Don't print Kubernetes username/password to console.

It is too easy to copy/paste this on-line. Fixes #1483
2025-09-05 11:12:03 +00:00 · 2014-09-29 13:11:31 -07:00
parent 648a400e36
commit c323179d9b
6 changed files with 65 additions and 48 deletions
--- a/cluster/azure/util.sh
+++ b/cluster/azure/util.sh
@@ -65,7 +65,6 @@ function kube-up {
    trap "rm -rf ${KUBE_TEMP}" EXIT

    get-password
-    echo "Using password: $user:$passwd"
    python $SCRIPT_DIR/../third_party/htpasswd/htpasswd.py -b -c \
        ${KUBE_TEMP}/htpasswd $user $passwd
    HTPASSWD=$(cat ${KUBE_TEMP}/htpasswd)
@@ -202,12 +201,15 @@ function kube-up {
    done

    echo
-    echo "Kubernetes cluster is running.  Access the master at:"
+    echo "Kubernetes cluster is running.  The master is running at:"
    echo
-    echo "  https://${user}:${passwd}@$AZ_CS.cloudapp.net"
+    echo "  https://$AZ_CS.cloudapp.net"
+    echo
+    echo "The user name and password to use is located in ~/.kubernetes_auth."
    echo
    echo "Security note: The server above uses a self signed certificate.  This is"
    echo "    subject to \"Man in the middle\" type attacks."
+    echo
 }

 # Delete a kubernetes cluster
@@ -241,11 +243,15 @@ function kube-down {

 #   get-password

-#   echo "Kubernetes cluster is updated.  Access the master at:"
+#   echo "Kubernetes cluster is updated.  The master is running at:"
 #   echo
-#   echo "  https://${user}:${passwd}@${KUBE_MASTER_IP}"
+#   echo "  https://${KUBE_MASTER_IP}"
+#   echo
+#   echo "The user name and password to use is located in ~/.kubernetes_auth."
+#   echo
+#   echo "Security note: The server above uses a self signed certificate.  This is"
+#   echo "    subject to \"Man in the middle\" type attacks."
 #   echo
-
 # }

 # # Execute prior to running tests to build a release if required for env
--- a/cluster/gce/util.sh
+++ b/cluster/gce/util.sh
@@ -139,7 +139,6 @@ function kube-up {
  trap 'rm -rf "${KUBE_TEMP}"' EXIT

  get-password
-  echo "Using password: $user:$passwd"
  python "${base_dir}/third_party/htpasswd/htpasswd.py" -b \
    -c "${KUBE_TEMP}/htpasswd" $user $passwd
  HTPASSWD=$(cat "${KUBE_TEMP}/htpasswd")
@@ -273,9 +272,11 @@ function kube-up {
  done

  echo
-  echo "Kubernetes cluster is running.  Access the master at:"
+  echo "Kubernetes cluster is running.  The master is running at:"
  echo
-  echo "  https://${user}:${passwd}@${KUBE_MASTER_IP}"
+  echo "  https://${KUBE_MASTER_IP}"
+  echo
+  echo "The user name and password to use is located in ~/.kubernetes_auth."
  echo

  kube_cert=".kubecfg.crt"
@@ -367,9 +368,12 @@ function kube-push {

  get-password

-  echo "Kubernetes cluster is updated.  Access the master at:"
  echo
-  echo "  https://${user}:${passwd}@${KUBE_MASTER_IP}"
+  echo "Kubernetes cluster is running.  The master is running at:"
+  echo
+  echo "  https://${KUBE_MASTER_IP}"
+  echo
+  echo "The user name and password to use is located in ~/.kubernetes_auth."
  echo

 }
--- a/cluster/rackspace/util.sh
+++ b/cluster/rackspace/util.sh
@@ -86,7 +86,7 @@ rax-boot-master() {
 --file /root/masterStart.sh=${KUBE_TEMP}/masterStart.sh \
 --nic net-id=${NETWORK_UUID} \
 ${MASTER_NAME}"
-  
+
  echo "cluster/rackspace/util.sh: Booting ${MASTER_NAME} with following command:"
  echo -e "\t$MASTER_BOOT_CMD"
  $MASTER_BOOT_CMD
@@ -96,7 +96,7 @@ rax-boot-minions() {

  cp $(dirname $0)/cloud-config/minion-cloud-config.yaml \
  ${KUBE_TEMP}/minion-cloud-config.yaml
-  
+
  for (( i=0; i<${#MINION_NAMES[@]}; i++)); do

