mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-30 23:15:14 +00:00
Merge pull request #10150 from thockin/kube2sky-with-token-fix
Make DNS not need its own token
This commit is contained in:
Robert Bailey
commit
ad12c98e6d
@ -109,7 +109,7 @@ Create a file named busybox.yaml with the
|
||||
following contents:
|
||||
|
||||
```yaml
|
||||
apiVersion: v1beta3
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: busybox
|
||||
|
||||
@ -1,12 +1,20 @@
|
||||
* Fri May 15 2015 Tim Hockin <thockin@google.com>
|
||||
- First Changelog entry
|
||||
- Current version is 1.4
|
||||
## Version 1.10 (Jun 19 2015 Tim Hockin <thockin@google.com>)
|
||||
- Fall back on service account tokens if no other auth is specified.
|
||||
|
||||
|
||||
## Version 1.9 (May 28 2015 Abhishek Shah <abshah@google.com>)
|
||||
- Add SRV support.
|
||||
|
||||
|
||||
## Version 1.8 (May 28 2015 Vishnu Kannan <vishnuk@google.com>)
|
||||
- Avoid making connections to the master insecure by default
|
||||
- Let users override the master URL in kubeconfig via a flag
|
||||
|
||||
|
||||
## Version 1.7 (May 25 2015 Vishnu Kannan <vishnuk@google.com>)
|
||||
- Adding support for headless services. All pods backing a headless service is addressible via DNS RR.
|
||||
- Adding support for headless services. All pods backing a headless service is
|
||||
addressible via DNS RR.
|
||||
|
||||
|
||||
## Version 1.8 (May 18 2015 Vishnu Kannan <vishnuk@google.com>)
|
||||
- Avoid making connections to the master insecure by default
|
||||
- Let users override the master URL in kubeconfig via a flag
|
||||
## Version 1.4 (Fri May 15 2015 Tim Hockin <thockin@google.com>)
|
||||
- First Changelog entry
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
|
||||
.PHONY: all kube2sky container push clean test
|
||||
|
||||
TAG = 1.9
|
||||
TAG = 1.10
|
||||
PREFIX = gcr.io/google_containers
|
||||
|
||||
all: container
|
||||
|
||||
@ -46,10 +46,11 @@ import (
|
||||
)
|
||||
|
||||
var (
|
||||
// TODO: switch to pflag and make - and _ equivalent.
|
||||
argDomain = flag.String("domain", "cluster.local", "domain under which to create names")
|
||||
argEtcdMutationTimeout = flag.Duration("etcd_mutation_timeout", 10*time.Second, "crash after retrying etcd mutation for a specified duration")
|
||||
argEtcdServer = flag.String("etcd-server", "http://127.0.0.1:4001", "URL to etcd server")
|
||||
argKubecfgFile = flag.String("kubecfg_file", "", "Location of kubecfg file for access to kubernetes service")
|
||||
argKubecfgFile = flag.String("kubecfg_file", "", "Location of kubecfg file for access to kubernetes master service; --kube_master_url overrides the URL part of this; if neither this nor --kube_master_url are provided, defaults to service account tokens")
|
||||
argKubeMasterURL = flag.String("kube_master_url", "", "URL to reach kubernetes master. Env variables in this flag will be expanded.")
|
||||
)
|
||||
|
||||
@ -405,7 +406,7 @@ func newEtcdClient(etcdServer string) (*etcd.Client, error) {
|
||||
return client, nil
|
||||
}
|
||||
|
||||
func getKubeMasterURL() (string, error) {
|
||||
func expandKubeMasterURL() (string, error) {
|
||||
parsedURL, err := url.Parse(os.ExpandEnv(*argKubeMasterURL))
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("failed to parse --kube_master_url %s - %v", *argKubeMasterURL, err)
|
||||
@ -423,31 +424,34 @@ func newKubeClient() (*kclient.Client, error) {
|
||||
err error
|
||||
masterURL string
|
||||
)
|
||||
// If the user specified --kube_master_url, expand env vars and verify it.
|
||||
if *argKubeMasterURL != "" {
|
||||
masterURL, err = getKubeMasterURL()
|
||||
masterURL, err = expandKubeMasterURL()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
if *argKubecfgFile == "" {
|
||||
if masterURL == "" {
|
||||
return nil, fmt.Errorf("--kube_master_url must be set when --kubecfg_file is not set")
|
||||
}
|
||||
if masterURL != "" && *argKubecfgFile == "" {
|
||||
// Only --kube_master_url was provided.
