mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-23 11:50:44 +00:00
Merge pull request #29242 from kubernetes/revert-28802-service
Automatic merge from submit-queue Revert "Drop support for --gce-service-account, require activated creds" Reverts kubernetes/kubernetes#28802 This appears to break the soak tests with "invalid grant" errors -- see the recent batch of errors in #27920.
This commit is contained in:
commit
cad9333ce7
@ -121,6 +121,7 @@ export PATH=$(dirname "${e2e_test}"):"${PATH}"
|
|||||||
--provider="${KUBERNETES_PROVIDER}" \
|
--provider="${KUBERNETES_PROVIDER}" \
|
||||||
--gce-project="${PROJECT:-}" \
|
--gce-project="${PROJECT:-}" \
|
||||||
--gce-zone="${ZONE:-}" \
|
--gce-zone="${ZONE:-}" \
|
||||||
|
--gce-service-account="${GCE_SERVICE_ACCOUNT:-}" \
|
||||||
--gke-cluster="${CLUSTER_NAME:-}" \
|
--gke-cluster="${CLUSTER_NAME:-}" \
|
||||||
--kube-master="${KUBE_MASTER:-}" \
|
--kube-master="${KUBE_MASTER:-}" \
|
||||||
--cluster-tag="${CLUSTER_ID:-}" \
|
--cluster-tag="${CLUSTER_ID:-}" \
|
||||||
|
@ -226,6 +226,7 @@ fi
|
|||||||
if [[ -f "${KUBEKINS_SERVICE_ACCOUNT_FILE:-}" ]]; then
|
if [[ -f "${KUBEKINS_SERVICE_ACCOUNT_FILE:-}" ]]; then
|
||||||
echo 'Activating service account...' # No harm in doing this multiple times.
|
echo 'Activating service account...' # No harm in doing this multiple times.
|
||||||
gcloud auth activate-service-account --key-file="${KUBEKINS_SERVICE_ACCOUNT_FILE}"
|
gcloud auth activate-service-account --key-file="${KUBEKINS_SERVICE_ACCOUNT_FILE}"
|
||||||
|
unset GCE_SERVICE_ACCOUNT # Use checked in credentials, not the metadata server
|
||||||
unset KUBEKINS_SERVICE_ACCOUNT_FILE
|
unset KUBEKINS_SERVICE_ACCOUNT_FILE
|
||||||
elif [[ -n "${KUBEKINS_SERVICE_ACCOUNT_FILE:-}" ]]; then
|
elif [[ -n "${KUBEKINS_SERVICE_ACCOUNT_FILE:-}" ]]; then
|
||||||
echo "ERROR: cannot access service account file at: ${KUBEKINS_SERVICE_ACCOUNT_FILE}"
|
echo "ERROR: cannot access service account file at: ${KUBEKINS_SERVICE_ACCOUNT_FILE}"
|
||||||
|
@ -29,6 +29,8 @@ import (
|
|||||||
"github.com/onsi/ginkgo/config"
|
"github.com/onsi/ginkgo/config"
|
||||||
"github.com/onsi/ginkgo/reporters"
|
"github.com/onsi/ginkgo/reporters"
|
||||||
"github.com/onsi/gomega"
|
"github.com/onsi/gomega"
|
||||||
|
"golang.org/x/oauth2"
|
||||||
|
"golang.org/x/oauth2/google"
|
||||||
|
|
||||||
"k8s.io/kubernetes/pkg/api"
|
"k8s.io/kubernetes/pkg/api"
|
||||||
gcecloud "k8s.io/kubernetes/pkg/cloudprovider/providers/gce"
|
gcecloud "k8s.io/kubernetes/pkg/cloudprovider/providers/gce"
|
||||||
@ -59,13 +61,20 @@ func setupProviderConfig() error {
|
|||||||
case "gce", "gke":
|
case "gce", "gke":
|
||||||
var err error
|
var err error
|
||||||
framework.Logf("Fetching cloud provider for %q\r\n", framework.TestContext.Provider)
|
framework.Logf("Fetching cloud provider for %q\r\n", framework.TestContext.Provider)
|
||||||
|
var tokenSource oauth2.TokenSource
|
||||||
|
tokenSource = nil
|
||||||
|
if cloudConfig.ServiceAccount != "" {
|
||||||
|
// Use specified service account for auth
|
||||||
|
framework.Logf("Using service account %q as token source.", cloudConfig.ServiceAccount)
|
||||||
|
tokenSource = google.ComputeTokenSource(cloudConfig.ServiceAccount)
|
||||||
|
}
|
||||||
zone := framework.TestContext.CloudConfig.Zone