    (
@@ -106,7 +106,7 @@ rax-boot-minions() {
      echo "NUM_MINIONS=${RAX_NUM_MINIONS}"
      grep -v "^#" $(dirname $0)/templates/salt-minion.sh
    ) > ${KUBE_TEMP}/minionStart${i}.sh
-  
+
    MINION_BOOT_CMD="nova boot \
 --key-name ${SSH_KEY_NAME} \
 --flavor ${KUBE_MINION_FLAVOR} \
@@ -117,7 +117,7 @@ rax-boot-minions() {
 --nic net-id=${NETWORK_UUID} \
 --file=/root/minionStart.sh=${KUBE_TEMP}/minionStart${i}.sh \
 ${MINION_NAMES[$i]}"
-  
+
    echo "cluster/rackspace/util.sh: Booting ${MINION_NAMES[$i]} with following command:"
    echo -e "\t$MINION_BOOT_CMD"
    $MINION_BOOT_CMD
@@ -128,10 +128,10 @@ rax-nova-network() {
  if ! $(nova network-list | grep $NOVA_NETWORK_LABEL > /dev/null 2>&1); then
    SAFE_CIDR=$(echo $NOVA_NETWORK_CIDR | tr -d '\\')
    NETWORK_CREATE_CMD="nova network-create $NOVA_NETWORK_LABEL $SAFE_CIDR"
-  
+
    echo "cluster/rackspace/util.sh: Creating cloud network with following command:"
    echo -e "\t${NETWORK_CREATE_CMD}"
-  
+
    $NETWORK_CREATE_CMD
  else
    echo "cluster/rackspace/util.sh: Using existing cloud network $NOVA_NETWORK_LABEL"
@@ -167,42 +167,41 @@ detect-master-nova-net() {
 }

 kube-up() {
-  
+
  SCRIPT_DIR=$(CDPATH="" cd $(dirname $0); pwd)
  source $(dirname $0)/../gce/util.sh
  source $(dirname $0)/util.sh
  source $(dirname $0)/../../release/rackspace/config.sh
-  
+
  # Find the release to use.  Generally it will be passed when doing a 'prod'
  # install and will default to the release/config.sh version when doing a
  # developer up.
  find-object-url $CONTAINER output/release/$TAR_FILE
-  
+
  # Create a temp directory to hold scripts that will be uploaded to master/minions
  KUBE_TEMP=$(mktemp -d -t kubernetes.XXXXXX)
  trap "rm -rf ${KUBE_TEMP}" EXIT
-  
+
  get-password
-  echo "cluster/rackspace/util.sh: Using password: $user:$passwd"
  python $(dirname $0)/../../third_party/htpasswd/htpasswd.py -b -c ${KUBE_TEMP}/htpasswd $user $passwd
  HTPASSWD=$(cat ${KUBE_TEMP}/htpasswd)
-  
+
  rax-nova-network
  NETWORK_UUID=$(nova network-list | grep -i ${NOVA_NETWORK_LABEL} | awk '{print $2}')
-  
+
  # create and upload ssh key if necessary
  rax-ssh-key
-  
+
  echo "cluster/rackspace/util.sh: Starting Cloud Servers"
  rax-boot-master
-  
+
  # a bit of a hack to wait until master is has an IP from the extra network
  echo "cluster/rackspace/util.sh: sleeping 35 seconds"
  sleep 35
-  
+
  detect-master-nova-net $NOVA_NETWORK_LABEL
  rax-boot-minions
-  
+
  FAIL=0
  for job in `jobs -p`
  do
@@ -221,19 +220,19 @@ kube-up() {
  echo "  This might loop forever if there was some uncaught error during start"
  echo "  up."
  echo
-  
+
  #This will fail until apiserver salt is updated
  until $(curl --insecure --user ${user}:${passwd} --max-time 5 \
          --fail --output /dev/null --silent https://${KUBE_MASTER_IP}/api/v1beta1/pods); do
      printf "."
      sleep 2
  done
-  
+
  echo "Kubernetes cluster created."
  echo "Sanity checking cluster..."
-  
+
  sleep 5
-  
+
  # Don't bail on errors, we want to be able to print some info.
  set +e
  sleep 45
@@ -242,10 +241,13 @@ kube-up() {

