github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-28 14:07:14 +00:00
Code Issues Projects Releases Wiki Activity

make using service account credentials from controllers optional

Browse Source
This commit is contained in:
deads2k 2016-11-01 09:27:35 -04:00
parent d76650ad40
commit ebf796a649
6 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/kube-controller-manager/app/controllermanager.go
View File

@ -167,7 +167,7 @@ func Run(s *options.CMServer) error {
ClientConfig: kubeconfig, ClientConfig: kubeconfig,
} }
var clientBuilder controller.ControllerClientBuilder var clientBuilder controller.ControllerClientBuilder
if len(s.ServiceAccountKeyFile) > 0 { if len(s.ServiceAccountKeyFile) > 0 && s.UseServiceAccountCredentials {
clientBuilder = controller.SAControllerClientBuilder{ clientBuilder = controller.SAControllerClientBuilder{
ClientConfig: restclient.AnonymousClientConfig(kubeconfig), ClientConfig: restclient.AnonymousClientConfig(kubeconfig),
CoreClient: kubeClient.Core(), CoreClient: kubeClient.Core(),

1
cmd/kube-controller-manager/app/options/options.go
View File

@ -105,6 +105,7 @@ func NewCMServer() *CMServer {
func (s *CMServer) AddFlags(fs *pflag.FlagSet) { func (s *CMServer) AddFlags(fs *pflag.FlagSet) {
fs.Int32Var(&s.Port, "port", s.Port, "The port that the controller-manager's http service runs on") fs.Int32Var(&s.Port, "port", s.Port, "The port that the controller-manager's http service runs on")
fs.Var(componentconfig.IPVar{Val: &s.Address}, "address", "The IP address to serve on (set to 0.0.0.0 for all interfaces)") fs.Var(componentconfig.IPVar{Val: &s.Address}, "address", "The IP address to serve on (set to 0.0.0.0 for all interfaces)")
fs.BoolVar(&s.UseServiceAccountCredentials, "use-service-account-credentials", s.UseServiceAccountCredentials, "If true, use individual service account credentials for each controller.")
fs.StringVar(&s.CloudProvider, "cloud-provider", s.CloudProvider, "The provider for cloud services. Empty string for no provider.") fs.StringVar(&s.CloudProvider, "cloud-provider", s.CloudProvider, "The provider for cloud services. Empty string for no provider.")
fs.StringVar(&s.CloudConfigFile, "cloud-config", s.CloudConfigFile, "The path to the cloud provider configuration file. Empty string for no configuration file.") fs.StringVar(&s.CloudConfigFile, "cloud-config", s.CloudConfigFile, "The path to the cloud provider configuration file. Empty string for no configuration file.")
fs.Int32Var(&s.ConcurrentEndpointSyncs, "concurrent-endpoint-syncs", s.ConcurrentEndpointSyncs, "The number of endpoint syncing operations that will be done concurrently. Larger number = faster endpoint updating, but more CPU (and network) load") fs.Int32Var(&s.ConcurrentEndpointSyncs, "concurrent-endpoint-syncs", s.ConcurrentEndpointSyncs, "The number of endpoint syncing operations that will be done concurrently. Larger number = faster endpoint updating, but more CPU (and network) load")

1
hack/verify-flags/known-flags.txt
View File

@ -573,6 +573,7 @@ unix-socket
update-period update-period
upgrade-image upgrade-image
upgrade-target upgrade-target
use-service-account-credentials
use-kubernetes-cluster-service use-kubernetes-cluster-service
use-kubernetes-version use-kubernetes-version
user-whitelist user-whitelist

3
pkg/apis/componentconfig/types.go
View File

@ -586,6 +586,9 @@ type KubeControllerManagerConfiguration struct {
Port int32 `json:"port"` Port int32 `json:"port"`
// address is the IP address to serve on (set to 0.0.0.0 for all interfaces). // address is the IP address to serve on (set to 0.0.0.0 for all interfaces).
Address string `json:"address"` Address string `json:"address"`
// useServiceAccountCredentials indicates whether controllers should be run with
// individual service account credentials.
UseServiceAccountCredentials bool `json:"useServiceAccountCredentials"`
// cloudProvider is the provider for cloud services. // cloudProvider is the provider for cloud services.
CloudProvider string `json:"cloudProvider"` CloudProvider string `json:"cloudProvider"`
// cloudConfigFile is the path to the cloud provider configuration file. // cloudConfigFile is the path to the cloud provider configuration file.