|
||||
config = &kclient.Config{
|
||||
Host: masterURL,
|
||||
Version: "v1beta3",
|
||||
Version: "v1",
|
||||
}
|
||||
} else {
|
||||
// We either have:
|
||||
// 1) --kube_master_url and --kubecfg_file
|
||||
// 2) just --kubecfg_file
|
||||
// 3) neither flag
|
||||
// In any case, the logic is the same. If (3), this will automatically
|
||||
// fall back on the service account token.
|
||||
overrides := &kclientcmd.ConfigOverrides{}
|
||||
if masterURL != "" {
|
||||
overrides.ClusterInfo.Server = masterURL
|
||||
}
|
||||
if config, err = kclientcmd.NewNonInteractiveDeferredLoadingClientConfig(
|
||||
&kclientcmd.ClientConfigLoadingRules{ExplicitPath: *argKubecfgFile},
|
||||
overrides).ClientConfig(); err != nil {
|
||||
overrides.ClusterInfo.Server = masterURL // might be "", but that is OK
|
||||
rules := &kclientcmd.ClientConfigLoadingRules{ExplicitPath: *argKubecfgFile} // might be "", but that is OK
|
||||
if config, err = kclientcmd.NewNonInteractiveDeferredLoadingClientConfig(rules, overrides).ClientConfig(); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
|
||||
glog.Infof("Using %s for kubernetes master", config.Host)
|
||||
glog.Infof("Using kubernetes API %s", config.Version)
|
||||
return kclient.New(config)
|
||||
|
||||
@ -1,21 +1,22 @@
|
||||
apiVersion: v1beta3
|
||||
apiVersion: v1
|
||||
kind: ReplicationController
|
||||
metadata:
|
||||
name: kube-dns-v3
|
||||
name: kube-dns-v4
|
||||
namespace: default
|
||||
labels:
|
||||
k8s-app: kube-dns-v3
|
||||
k8s-app: kube-dns
|
||||
version: v4
|
||||
kubernetes.io/cluster-service: "true"
|
||||
spec:
|
||||
replicas: {{ pillar['dns_replicas'] }}
|
||||
selector:
|
||||
k8s-app: kube-dns
|
||||
version: v3
|
||||
version: v4
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
k8s-app: kube-dns
|
||||
version: v3
|
||||
version: v4
|
||||
kubernetes.io/cluster-service: "true"
|
||||
spec:
|
||||
containers:
|
||||
@ -30,15 +31,10 @@ spec:
|
||||
- -initial-cluster-token
|
||||
- skydns-etcd
|
||||
- name: kube2sky
|
||||
image: gcr.io/google_containers/kube2sky:1.9
|
||||
image: gcr.io/google_containers/kube2sky:1.10
|
||||
args:
|
||||
# command = "/kube2sky"
|
||||
- -domain={{ pillar['dns_domain'] }}
|
||||
- -kubecfg_file=/etc/dns_token/kubeconfig
|
||||
volumeMounts:
|
||||
- mountPath: /etc/dns_token
|
||||
name: dns-token
|
||||
readOnly: true
|
||||
- name: skydns
|
||||
image: gcr.io/google_containers/skydns:2015-03-11-001
|
||||
args:
|
||||
@ -58,11 +54,7 @@ spec:
|
||||
command:
|
||||
- /bin/sh
|
||||
- -c
|
||||
- nslookup kubernetes.default.{{ pillar['dns_domain'] }} localhost >/dev/null
|
||||
- nslookup kubernetes.default.svc.{{ pillar['dns_domain'] }} localhost >/dev/null
|
||||
initialDelaySeconds: 30
|
||||
timeoutSeconds: 5
|
||||
dnsPolicy: Default # Don't use cluster DNS.
|
||||
volumes:
|
||||
- name: dns-token
|
||||
secret:
|
||||
secretName: token-system-dns
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
apiVersion: v1beta3
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: kube-dns
|
||||
@ -10,7 +10,7 @@ metadata:
|
||||
spec:
|
||||
selector:
|
||||
k8s-app: kube-dns
|
||||
portalIP: {{ pillar['dns_server'] }}
|
||||
clusterIP: {{ pillar['dns_server'] }}
|
||||
ports:
|
||||
- name: dns
|
||||
port: 53
|
||||
|
||||
Loading…
Reference in New Issue
Block a user