github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-29 06:27:05 +00:00
Code Issues Projects Releases Wiki Activity

Update token users if needed

Browse Source
This commit is contained in:
Jordan Liggitt 2017-01-06 15:35:53 -05:00
parent 21b422fccc
commit 968b0b30cf
No known key found for this signature in database
GPG Key ID: 24E7ADF9A3B42012
2 changed files with 40 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
cluster/gce/container-linux/configure-helper.sh
View File

@ -127,6 +127,20 @@ function mount-master-pd {
chgrp -R etcd "${mount_point}/var/etcd" chgrp -R etcd "${mount_point}/var/etcd"
} }
# replace_prefixed_line ensures:
# 1. the specified file exists
# 2. existing lines with the specified ${prefix} are removed
# 3. a new line with the specified ${prefix}${suffix} is appended
function replace_prefixed_line {
local -r file="${1:-}"
local -r prefix="${2:-}"
local -r suffix="${3:-}"
touch "${file}"
awk "substr(\$0,0,length(\"${prefix}\")) != \"${prefix}\" { print }" "${file}" > "${file}.filtered" && mv "${file}.filtered" "${file}"
echo "${prefix}${suffix}" >> "${file}"
}
# After the first boot and on upgrade, these files exist on the master-pd # After the first boot and on upgrade, these files exist on the master-pd
# and should never be touched again (except perhaps an additional service # and should never be touched again (except perhaps an additional service
# account, see NB below.) # account, see NB below.)
@ -139,16 +153,14 @@ function create-master-auth {
echo "${MASTER_KEY}" | base64 --decode > "${auth_dir}/server.key" echo "${MASTER_KEY}" | base64 --decode > "${auth_dir}/server.key"
fi fi
local -r basic_auth_csv="${auth_dir}/basic_auth.csv" local -r basic_auth_csv="${auth_dir}/basic_auth.csv"
if [[ ! -e "${basic_auth_csv}" && -n "${KUBE_PASSWORD:-}" && -n "${KUBE_USER:-}" ]]; then if [[ -n "${KUBE_PASSWORD:-}" && -n "${KUBE_USER:-}" ]]; then
echo "${KUBE_PASSWORD},${KUBE_USER},admin,system:masters" > "${basic_auth_csv}" replace_prefixed_line "${basic_auth_csv}" "${KUBE_PASSWORD},${KUBE_USER}," "admin,system:masters"
fi fi
local -r known_tokens_csv="${auth_dir}/known_tokens.csv" local -r known_tokens_csv="${auth_dir}/known_tokens.csv"
if [[ ! -e "${known_tokens_csv}" ]]; then replace_prefixed_line "${known_tokens_csv}" "${KUBE_BEARER_TOKEN}" "admin,admin,system:masters"
echo "${KUBE_BEARER_TOKEN},admin,admin,system:masters" > "${known_tokens_csv}" replace_prefixed_line "${known_tokens_csv}" "${KUBE_CONTROLLER_MANAGER_TOKEN}" "system:kube-controller-manager,uid:system:kube-controller-manager"
echo "${KUBE_CONTROLLER_MANAGER_TOKEN},system:kube-controller-manager,uid:system:kube-controller-manager" >> "${known_tokens_csv}" replace_prefixed_line "${known_tokens_csv}" "${KUBELET_TOKEN}" "system:node:node-name,uid:kubelet,system:nodes"
echo "${KUBELET_TOKEN},system:node:node-name,uid:kubelet,system:nodes" >> "${known_tokens_csv}" replace_prefixed_line "${known_tokens_csv}" "${KUBE_PROXY_TOKEN}" "system:kube-proxy,uid:kube_proxy"
echo "${KUBE_PROXY_TOKEN},system:kube-proxy,uid:kube_proxy" >> "${known_tokens_csv}"
fi
local use_cloud_config="false" local use_cloud_config="false"
cat <<EOF >/etc/gce.conf cat <<EOF >/etc/gce.conf
[global] [global]

28
cluster/gce/gci/configure-helper.sh
View File

@ -190,6 +190,20 @@ function mount-master-pd {
chgrp -R etcd "${mount_point}/var/etcd" chgrp -R etcd "${mount_point}/var/etcd"
} }
# replace_prefixed_line ensures:
# 1. the specified file exists
# 2. existing lines with the specified ${prefix} are removed
# 3. a new line with the specified ${prefix}${suffix} is appended
function replace_prefixed_line {
local -r file="${1:-}"
local -r prefix="${2:-}"
local -r suffix="${3:-}"
touch "${file}"
awk "substr(\$0,0,length(\"${prefix}\")) != \"${prefix}\" { print }" "${file}" > "${file}.filtered" && mv "${file}.filtered" "${file}"
echo "${prefix}${suffix}" >> "${file}"
}
# After the first boot and on upgrade, these files exist on the master-pd # After the first boot and on upgrade, these files exist on the master-pd
# and should never be touched again (except perhaps an additional service # and should never be touched again (except perhaps an additional service
# account, see NB below.) # account, see NB below.)
@ -206,16 +220,14 @@ function create-master-auth {
echo "${KUBEAPISERVER_KEY}" | base64 --decode > "${auth_dir}/kubeapiserver.key" echo "${KUBEAPISERVER_KEY}" | base64 --decode > "${auth_dir}/kubeapiserver.key"
fi fi
local -r basic_auth_csv="${auth_dir}/basic_auth.csv" local -r basic_auth_csv="${auth_dir}/basic_auth.csv"
if [[ ! -e "${basic_auth_csv}" && -n "${KUBE_PASSWORD:-}" && -n "${KUBE_USER:-}" ]]; then if [[ -n "${KUBE_PASSWORD:-}" && -n "${KUBE_USER:-}" ]]; then
echo "${KUBE_PASSWORD},${KUBE_USER},admin,system:masters" > "${basic_auth_csv}" replace_prefixed_line "${basic_auth_csv}" "${KUBE_PASSWORD},${KUBE_USER}," "admin,system:masters"
fi fi
local -r known_tokens_csv="${auth_dir}/known_tokens.csv" local -r known_tokens_csv="${auth_dir}/known_tokens.csv"
if [[ ! -e "${known_tokens_csv}" ]]; then replace_prefixed_line "${known_tokens_csv}" "${KUBE_BEARER_TOKEN}," "admin,admin,system:masters"
echo "${KUBE_BEARER_TOKEN},admin,admin,system:masters" > "${known_tokens_csv}" replace_prefixed_line "${known_tokens_csv}" "${KUBE_CONTROLLER_MANAGER_TOKEN}," "system:kube-controller-manager,uid:system:kube-controller-manager"
echo "${KUBE_CONTROLLER_MANAGER_TOKEN},system:kube-controller-manager,uid:system:kube-controller-manager" >> "${known_tokens_csv}" replace_prefixed_line "${known_tokens_csv}" "${KUBELET_TOKEN}," "system:node:node-name,uid:kubelet,system:nodes"
echo "${KUBELET_TOKEN},system:node:node-name,uid:kubelet,system:nodes" >> "${known_tokens_csv}" replace_prefixed_line "${known_tokens_csv}" "${KUBE_PROXY_TOKEN}," "system:kube-proxy,uid:kube_proxy"
echo "${KUBE_PROXY_TOKEN},system:kube-proxy,uid:kube_proxy" >> "${known_tokens_csv}"
fi
local use_cloud_config="false" local use_cloud_config="false"
cat <<EOF >/etc/gce.conf cat <<EOF >/etc/gce.conf
[global] [global]