From 8c1971e17cc0ccca4a488ff622ee83d69f3786ed Mon Sep 17 00:00:00 2001 From: Jian Zeng Date: Fri, 25 Dec 2020 01:30:26 +0800 Subject: [PATCH] chore(gce): pass auth flags to KCM and KS Pass flags `--authentication-kubeconfig` and `--authorization-kubeconfig` to controller-manager and scheduler, so that we could grab metrics from their secure ports in tests. --- cluster/gce/gci/configure-helper.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/cluster/gce/gci/configure-helper.sh b/cluster/gce/gci/configure-helper.sh index 4544a57bac2..68d6dd2138a 100644 --- a/cluster/gce/gci/configure-helper.sh +++ b/cluster/gce/gci/configure-helper.sh @@ -1990,9 +1990,10 @@ function start-kube-controller-manager { prepare-log-file /var/log/kube-controller-manager.log # Calculate variables and assemble the command line. local params=("${CONTROLLER_MANAGER_TEST_LOG_LEVEL:-"--v=2"}" "${CONTROLLER_MANAGER_TEST_ARGS:-}" "${CLOUD_CONFIG_OPT}") + local config_path='/etc/srv/kubernetes/kube-controller-manager/kubeconfig' params+=("--use-service-account-credentials") params+=("--cloud-provider=gce") - params+=("--kubeconfig=/etc/srv/kubernetes/kube-controller-manager/kubeconfig") + params+=("--kubeconfig=${config_path}" "--authentication-kubeconfig=${config_path}" "--authorization-kubeconfig=${config_path}") params+=("--root-ca-file=${CA_CERT_BUNDLE_PATH}") params+=("--service-account-private-key-file=${SERVICEACCOUNT_KEY_PATH}") if [[ -n "${ENABLE_GARBAGE_COLLECTOR:-}" ]]; then @@ -2124,6 +2125,10 @@ function start-kube-scheduler { fi fi + local config_path + config_path='/etc/srv/kubernetes/kube-scheduler/kubeconfig' + params+=("--authentication-kubeconfig=${config_path}" "--authorization-kubeconfig=${config_path}") + local paramstring paramstring="$(convert-manifest-params "${params[*]}")" local -r kube_scheduler_docker_tag=$(cat "${KUBE_HOME}/kube-docker-files/kube-scheduler.docker_tag")