1
pkg/apis/componentconfig/zz_generated.deepcopy.go
View File

@ -75,6 +75,7 @@ func DeepCopy_componentconfig_KubeControllerManagerConfiguration(in interface{},
out.TypeMeta = in.TypeMeta out.TypeMeta = in.TypeMeta
out.Port = in.Port out.Port = in.Port
out.Address = in.Address out.Address = in.Address
out.UseServiceAccountCredentials = in.UseServiceAccountCredentials
out.CloudProvider = in.CloudProvider out.CloudProvider = in.CloudProvider
out.CloudConfigFile = in.CloudConfigFile out.CloudConfigFile = in.CloudConfigFile
out.ConcurrentEndpointSyncs = in.ConcurrentEndpointSyncs out.ConcurrentEndpointSyncs = in.ConcurrentEndpointSyncs

9
pkg/generated/openapi/zz_generated.openapi.go
View File

@ -1471,6 +1471,13 @@ var OpenAPIDefinitions *common.OpenAPIDefinitions = &common.OpenAPIDefinitions{
Format: "", Format: "",
}, },
}, },
"useServiceAccountCredentials": {
SchemaProps: spec.SchemaProps{
Description: "useServiceAccountCredentials indicates whether controllers should be run with individual service account credentials.",
Type: []string{"boolean"},
Format: "",
},
},
"cloudProvider": { "cloudProvider": {
SchemaProps: spec.SchemaProps{ SchemaProps: spec.SchemaProps{
Description: "cloudProvider is the provider for cloud services.", Description: "cloudProvider is the provider for cloud services.",
@ -1848,7 +1855,7 @@ var OpenAPIDefinitions *common.OpenAPIDefinitions = &common.OpenAPIDefinitions{
}, },
}, },
}, },
Required: []string{"TypeMeta", "port", "address", "cloudProvider", "cloudConfigFile", "concurrentEndpointSyncs", "concurrentRSSyncs", "concurrentRCSyncs", "concurrentServiceSyncs", "concurrentResourceQuotaSyncs", "concurrentDeploymentSyncs", "concurrentDaemonSetSyncs", "concurrentJobSyncs", "concurrentNamespaceSyncs", "concurrentSATokenSyncs", "lookupCacheSizeForRC", "lookupCacheSizeForRS", "lookupCacheSizeForDaemonSet", "serviceSyncPeriod", "nodeSyncPeriod", "routeReconciliationPeriod", "resourceQuotaSyncPeriod", "namespaceSyncPeriod", "pvClaimBinderSyncPeriod", "minResyncPeriod", "terminatedPodGCThreshold", "horizontalPodAutoscalerSyncPeriod", "deploymentControllerSyncPeriod", "podEvictionTimeout", "deletingPodsQps", "deletingPodsBurst", "nodeMonitorGracePeriod", "registerRetryCount", "nodeStartupGracePeriod", "nodeMonitorPeriod", "serviceAccountKeyFile", "clusterSigningCertFile", "clusterSigningKeyFile", "approveAllKubeletCSRsForGroup", "enableProfiling", "clusterName", "clusterCIDR", "serviceCIDR", "nodeCIDRMaskSize", "allocateNodeCIDRs", "configureCloudRoutes", "rootCAFile", "contentType", "kubeAPIQPS", "kubeAPIBurst", "leaderElection", "volumeConfiguration", "controllerStartInterval", "enableGarbageCollector", "concurrentGCSyncs", "nodeEvictionRate", "secondaryNodeEvictionRate", "largeClusterSizeThreshold", "unhealthyZoneThreshold"}, Required: []string{"TypeMeta", "port", "address", "useServiceAccountCredentials", "cloudProvider", "cloudConfigFile", "concurrentEndpointSyncs", "concurrentRSSyncs", "concurrentRCSyncs", "concurrentServiceSyncs", "concurrentResourceQuotaSyncs", "concurrentDeploymentSyncs", "concurrentDaemonSetSyncs", "concurrentJobSyncs", "concurrentNamespaceSyncs", "concurrentSATokenSyncs", "lookupCacheSizeForRC", "lookupCacheSizeForRS", "lookupCacheSizeForDaemonSet", "serviceSyncPeriod", "nodeSyncPeriod", "routeReconciliationPeriod", "resourceQuotaSyncPeriod", "namespaceSyncPeriod", "pvClaimBinderSyncPeriod", "minResyncPeriod", "terminatedPodGCThreshold", "horizontalPodAutoscalerSyncPeriod", "deploymentControllerSyncPeriod", "podEvictionTimeout", "deletingPodsQps", "deletingPodsBurst", "nodeMonitorGracePeriod", "registerRetryCount", "nodeStartupGracePeriod", "nodeMonitorPeriod", "serviceAccountKeyFile", "clusterSigningCertFile", "clusterSigningKeyFile", "approveAllKubeletCSRsForGroup", "enableProfiling", "clusterName", "clusterCIDR", "serviceCIDR", "nodeCIDRMaskSize", "allocateNodeCIDRs", "configureCloudRoutes", "rootCAFile", "contentType", "kubeAPIQPS", "kubeAPIBurst", "leaderElection", "volumeConfiguration", "controllerStartInterval", "enableGarbageCollector", "concurrentGCSyncs", "nodeEvictionRate", "secondaryNodeEvictionRate", "largeClusterSizeThreshold", "unhealthyZoneThreshold"},
}, },
}, },
Dependencies: []string{ Dependencies: []string{