  echo "All minions may not be online yet, this is okay."
  echo
-  echo "Kubernetes cluster is running.  Access the master at:"
+  echo "Kubernetes cluster is running.  The master is running at:"
  echo
-  echo "  https://${user}:${passwd}@${KUBE_MASTER_IP}"
+  echo "  https://${KUBE_MASTER_IP}"
+  echo
+  echo "The user name and password to use is located in ~/.kubernetes_auth."
  echo
  echo "Security note: The server above uses a self signed certificate.  This is"
  echo "    subject to \"Man in the middle\" type attacks."
+  echo
 }
--- a/cluster/vagrant/provision-master.sh
+++ b/cluster/vagrant/provision-master.sh
@@ -22,11 +22,11 @@ source $(dirname $0)/provision-config.sh
 minion_ip_array=(${MINION_IPS//,/ })
 for (( i=0; i<${#MINION_NAMES[@]}; i++)); do
  minion=${MINION_NAMES[$i]}
-  ip=${minion_ip_array[$i]}  
+  ip=${minion_ip_array[$i]}
  if [ ! "$(cat /etc/hosts | grep $minion)" ]; then
    echo "Adding $minion to hosts file"
    echo "$ip $minion" >> /etc/hosts
-  fi  
+  fi
 done

 # Update salt configuration
@@ -68,7 +68,6 @@ EOF
 # Configure nginx authorization
 mkdir -p $KUBE_TEMP
 mkdir -p /srv/salt/nginx
-echo "Using password: $MASTER_USER:$MASTER_PASSWD"
 python $(dirname $0)/../../third_party/htpasswd/htpasswd.py -b -c ${KUBE_TEMP}/htpasswd $MASTER_USER $MASTER_PASSWD
 MASTER_HTPASSWD=$(cat ${KUBE_TEMP}/htpasswd)
 echo $MASTER_HTPASSWD > /srv/salt/nginx/htpasswd
--- a/cluster/vagrant/util.sh
+++ b/cluster/vagrant/util.sh
@@ -39,7 +39,7 @@ function verify-prereqs {
 }

 # Instantiate a kubernetes cluster
-function kube-up {		
+function kube-up {

  get-password
  vagrant up
@@ -74,7 +74,7 @@ function kube-up {
      done
    done
  done
-  
+
  echo
  echo "Waiting for each minion to be registered with cloud provider"
  for (( i=0; i<${#MINION_NAMES[@]}; i++)); do
@@ -85,13 +85,16 @@ function kube-up {
      COUNT=$(grep -c ${MINION_NAMES[i]} /tmp/minions) || { printf "."; sleep 2; COUNT="0"; }
    done
  done
-	
+
  echo
  echo "Kubernetes cluster created."
  echo
-  echo "Kubernetes cluster is running.  Access the master at:"
+  echo "Kubernetes cluster is running.  The master is running at:"
+  echo
+  echo "  https://${KUBE_MASTER_IP}"
+  echo
+  echo "The user name and password to use is located in ~/.kubernetes_auth."
  echo
-  echo "  https://${user}:${passwd}@${KUBE_MASTER_IP}"
 }

 # Delete a kubernetes cluster
--- a/cluster/vsphere/util.sh
+++ b/cluster/vsphere/util.sh
@@ -101,8 +101,6 @@ function kube-up {
  trap "rm -rf ${KUBE_TEMP}" EXIT

  get-password
-  echo "Using password: $user:$passwd"
-  echo
  python $(dirname $0)/../third_party/htpasswd/htpasswd.py -b -c ${KUBE_TEMP}/htpasswd $user $passwd
  HTPASSWD=$(cat ${KUBE_TEMP}/htpasswd)

@@ -220,9 +218,11 @@ function kube-up {
  done

  echo
-  echo "Kubernetes cluster is running. Access the master at:"
+  echo "Kubernetes cluster is running. The master is running at:"
  echo
-  echo "  https://${user}:${passwd}@${KUBE_MASTER_IP}"
+  echo "  https://${KUBE_MASTER_IP}"
+  echo
+  echo "The user name and password to use is located in ~/.kubernetes_auth."
  echo
  echo "Security note: The server above uses a self signed certificate."
  echo "This is subject to \"Man in the middle\" type attacks."
@@ -260,9 +260,12 @@ function kube-push {

  get-password

-  echo "Kubernetes cluster is updated.  Access the master at:"
  echo
-  echo "  https://${user}:${passwd}@${KUBE_MASTER_IP}"
+  echo "Kubernetes cluster is updated.  The master is running at:"
+  echo
+  echo "  https://${KUBE_MASTER_IP}"
+  echo
+  echo "The user name and password to use is located in ~/.kubernetes_auth."
  echo
 }