github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-27 21:47:07 +00:00
Code Issues Projects Releases Wiki Activity

Updating federation-controller-manager to use secret to get federation-apiserver's kubeconfig

Browse Source
This commit is contained in:
nikhiljindal 2016-06-03 15:06:05 -07:00
parent 421c12e69e
commit 98c9fbb529
2 changed files with 23 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
federation/cmd/federation-controller-manager/app/controllermanager.go
View File

@ -44,6 +44,11 @@ import (
"github.com/spf13/pflag" "github.com/spf13/pflag"
) )
const (
// "federation-apiserver-secret" is a reserved secret name which stores the kubeconfig for federation-apiserver.
FederationAPIServerSecretName = "federation-apiserver-secret"
)
// NewControllerManagerCommand creates a *cobra.Command object with default parameters // NewControllerManagerCommand creates a *cobra.Command object with default parameters
func NewControllerManagerCommand() *cobra.Command { func NewControllerManagerCommand() *cobra.Command {
s := options.NewCMServer() s := options.NewCMServer()
@ -71,7 +76,9 @@ func Run(s *options.CMServer) error {
} else { } else {
glog.Errorf("unable to register configz: %s", err) glog.Errorf("unable to register configz: %s", err)
} }
restClientCfg, err := clientcmd.BuildConfigFromFlags(s.Master, s.Kubeconfig) // Create the config to talk to federation-apiserver.
kubeconfigGetter := clustercontroller.KubeconfigGetterForSecret(FederationAPIServerSecretName)
restClientCfg, err := clientcmd.BuildConfigFromKubeconfigGetter(s.Master, kubeconfigGetter)
if err != nil { if err != nil {
return err return err
} }

19
federation/pkg/federation-controller/cluster/cluster_client.go
View File

@ -47,6 +47,19 @@ const (
// This is to inject a different kubeconfigGetter in tests. // This is to inject a different kubeconfigGetter in tests.
// We dont use the standard one which calls NewInCluster in tests to avoid having to setup service accounts and mount files with secret tokens. // We dont use the standard one which calls NewInCluster in tests to avoid having to setup service accounts and mount files with secret tokens.
var KubeconfigGetterForCluster = func(c *federation_v1alpha1.Cluster) clientcmd.KubeconfigGetter { var KubeconfigGetterForCluster = func(c *federation_v1alpha1.Cluster) clientcmd.KubeconfigGetter {
return func() (*clientcmdapi.Config, error) {
secretRefName := ""
if c.Spec.SecretRef != nil {
secretRefName = c.Spec.SecretRef.Name
} else {
glog.Infof("didnt find secretRef for cluster %s. Trying insecure access", c.Name)
}
return KubeconfigGetterForSecret(secretRefName)()
}
}
// KubeconfigGettterForSecret is used to get the kubeconfig from the given secret.
var KubeconfigGetterForSecret = func(secretName string) clientcmd.KubeconfigGetter {
return func() (*clientcmdapi.Config, error) { return func() (*clientcmdapi.Config, error) {
// Get the namespace this is running in from the env variable. // Get the namespace this is running in from the env variable.
namespace := os.Getenv("POD_NAMESPACE") namespace := os.Getenv("POD_NAMESPACE")
@ -59,8 +72,8 @@ var KubeconfigGetterForCluster = func(c *federation_v1alpha1.Cluster) clientcmd.
return nil, fmt.Errorf("error in creating in-cluster client: %s", err) return nil, fmt.Errorf("error in creating in-cluster client: %s", err)
} }
data := []byte{} data := []byte{}
if c.Spec.SecretRef != nil { if secretName != "" {
secret, err := client.Secrets(namespace).Get(c.Spec.SecretRef.Name) secret, err := client.Secrets(namespace).Get(secretName)
if err != nil { if err != nil {
return nil, fmt.Errorf("error in fetching secret: %s", err) return nil, fmt.Errorf("error in fetching secret: %s", err)
} }
@ -69,8 +82,6 @@ var KubeconfigGetterForCluster = func(c *federation_v1alpha1.Cluster) clientcmd.
if !ok { if !ok {
return nil, fmt.Errorf("secret does not have data with key: %s", KubeconfigSecretDataKey) return nil, fmt.Errorf("secret does not have data with key: %s", KubeconfigSecretDataKey)
} }
} else {
glog.Infof("didnt find secretRef for cluster %s. Trying insecure access", c.Name)
} }
return clientcmd.Load(data) return clientcmd.Load(data)
} }