github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-09-05 11:12:03 +00:00
Code Issues Projects Releases Wiki Activity

Don't print Kubernetes username/password to console.

Browse Source 
It is too easy to copy/paste this on-line.

Fixes #1483
This commit is contained in:
Joe Beda
2014-09-29 13:11:31 -07:00
parent 648a400e36
commit c323179d9b
6 changed files with 65 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
cluster/azure/util.sh
View File

@@ -65,7 +65,6 @@ function kube-up {
trap "rm -rf ${KUBE_TEMP}" EXIT trap "rm -rf ${KUBE_TEMP}" EXIT
get-password get-password
echo "Using password: $user:$passwd"
python $SCRIPT_DIR/../third_party/htpasswd/htpasswd.py -b -c \ python $SCRIPT_DIR/../third_party/htpasswd/htpasswd.py -b -c \
${KUBE_TEMP}/htpasswd $user $passwd ${KUBE_TEMP}/htpasswd $user $passwd
HTPASSWD=$(cat ${KUBE_TEMP}/htpasswd) HTPASSWD=$(cat ${KUBE_TEMP}/htpasswd)
@@ -202,12 +201,15 @@ function kube-up {
done done
echo echo
echo "Kubernetes cluster is running. Access the master at:" echo "Kubernetes cluster is running. The master is running at:"
echo echo
echo " https://${user}:${passwd}@$AZ_CS.cloudapp.net" echo " https://$AZ_CS.cloudapp.net"
echo
echo "The user name and password to use is located in ~/.kubernetes_auth."
echo echo
echo "Security note: The server above uses a self signed certificate. This is" echo "Security note: The server above uses a self signed certificate. This is"
echo " subject to \"Man in the middle\" type attacks." echo " subject to \"Man in the middle\" type attacks."
echo
} }
# Delete a kubernetes cluster # Delete a kubernetes cluster
@@ -241,11 +243,15 @@ function kube-down {
# get-password # get-password
# echo "Kubernetes cluster is updated. Access the master at:" # echo "Kubernetes cluster is updated. The master is running at:"
# echo # echo
# echo " https://${user}:${passwd}@${KUBE_MASTER_IP}" # echo " https://${KUBE_MASTER_IP}"
# echo
# echo "The user name and password to use is located in ~/.kubernetes_auth."
# echo
# echo "Security note: The server above uses a self signed certificate. This is"
# echo " subject to \"Man in the middle\" type attacks."
# echo # echo
# } # }
# # Execute prior to running tests to build a release if required for env # # Execute prior to running tests to build a release if required for env

14
cluster/gce/util.sh
View File

@@ -139,7 +139,6 @@ function kube-up {
trap 'rm -rf "${KUBE_TEMP}"' EXIT trap 'rm -rf "${KUBE_TEMP}"' EXIT
get-password get-password
echo "Using password: $user:$passwd"
python "${base_dir}/third_party/htpasswd/htpasswd.py" -b \ python "${base_dir}/third_party/htpasswd/htpasswd.py" -b \
-c "${KUBE_TEMP}/htpasswd" $user $passwd -c "${KUBE_TEMP}/htpasswd" $user $passwd
HTPASSWD=$(cat "${KUBE_TEMP}/htpasswd") HTPASSWD=$(cat "${KUBE_TEMP}/htpasswd")
@@ -273,9 +272,11 @@ function kube-up {
done done
echo echo
echo "Kubernetes cluster is running. Access the master at:" echo "Kubernetes cluster is running. The master is running at:"
echo echo
echo " https://${user}:${passwd}@${KUBE_MASTER_IP}" echo " https://${KUBE_MASTER_IP}"
echo
echo "The user name and password to use is located in ~/.kubernetes_auth."
echo echo
kube_cert=".kubecfg.crt" kube_cert=".kubecfg.crt"
@@ -367,9 +368,12 @@ function kube-push {
get-password get-password
echo "Kubernetes cluster is updated. Access the master at:"
echo echo
echo " https://${user}:${passwd}@${KUBE_MASTER_IP}" echo "Kubernetes cluster is running. The master is running at:"
echo
echo " https://${KUBE_MASTER_IP}"
echo
echo "The user name and password to use is located in ~/.kubernetes_auth."
echo echo
} }

