diff --git a/test/kubemark/resources/heapster_template.json b/test/kubemark/resources/heapster_template.json index 17d3d2ee731..f1021cea080 100644 --- a/test/kubemark/resources/heapster_template.json +++ b/test/kubemark/resources/heapster_template.json @@ -44,7 +44,7 @@ "/heapster" ], "args": [ - "--source=kubernetes:https://{{MASTER_IP}}:443?inClusterConfig=0&useServiceAccount=0&auth=/kubeconfig/kubelet.kubeconfig" + "--source=kubernetes:https://{{MASTER_IP}}:443?inClusterConfig=0&useServiceAccount=0&auth=/kubeconfig/heapster.kubeconfig" ], "volumeMounts": [ { @@ -66,7 +66,7 @@ "/eventer" ], "args": [ - "--source=kubernetes:https://104.197.233.84:443?inClusterConfig=0&useServiceAccount=0&auth=/kubeconfig/kubelet.kubeconfig" + "--source=kubernetes:https://104.197.233.84:443?inClusterConfig=0&useServiceAccount=0&auth=/kubeconfig/heapster.kubeconfig" ], "volumeMounts": [ { diff --git a/test/kubemark/resources/manifests/addons/kubemark-rbac-bindings/heapster-binding.yaml b/test/kubemark/resources/manifests/addons/kubemark-rbac-bindings/heapster-binding.yaml new file mode 100644 index 00000000000..179b2402939 --- /dev/null +++ b/test/kubemark/resources/manifests/addons/kubemark-rbac-bindings/heapster-binding.yaml @@ -0,0 +1,15 @@ +# This is the role binding for the kubemark heapster. +apiVersion: rbac.authorization.k8s.io/v1alpha1 +kind: ClusterRoleBinding +metadata: + name: heapster-view-binding + labels: + kubernetes.io/cluster-service: "true" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:heapster +subjects: +- apiVersion: rbac/v1alpha1 + kind: User + name: system:heapster diff --git a/test/kubemark/start-kubemark.sh b/test/kubemark/start-kubemark.sh index f34b19a86a4..9da7e20d495 100755 --- a/test/kubemark/start-kubemark.sh +++ b/test/kubemark/start-kubemark.sh @@ -133,6 +133,7 @@ gen-kube-bearertoken create-certs ${MASTER_IP} KUBELET_TOKEN=$(dd if=/dev/urandom bs=128 count=1 2>/dev/null | base64 | tr -d "=+/" | dd bs=32 count=1 2>/dev/null) KUBE_PROXY_TOKEN=$(dd if=/dev/urandom bs=128 count=1 2>/dev/null | base64 | tr -d "=+/" | dd bs=32 count=1 2>/dev/null) +HEAPSTER_TOKEN=$(dd if=/dev/urandom bs=128 count=1 2>/dev/null | base64 | tr -d "=+/" | dd bs=32 count=1 2>/dev/null) echo "${CA_CERT_BASE64}" | base64 --decode > "${RESOURCE_DIRECTORY}/ca.crt" echo "${KUBECFG_CERT_BASE64}" | base64 --decode > "${RESOURCE_DIRECTORY}/kubecfg.crt" @@ -154,6 +155,7 @@ run-gcloud-compute-with-retries ssh --zone="${ZONE}" --project="${PROJECT}" "${M sudo bash -c \"echo \"${KUBE_BEARER_TOKEN},admin,admin\" > /etc/srv/kubernetes/known_tokens.csv\" && \ sudo bash -c \"echo \"${KUBELET_TOKEN},system:node:node-name,uid:kubelet,system:nodes\" >> /etc/srv/kubernetes/known_tokens.csv\" && \ sudo bash -c \"echo \"${KUBE_PROXY_TOKEN},system:kube-proxy,uid:kube_proxy\" >> /etc/srv/kubernetes/known_tokens.csv\" && \ + sudo bash -c \"echo \"${HEAPSTER_TOKEN},system:heapster,uid:heapster\" >> /etc/srv/kubernetes/known_tokens.csv\" && \ sudo bash -c \"echo ${password},admin,admin > /etc/srv/kubernetes/basic_auth.csv\"" run-gcloud-compute-with-retries copy-files --zone="${ZONE}" --project="${PROJECT}" \ @@ -214,6 +216,25 @@ contexts: name: kubemark-context current-context: kubemark-context" | base64 | tr -d "\n\r") +# Create kubeconfig for Heapster. +HEAPSTER_KUBECONFIG_CONTENTS=$(echo "apiVersion: v1 +kind: Config +users: +- name: heapster + user: + token: ${HEAPSTER_TOKEN} +clusters: +- name: kubemark + cluster: + insecure-skip-tls-verify: true + server: https://${MASTER_IP} +contexts: +- context: + cluster: kubemark + user: heapster + name: kubemark-context +current-context: kubemark-context" | base64 | tr -d "\n\r") + KUBECONFIG_SECRET="${RESOURCE_DIRECTORY}/kubeconfig_secret.json" cat > "${KUBECONFIG_SECRET}" << EOF { @@ -225,7 +246,8 @@ cat > "${KUBECONFIG_SECRET}" << EOF "type": "Opaque", "data": { "kubelet.kubeconfig": "${KUBELET_KUBECONFIG_CONTENTS}", - "kubeproxy.kubeconfig": "${KUBEPROXY_KUBECONFIG_CONTENTS}" + "kubeproxy.kubeconfig": "${KUBEPROXY_KUBECONFIG_CONTENTS}", + "heapster.kubeconfig": "${HEAPSTER_KUBECONFIG_CONTENTS}" } } EOF