mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-21 02:41:25 +00:00
auth/cloud-platform is a superset of devstorage.
Also fix the curl in get-kube.sh
This commit is contained in:
parent
e7090e8f5e
commit
e3fdebbe62
@ -131,7 +131,7 @@ function get-credentials {
|
||||
}
|
||||
|
||||
function valid-storage-scope {
|
||||
curl --fail --retry 5 --retry-delay 3 ${CURL_RETRY_CONNREFUSED} --silent --show-error "${GCE_METADATA_INTERNAL}/service-accounts/default/scopes" -H "Metadata-Flavor: Google" -s | grep -q "auth/devstorage"
|
||||
curl --fail --retry 5 --retry-delay 3 ${CURL_RETRY_CONNREFUSED} --silent --show-error "${GCE_METADATA_INTERNAL}/service-accounts/default/scopes" -H "Metadata-Flavor: Google" -s | grep -E "auth/devstorage|auth/cloud-platform"
|
||||
}
|
||||
|
||||
# Retry a download until we get it. Takes a hash and a set of URLs.
|
||||
|
@ -151,7 +151,7 @@ function get-credentials {
|
||||
}
|
||||
|
||||
function valid-storage-scope {
|
||||
curl "${GCE_METADATA_INTERNAL}/service-accounts/default/scopes" -H "Metadata-Flavor: Google" -s | grep -q "auth/devstorage"
|
||||
curl "${GCE_METADATA_INTERNAL}/service-accounts/default/scopes" -H "Metadata-Flavor: Google" -s | grep -E "auth/devstorage|auth/cloud-platform"
|
||||
}
|
||||
|
||||
function download_tarball() {
|
||||
@ -166,7 +166,7 @@ function download_tarball() {
|
||||
mkdir -p "${download_path}"
|
||||
if [[ $(which curl) ]]; then
|
||||
# if the url belongs to GCS API we should use oauth2_token in the headers
|
||||
local curl_headers=""
|
||||
curl_headers=""
|
||||
if { [[ "${KUBERNETES_PROVIDER:-gce}" == "gce" ]] || [[ "${KUBERNETES_PROVIDER}" == "gke" ]] ; } &&
|
||||
[[ "$url" =~ ^https://storage.googleapis.com.* ]] && valid-storage-scope ; then
|
||||
curl_headers="Authorization: Bearer $(get-credentials)"
|
||||
|
@ -122,6 +122,17 @@ function create_cluster {
|
||||
)
|
||||
}
|
||||
|
||||
# Get default service account credentials of the VM.
|
||||
GCE_METADATA_INTERNAL="http://metadata.google.internal/computeMetadata/v1/instance"
|
||||
function get-credentials {
|
||||
curl "${GCE_METADATA_INTERNAL}/service-accounts/default/token" -H "Metadata-Flavor: Google" -s | python -c \
|
||||
'import sys; import json; print(json.loads(sys.stdin.read())["access_token"])'
|
||||
}
|
||||
|
||||
function valid-storage-scope {
|
||||
curl "${GCE_METADATA_INTERNAL}/service-accounts/default/scopes" -H "Metadata-Flavor: Google" -s | grep -E "auth/devstorage|auth/cloud-platform"
|
||||
}
|
||||
|
||||
if [[ -n "${KUBERNETES_SKIP_DOWNLOAD-}" ]]; then
|
||||
create_cluster
|
||||
exit 0
|
||||
@ -228,7 +239,13 @@ fi
|
||||
|
||||
if "${need_download}"; then
|
||||
if [[ $(which curl) ]]; then
|
||||
curl -fL --retry 5 --keepalive-time 2 "${kubernetes_tar_url}" -o "${file}"
|
||||
# if the url belongs to GCS API we should use oauth2_token in the headers
|
||||
curl_headers=""
|
||||
if { [[ "${KUBERNETES_PROVIDER:-gce}" == "gce" ]] || [[ "${KUBERNETES_PROVIDER}" == "gke" ]] ; } &&
|
||||
[[ "$kubernetes_tar_url" =~ ^https://storage.googleapis.com.* ]] && valid-storage-scope ; then
|
||||
curl_headers="Authorization: Bearer $(get-credentials)"
|
||||
fi
|
||||
curl ${curl_headers:+-H "${curl_headers}"} -fL --retry 3 --keepalive-time 2 "${kubernetes_tar_url}" -o "${file}"
|
||||
elif [[ $(which wget) ]]; then
|
||||
wget "${kubernetes_tar_url}"
|
||||
else
|
||||
|
Loading…
Reference in New Issue
Block a user