48
cluster/rackspace/util.sh
View File

@@ -86,7 +86,7 @@ rax-boot-master() {
--file /root/masterStart.sh=${KUBE_TEMP}/masterStart.sh \ --file /root/masterStart.sh=${KUBE_TEMP}/masterStart.sh \
--nic net-id=${NETWORK_UUID} \ --nic net-id=${NETWORK_UUID} \
${MASTER_NAME}" ${MASTER_NAME}"
echo "cluster/rackspace/util.sh: Booting ${MASTER_NAME} with following command:" echo "cluster/rackspace/util.sh: Booting ${MASTER_NAME} with following command:"
echo -e "\t$MASTER_BOOT_CMD" echo -e "\t$MASTER_BOOT_CMD"
$MASTER_BOOT_CMD $MASTER_BOOT_CMD
@@ -96,7 +96,7 @@ rax-boot-minions() {
cp $(dirname $0)/cloud-config/minion-cloud-config.yaml \ cp $(dirname $0)/cloud-config/minion-cloud-config.yaml \
${KUBE_TEMP}/minion-cloud-config.yaml ${KUBE_TEMP}/minion-cloud-config.yaml
for (( i=0; i<${#MINION_NAMES[@]}; i++)); do for (( i=0; i<${#MINION_NAMES[@]}; i++)); do
( (
@@ -106,7 +106,7 @@ rax-boot-minions() {
echo "NUM_MINIONS=${RAX_NUM_MINIONS}" echo "NUM_MINIONS=${RAX_NUM_MINIONS}"
grep -v "^#" $(dirname $0)/templates/salt-minion.sh grep -v "^#" $(dirname $0)/templates/salt-minion.sh
) > ${KUBE_TEMP}/minionStart${i}.sh ) > ${KUBE_TEMP}/minionStart${i}.sh
MINION_BOOT_CMD="nova boot \ MINION_BOOT_CMD="nova boot \
--key-name ${SSH_KEY_NAME} \ --key-name ${SSH_KEY_NAME} \
--flavor ${KUBE_MINION_FLAVOR} \ --flavor ${KUBE_MINION_FLAVOR} \
@@ -117,7 +117,7 @@ rax-boot-minions() {
--nic net-id=${NETWORK_UUID} \ --nic net-id=${NETWORK_UUID} \
--file=/root/minionStart.sh=${KUBE_TEMP}/minionStart${i}.sh \ --file=/root/minionStart.sh=${KUBE_TEMP}/minionStart${i}.sh \
${MINION_NAMES[$i]}" ${MINION_NAMES[$i]}"
echo "cluster/rackspace/util.sh: Booting ${MINION_NAMES[$i]} with following command:" echo "cluster/rackspace/util.sh: Booting ${MINION_NAMES[$i]} with following command:"
echo -e "\t$MINION_BOOT_CMD" echo -e "\t$MINION_BOOT_CMD"
$MINION_BOOT_CMD $MINION_BOOT_CMD
@@ -128,10 +128,10 @@ rax-nova-network() {
if ! $(nova network-list | grep $NOVA_NETWORK_LABEL > /dev/null 2>&1); then if ! $(nova network-list | grep $NOVA_NETWORK_LABEL > /dev/null 2>&1); then
SAFE_CIDR=$(echo $NOVA_NETWORK_CIDR | tr -d '\\') SAFE_CIDR=$(echo $NOVA_NETWORK_CIDR | tr -d '\\')
NETWORK_CREATE_CMD="nova network-create $NOVA_NETWORK_LABEL $SAFE_CIDR" NETWORK_CREATE_CMD="nova network-create $NOVA_NETWORK_LABEL $SAFE_CIDR"
echo "cluster/rackspace/util.sh: Creating cloud network with following command:" echo "cluster/rackspace/util.sh: Creating cloud network with following command:"
echo -e "\t${NETWORK_CREATE_CMD}" echo -e "\t${NETWORK_CREATE_CMD}"
$NETWORK_CREATE_CMD $NETWORK_CREATE_CMD
else else
echo "cluster/rackspace/util.sh: Using existing cloud network $NOVA_NETWORK_LABEL" echo "cluster/rackspace/util.sh: Using existing cloud network $NOVA_NETWORK_LABEL"
@@ -167,42 +167,41 @@ detect-master-nova-net() {
} }
kube-up() { kube-up() {
SCRIPT_DIR=$(CDPATH="" cd $(dirname $0); pwd) SCRIPT_DIR=$(CDPATH="" cd $(dirname $0); pwd)
source $(dirname $0)/../gce/util.sh source $(dirname $0)/../gce/util.sh
source $(dirname $0)/util.sh source $(dirname $0)/util.sh
source $(dirname $0)/../../release/rackspace/config.sh source $(dirname $0)/../../release/rackspace/config.sh
# Find the release to use. Generally it will be passed when doing a 'prod' # Find the release to use. Generally it will be passed when doing a 'prod'
# install and will default to the release/config.sh version when doing a # install and will default to the release/config.sh version when doing a
# developer up. # developer up.
find-object-url $CONTAINER output/release/$TAR_FILE find-object-url $CONTAINER output/release/$TAR_FILE
