Change kube2sky to use token-system-dns secret, point at https endpoint (instead of kubernetes-ro service).

cluster/addons/dns/kube2sky/kube2sky.go

@@ -29,6 +29,7 @@ import (
 
 	kapi "github.com/GoogleCloudPlatform/kubernetes/pkg/api"
 	kclient "github.com/GoogleCloudPlatform/kubernetes/pkg/client"
+	kclientcmd "github.com/GoogleCloudPlatform/kubernetes/pkg/client/clientcmd"
 	kfields "github.com/GoogleCloudPlatform/kubernetes/pkg/fields"
 	klabels "github.com/GoogleCloudPlatform/kubernetes/pkg/labels"
 	tools "github.com/GoogleCloudPlatform/kubernetes/pkg/tools"
@@ -42,6 +43,7 @@ var (
 	etcd_mutation_timeout = flag.Duration("etcd_mutation_timeout", 10*time.Second, "crash after retrying etcd mutation for a specified duration")
 	etcd_server           = flag.String("etcd-server", "http://127.0.0.1:4001", "URL to etcd server")
 	verbose               = flag.Bool("verbose", false, "log extra information")
+	kubecfg_file          = flag.String("kubecfg_file", "", "Location of kubecfg file for access to kubernetes service")
 )
 
 func removeDNS(record string, etcdClient *etcd.Client) error {
@@ -128,22 +130,31 @@ func newEtcdClient() (client *etcd.Client) {
 
 // TODO: evaluate using pkg/client/clientcmd
 func newKubeClient() (*kclient.Client, error) {
-	config := &kclient.Config{}
+	var config *kclient.Config
-
+	if *kubecfg_file == "" {
-	masterHost := os.Getenv("KUBERNETES_RO_SERVICE_HOST")
+		// No kubecfg file provided. Use kubernetes_ro service.
-	if masterHost == "" {
+		masterHost := os.Getenv("KUBERNETES_RO_SERVICE_HOST")
-		log.Fatalf("KUBERNETES_RO_SERVICE_HOST is not defined")
+		if masterHost == "" {
+			log.Fatalf("KUBERNETES_RO_SERVICE_HOST is not defined")
+		}
+		masterPort := os.Getenv("KUBERNETES_RO_SERVICE_PORT")
+		if masterPort == "" {
+			log.Fatalf("KUBERNETES_RO_SERVICE_PORT is not defined")
+		}
+		config = &kclient.Config{
+			Host:    fmt.Sprintf("http://%s:%s", masterHost, masterPort),
+			Version: "v1beta1",
+		}
+	} else {
+		var err error
+		if config, err = kclientcmd.NewNonInteractiveDeferredLoadingClientConfig(
+			&kclientcmd.ClientConfigLoadingRules{ExplicitPath: *kubecfg_file},
+			&kclientcmd.ConfigOverrides{}).ClientConfig(); err != nil {
+			return nil, err
+		}
 	}
-	masterPort := os.Getenv("KUBERNETES_RO_SERVICE_PORT")
-	if masterPort == "" {
-		log.Fatalf("KUBERNETES_RO_SERVICE_PORT is not defined")
-	}
-	config.Host = fmt.Sprintf("http://%s:%s", masterHost, masterPort)
 	log.Printf("Using %s for kubernetes master", config.Host)
-
-	config.Version = "v1beta1"
 	log.Printf("Using kubernetes API %s", config.Version)
-
 	return kclient.New(config)
 }
 

cluster/addons/dns/skydns-rc.yaml.in

@@ -29,10 +29,15 @@ desiredState:
                     "-advertise-client-urls=http://127.0.0.1:4001",
             ]
           - name: kube2sky
-            image: gcr.io/google_containers/kube2sky:1.1
+            image: gcr.io/google_containers/kube2sky:1.2
+            volumeMounts:
+              - name: dns-token
+                mountPath: /etc/dns_token
+                readOnly: true
             command: [
                     # entrypoint = "/kube2sky",
                     "-domain={{ pillar['dns_domain'] }}",
+                    "-kubecfg_file=/etc/dns_token/kubeconfig",
             ]
           - name: skydns
             image: gcr.io/google_containers/skydns:2015-03-11-001
@@ -46,3 +51,11 @@ desiredState:
               - name: dns
                 containerPort: 53
                 protocol: UDP
+        volumes:
+          - name: dns-token
+            source:
+              secret:
+                target:
+                  kind: Secret
+                  namespace: default
+                  name: token-system-dns