Updating the federation cluster controller to use secretRef to contact the server

2026-01-05 23:47:50 +00:00 · 2016-05-23 20:20:27 -07:00
parent 236eb42664
commit 9b604242c6
4 changed files with 87 additions and 14 deletions
--- a/federation/pkg/federation-controller/cluster/cluster_client.go
+++ b/federation/pkg/federation-controller/cluster/cluster_client.go
@@ -17,7 +17,9 @@ limitations under the License.
 package cluster

 import (
+	"fmt"
 	"net"
+	"os"
 	"strings"

 	federation_v1alpha1 "k8s.io/kubernetes/federation/apis/federation/v1alpha1"
@@ -25,14 +27,17 @@ import (
 	"k8s.io/kubernetes/pkg/api/v1"
 	"k8s.io/kubernetes/pkg/client/restclient"
 	"k8s.io/kubernetes/pkg/client/typed/discovery"
+	client "k8s.io/kubernetes/pkg/client/unversioned"
 	"k8s.io/kubernetes/pkg/client/unversioned/clientcmd"
+	clientcmdapi "k8s.io/kubernetes/pkg/client/unversioned/clientcmd/api"
 	utilnet "k8s.io/kubernetes/pkg/util/net"
 )

 const (
-	UserAgentName = "Cluster-Controller"
-	KubeAPIQPS    = 20.0
-	KubeAPIBurst  = 30
+	UserAgentName           = "Cluster-Controller"
+	KubeAPIQPS              = 20.0
+	KubeAPIBurst            = 30
+	KubeconfigSecretDataKey = "kubeconfig"
 )

 type ClusterClient struct {
@@ -59,7 +64,29 @@ func NewClusterClientSet(c *federation_v1alpha1.Cluster) (*ClusterClient, error)
 	}
 	var clusterClientSet = ClusterClient{}
 	if serverAddress != "" {
-		clusterConfig, err := clientcmd.BuildConfigFromFlags(serverAddress, "")
+		// Get a client to talk to the k8s apiserver, to fetch secrets from it.
+		client, err := client.NewInCluster()
+		if err != nil {
+			return nil, fmt.Errorf("error in creating in-cluster client: %s", err)
+		}
+		kubeconfigGetter := func() (*clientcmdapi.Config, error) {
+			// Get the namespace this is running in from the env variable.
+			namespace := os.Getenv("POD_NAMESPACE")
+			if namespace == "" {
+				return nil, fmt.Errorf("unexpected: POD_NAMESPACE env var returned empty string")
+			}
+			secret, err := client.Secrets(namespace).Get(c.Spec.SecretRef.Name)
+			if err != nil {
+				return nil, fmt.Errorf("error in fetching secret: %s", err)
+			}
+			data, ok := secret.Data[KubeconfigSecretDataKey]
+			if !ok {
+				return nil, fmt.Errorf("secret does not have data with key: %s", KubeconfigSecretDataKey)
+			}
+			return clientcmd.Load(data)
+		}
+
+		clusterConfig, err := clientcmd.BuildConfigFromKubeconfigGetter(serverAddress, kubeconfigGetter)
 		if err != nil {
 			return nil, err
 		}