# Create a temp directory to hold scripts that will be uploaded to master/minions # Create a temp directory to hold scripts that will be uploaded to master/minions
KUBE_TEMP=$(mktemp -d -t kubernetes.XXXXXX) KUBE_TEMP=$(mktemp -d -t kubernetes.XXXXXX)
trap "rm -rf ${KUBE_TEMP}" EXIT trap "rm -rf ${KUBE_TEMP}" EXIT
get-password get-password
echo "cluster/rackspace/util.sh: Using password: $user:$passwd"
python $(dirname $0)/../../third_party/htpasswd/htpasswd.py -b -c ${KUBE_TEMP}/htpasswd $user $passwd python $(dirname $0)/../../third_party/htpasswd/htpasswd.py -b -c ${KUBE_TEMP}/htpasswd $user $passwd
HTPASSWD=$(cat ${KUBE_TEMP}/htpasswd) HTPASSWD=$(cat ${KUBE_TEMP}/htpasswd)
rax-nova-network rax-nova-network
NETWORK_UUID=$(nova network-list | grep -i ${NOVA_NETWORK_LABEL} | awk '{print $2}') NETWORK_UUID=$(nova network-list | grep -i ${NOVA_NETWORK_LABEL} | awk '{print $2}')
# create and upload ssh key if necessary # create and upload ssh key if necessary
rax-ssh-key rax-ssh-key
echo "cluster/rackspace/util.sh: Starting Cloud Servers" echo "cluster/rackspace/util.sh: Starting Cloud Servers"
rax-boot-master rax-boot-master
# a bit of a hack to wait until master is has an IP from the extra network # a bit of a hack to wait until master is has an IP from the extra network
echo "cluster/rackspace/util.sh: sleeping 35 seconds" echo "cluster/rackspace/util.sh: sleeping 35 seconds"
sleep 35 sleep 35
detect-master-nova-net $NOVA_NETWORK_LABEL detect-master-nova-net $NOVA_NETWORK_LABEL
rax-boot-minions rax-boot-minions
FAIL=0 FAIL=0
for job in `jobs -p` for job in `jobs -p`
do do
@@ -221,19 +220,19 @@ kube-up() {
echo " This might loop forever if there was some uncaught error during start" echo " This might loop forever if there was some uncaught error during start"
echo " up." echo " up."
echo echo
#This will fail until apiserver salt is updated #This will fail until apiserver salt is updated
until $(curl --insecure --user ${user}:${passwd} --max-time 5 \ until $(curl --insecure --user ${user}:${passwd} --max-time 5 \
--fail --output /dev/null --silent https://${KUBE_MASTER_IP}/api/v1beta1/pods); do --fail --output /dev/null --silent https://${KUBE_MASTER_IP}/api/v1beta1/pods); do
printf "." printf "."
sleep 2 sleep 2
done done
echo "Kubernetes cluster created." echo "Kubernetes cluster created."
echo "Sanity checking cluster..." echo "Sanity checking cluster..."
sleep 5 sleep 5
# Don't bail on errors, we want to be able to print some info. # Don't bail on errors, we want to be able to print some info.
set +e set +e
sleep 45 sleep 45
@@ -242,10 +241,13 @@ kube-up() {
echo "All minions may not be online yet, this is okay." echo "All minions may not be online yet, this is okay."
echo echo
echo "Kubernetes cluster is running. Access the master at:" echo "Kubernetes cluster is running. The master is running at:"
echo echo
echo " https://${user}:${passwd}@${KUBE_MASTER_IP}" echo " https://${KUBE_MASTER_IP}"
echo
echo "The user name and password to use is located in ~/.kubernetes_auth."
echo echo
echo "Security note: The server above uses a self signed certificate. This is" echo "Security note: The server above uses a self signed certificate. This is"
echo " subject to \"Man in the middle\" type attacks." echo " subject to \"Man in the middle\" type attacks."
echo
} }

