github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-22 19:31:44 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #88869 from Jefftree/egress_flag

Browse Source 
[Network Proxy] Allow both grpc and http-connect mode to be toggled in kube-up
This commit is contained in:
Kubernetes Prow Robot 2020-03-05 21:40:05 -08:00 committed by GitHub
commit b9cd76519e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 39 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cluster/gce/config-default.sh
View File

@ -496,3 +496,4 @@ GCE_PRIVATE_CLUSTER_PORTS_PER_VM="${KUBE_GCE_PRIVATE_CLUSTER_PORTS_PER_VM:-}"
# Optional: Create apiserver konnectivity server and agent. # Optional: Create apiserver konnectivity server and agent.
ENABLE_EGRESS_VIA_KONNECTIVITY_SERVICE="${KUBE_ENABLE_EGRESS_VIA_KONNECTIVITY_SERVICE:-false}" ENABLE_EGRESS_VIA_KONNECTIVITY_SERVICE="${KUBE_ENABLE_EGRESS_VIA_KONNECTIVITY_SERVICE:-false}"
KONNECTIVITY_SERVICE_PROXY_PROTOCOL_MODE="${KUBE_KONNECTIVITY_SERVICE_PROXY_PROTOCOL_MODE:-grpc}"

35
cluster/gce/gci/configure-helper.sh
View File

@ -806,7 +806,8 @@ contexts:
EOF EOF
fi fi
if [[ "${ENABLE_EGRESS_VIA_KONNECTIVITY_SERVICE:-false}" == "true" ]]; then if [[ "${ENABLE_EGRESS_VIA_KONNECTIVITY_SERVICE:-false}" == "true" ]]; then
cat <<EOF >/etc/srv/kubernetes/egress_selector_configuration.yaml if [[ "${KONNECTIVITY_SERVICE_PROXY_PROTOCOL_MODE:-grpc}" == 'grpc' ]]; then
cat <<EOF >/etc/srv/kubernetes/egress_selector_configuration.yaml
apiVersion: apiserver.k8s.io/v1alpha1 apiVersion: apiserver.k8s.io/v1alpha1
kind: EgressSelectorConfiguration kind: EgressSelectorConfiguration
egressSelections: egressSelections:
@ -823,6 +824,28 @@ egressSelections:
connection: connection:
proxyProtocol: Direct proxyProtocol: Direct
EOF EOF
elif [[ "${KONNECTIVITY_SERVICE_PROXY_PROTOCOL_MODE:-grpc}" == 'http-connect' ]]; then
cat <<EOF >/etc/srv/kubernetes/egress_selector_configuration.yaml
apiVersion: apiserver.k8s.io/v1alpha1
kind: EgressSelectorConfiguration
egressSelections:
- name: cluster
connection:
proxyProtocol: HTTPConnect
transport:
uds:
udsName: /etc/srv/kubernetes/konnectivity-server/konnectivity-server.socket
- name: master
connection:
proxyProtocol: Direct
- name: etcd
connection:
proxyProtocol: Direct
EOF
else
echo "KONNECTIVITY_SERVICE_PROXY_PROTOCOL_MODE must be set to either grpc or http-connect"
exit 1
fi
fi fi
if [[ -n "${WEBHOOK_GKE_EXEC_AUTH:-}" ]]; then if [[ -n "${WEBHOOK_GKE_EXEC_AUTH:-}" ]]; then
@ -1660,7 +1683,15 @@ function prepare-konnectivity-server-manifest {
params+=("--uds-name=/etc/srv/kubernetes/konnectivity-server/konnectivity-server.socket") params+=("--uds-name=/etc/srv/kubernetes/konnectivity-server/konnectivity-server.socket")
params+=("--cluster-cert=/etc/srv/kubernetes/pki/apiserver.crt") params+=("--cluster-cert=/etc/srv/kubernetes/pki/apiserver.crt")
params+=("--cluster-key=/etc/srv/kubernetes/pki/apiserver.key") params+=("--cluster-key=/etc/srv/kubernetes/pki/apiserver.key")
params+=("--mode=grpc") if [[ "${KONNECTIVITY_SERVICE_PROXY_PROTOCOL_MODE:-grpc}" == 'grpc' ]]; then
params+=("--mode=grpc")
elif [[ "${KONNECTIVITY_SERVICE_PROXY_PROTOCOL_MODE:-grpc}" == 'http-connect' ]]; then
params+=("--mode=http-connect")
else
echo "KONNECTIVITY_SERVICE_PROXY_PROTOCOL_MODE must be set to either grpc or http-connect"
exit 1
fi
params+=("--server-port=0") params+=("--server-port=0")
params+=("--agent-port=$1") params+=("--agent-port=$1")
params+=("--admin-port=$2") params+=("--admin-port=$2")

5
cluster/gce/util.sh
View File

@ -1522,6 +1522,11 @@ EOF
if [[ "${ENABLE_EGRESS_VIA_KONNECTIVITY_SERVICE:-false}" == "true" ]]; then if [[ "${ENABLE_EGRESS_VIA_KONNECTIVITY_SERVICE:-false}" == "true" ]]; then
cat >>$file <<EOF cat >>$file <<EOF
ENABLE_EGRESS_VIA_KONNECTIVITY_SERVICE: $(yaml-quote ${ENABLE_EGRESS_VIA_KONNECTIVITY_SERVICE}) ENABLE_EGRESS_VIA_KONNECTIVITY_SERVICE: $(yaml-quote ${ENABLE_EGRESS_VIA_KONNECTIVITY_SERVICE})
EOF
fi
if [[ -n "${KONNECTIVITY_SERVICE_PROXY_PROTOCOL_MODE:-}" ]]; then
cat >>$file <<EOF
KONNECTIVITY_SERVICE_PROXY_PROTOCOL_MODE: $(yaml-quote ${KONNECTIVITY_SERVICE_PROXY_PROTOCOL_MODE})
EOF EOF
fi fi
} }