `json:"mountPath"` + // Writable controls write access to the volume + Writable bool `json:"writable,omitempty"` + // PathType is the type of the HostPath. + PathType v1.HostPathType `json:"pathType,omitempty"` +} + +// AuditPolicyConfiguration holds the options for configuring the api server audit policy. +type AuditPolicyConfiguration struct { + // Path is the local path to an audit policy. + Path string `json:"path"` + // LogDir is the local path to the directory where logs should be stored. + LogDir string `json:"logDir"` + // LogMaxAge is the number of days logs will be stored for. 0 indicates forever. + LogMaxAge *int32 `json:"logMaxAge,omitempty"` + //TODO(chuckha) add other options for audit policy. +} diff --git a/cmd/kubeadm/app/cmd/config.go b/cmd/kubeadm/app/cmd/config.go index 1ff6cb05c78..d5b9ce00124 100644 --- a/cmd/kubeadm/app/cmd/config.go +++ b/cmd/kubeadm/app/cmd/config.go @@ -33,6 +33,7 @@ import ( kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm" kubeadmscheme "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/scheme" kubeadmapiv1alpha3 "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1alpha3" + kubeadmapiv1beta1 "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta1" "k8s.io/kubernetes/cmd/kubeadm/app/cmd/options" phaseutil "k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases" cmdutil "k8s.io/kubernetes/cmd/kubeadm/app/cmd/util" @@ -230,6 +231,7 @@ func NewCmdConfigMigrate(out io.Writer) *cobra.Command { locally in the CLI tool without ever touching anything in the cluster. In this version of kubeadm, the following API versions are supported: - %s + - %s Further, kubeadm can only write out config of version %q, but read both types. So regardless of what version you pass to the --old-config parameter here, the API object will be @@ -238,7 +240,7 @@ func NewCmdConfigMigrate(out io.Writer) *cobra.Command { In other words, the output of this command is what kubeadm actually would read internally if you submitted this file to "kubeadm init" - `), kubeadmapiv1alpha3.SchemeGroupVersion.String(), kubeadmapiv1alpha3.SchemeGroupVersion.String()), + `), kubeadmapiv1alpha3.SchemeGroupVersion.String(), kubeadmapiv1beta1.SchemeGroupVersion.String(), kubeadmapiv1beta1.SchemeGroupVersion.String()), Run: func(cmd *cobra.Command, args []string) { if len(oldCfgPath) == 0 { kubeadmutil.CheckErr(fmt.Errorf("The --old-config flag is mandatory"))