5
cluster/vagrant/provision-master.sh
View File

@@ -22,11 +22,11 @@ source $(dirname $0)/provision-config.sh
minion_ip_array=(${MINION_IPS//,/ }) minion_ip_array=(${MINION_IPS//,/ })
for (( i=0; i<${#MINION_NAMES[@]}; i++)); do for (( i=0; i<${#MINION_NAMES[@]}; i++)); do
minion=${MINION_NAMES[$i]} minion=${MINION_NAMES[$i]}
ip=${minion_ip_array[$i]} ip=${minion_ip_array[$i]}
if [ ! "$(cat /etc/hosts | grep $minion)" ]; then if [ ! "$(cat /etc/hosts | grep $minion)" ]; then
echo "Adding $minion to hosts file" echo "Adding $minion to hosts file"
echo "$ip $minion" >> /etc/hosts echo "$ip $minion" >> /etc/hosts
fi fi
done done
# Update salt configuration # Update salt configuration
@@ -68,7 +68,6 @@ EOF
# Configure nginx authorization # Configure nginx authorization
mkdir -p $KUBE_TEMP mkdir -p $KUBE_TEMP
mkdir -p /srv/salt/nginx mkdir -p /srv/salt/nginx
echo "Using password: $MASTER_USER:$MASTER_PASSWD"
python $(dirname $0)/../../third_party/htpasswd/htpasswd.py -b -c ${KUBE_TEMP}/htpasswd $MASTER_USER $MASTER_PASSWD python $(dirname $0)/../../third_party/htpasswd/htpasswd.py -b -c ${KUBE_TEMP}/htpasswd $MASTER_USER $MASTER_PASSWD
MASTER_HTPASSWD=$(cat ${KUBE_TEMP}/htpasswd) MASTER_HTPASSWD=$(cat ${KUBE_TEMP}/htpasswd)
echo $MASTER_HTPASSWD > /srv/salt/nginx/htpasswd echo $MASTER_HTPASSWD > /srv/salt/nginx/htpasswd

13
cluster/vagrant/util.sh
View File

@@ -39,7 +39,7 @@ function verify-prereqs {
} }
# Instantiate a kubernetes cluster # Instantiate a kubernetes cluster
function kube-up { function kube-up {
get-password get-password
vagrant up vagrant up
@@ -74,7 +74,7 @@ function kube-up {
done done
done done
done done
echo echo
echo "Waiting for each minion to be registered with cloud provider" echo "Waiting for each minion to be registered with cloud provider"
for (( i=0; i<${#MINION_NAMES[@]}; i++)); do for (( i=0; i<${#MINION_NAMES[@]}; i++)); do
@@ -85,13 +85,16 @@ function kube-up {
COUNT=$(grep -c ${MINION_NAMES[i]} /tmp/minions) || { printf "."; sleep 2; COUNT="0"; } COUNT=$(grep -c ${MINION_NAMES[i]} /tmp/minions) || { printf "."; sleep 2; COUNT="0"; }
done done
done done
echo echo
echo "Kubernetes cluster created." echo "Kubernetes cluster created."
echo echo
echo "Kubernetes cluster is running. Access the master at:" echo "Kubernetes cluster is running. The master is running at:"
echo
echo " https://${KUBE_MASTER_IP}"
echo
echo "The user name and password to use is located in ~/.kubernetes_auth."
echo echo
echo " https://${user}:${passwd}@${KUBE_MASTER_IP}"
} }
# Delete a kubernetes cluster # Delete a kubernetes cluster

15
cluster/vsphere/util.sh
View File

@@ -101,8 +101,6 @@ function kube-up {
trap "rm -rf ${KUBE_TEMP}" EXIT trap "rm -rf ${KUBE_TEMP}" EXIT
get-password get-password
echo "Using password: $user:$passwd"
echo
python $(dirname $0)/../third_party/htpasswd/htpasswd.py -b -c ${KUBE_TEMP}/htpasswd $user $passwd python $(dirname $0)/../third_party/htpasswd/htpasswd.py -b -c ${KUBE_TEMP}/htpasswd $user $passwd
HTPASSWD=$(cat ${KUBE_TEMP}/htpasswd) HTPASSWD=$(cat ${KUBE_TEMP}/htpasswd)
@@ -220,9 +218,11 @@ function kube-up {
done done
echo echo
echo "Kubernetes cluster is running. Access the master at:" echo "Kubernetes cluster is running. The master is running at:"
echo echo
echo " https://${user}:${passwd}@${KUBE_MASTER_IP}" echo " https://${KUBE_MASTER_IP}"
echo
echo "The user name and password to use is located in ~/.kubernetes_auth."
echo echo
echo "Security note: The server above uses a self signed certificate." echo "Security note: The server above uses a self signed certificate."
echo "This is subject to \"Man in the middle\" type attacks." echo "This is subject to \"Man in the middle\" type attacks."
@@ -260,9 +260,12 @@ function kube-push {
get-password get-password
echo "Kubernetes cluster is updated. Access the master at:"
echo echo
echo " https://${user}:${passwd}@${KUBE_MASTER_IP}" echo "Kubernetes cluster is updated. The master is running at:"
echo
echo " https://${KUBE_MASTER_IP}"
echo
echo "The user name and password to use is located in ~/.kubernetes_auth."
echo echo
} }