|
zone := framework.TestContext.CloudConfig.Zone
|
||||||
region, err := gcecloud.GetGCERegion(zone)
|
region, err := gcecloud.GetGCERegion(zone)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("error parsing GCE/GKE region from zone %q: %v", zone, err)
|
return fmt.Errorf("error parsing GCE/GKE region from zone %q: %v", zone, err)
|
||||||
}
|
}
|
||||||
managedZones := []string{zone} // Only single-zone for now
|
managedZones := []string{zone} // Only single-zone for now
|
||||||
cloudConfig.Provider, err = gcecloud.CreateGCECloud(framework.TestContext.CloudConfig.ProjectID, region, zone, managedZones, "" /* networkUrl */, nil /* nodeTags */, "" /* nodeInstancePerfix */, nil /* tokenSource */, false /* useMetadataServer */)
|
cloudConfig.Provider, err = gcecloud.CreateGCECloud(framework.TestContext.CloudConfig.ProjectID, region, zone, managedZones, "" /* networkUrl */, nil /* nodeTags */, "" /* nodeInstancePerfix */, tokenSource, false /* useMetadataServer */)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("Error building GCE/GKE provider: %v", err)
|
return fmt.Errorf("Error building GCE/GKE provider: %v", err)
|
||||||
}
|
}
|
||||||
|
@ -80,6 +80,7 @@ type CloudConfig struct {
|
|||||||
NodeInstanceGroup string
|
NodeInstanceGroup string
|
||||||
NumNodes int
|
NumNodes int
|
||||||
ClusterTag string
|
ClusterTag string
|
||||||
|
ServiceAccount string
|
||||||
|
|
||||||
Provider cloudprovider.Interface
|
Provider cloudprovider.Interface
|
||||||
}
|
}
|
||||||
@ -133,6 +134,7 @@ func RegisterClusterFlags() {
|
|||||||
flag.StringVar(&cloudConfig.MasterName, "kube-master", "", "Name of the kubernetes master. Only required if provider is gce or gke")
|
flag.StringVar(&cloudConfig.MasterName, "kube-master", "", "Name of the kubernetes master. Only required if provider is gce or gke")
|
||||||
flag.StringVar(&cloudConfig.ProjectID, "gce-project", "", "The GCE project being used, if applicable")
|
flag.StringVar(&cloudConfig.ProjectID, "gce-project", "", "The GCE project being used, if applicable")
|
||||||
flag.StringVar(&cloudConfig.Zone, "gce-zone", "", "GCE zone being used, if applicable")
|
flag.StringVar(&cloudConfig.Zone, "gce-zone", "", "GCE zone being used, if applicable")
|
||||||
|
flag.StringVar(&cloudConfig.ServiceAccount, "gce-service-account", "", "GCE service account to use for GCE API calls, if applicable")
|
||||||
flag.StringVar(&cloudConfig.Cluster, "gke-cluster", "", "GKE name of cluster being used, if applicable")
|
flag.StringVar(&cloudConfig.Cluster, "gke-cluster", "", "GKE name of cluster being used, if applicable")
|
||||||
flag.StringVar(&cloudConfig.NodeInstanceGroup, "node-instance-group", "", "Name of the managed instance group for nodes. Valid only for gce, gke or aws. If there is more than one group: comma separated list of groups.")
|
flag.StringVar(&cloudConfig.NodeInstanceGroup, "node-instance-group", "", "Name of the managed instance group for nodes. Valid only for gce, gke or aws. If there is more than one group: comma separated list of groups.")
|
||||||
flag.IntVar(&cloudConfig.NumNodes, "num-nodes", -1, "Number of nodes in the cluster")
|
flag.IntVar(&cloudConfig.NumNodes, "num-nodes", -1, "Number of nodes in the cluster")
|
||||||
|
Loading…
Reference in New Issue
Block a user