github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-29 13:24:42 +00:00
Code Issues Projects Releases Wiki Activity

ensure that kubectl works when the master insecure port is disabled

Browse Source
This commit is contained in:
Jake Sanders 2019-05-06 19:21:21 -07:00
parent 9f1b04f906
commit ff4c372eaa
1 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
cluster/gce/gci/configure-helper.sh
View File

@ -579,6 +579,9 @@ function create-master-auth {
if [[ -n "${KUBE_BEARER_TOKEN:-}" ]]; then if [[ -n "${KUBE_BEARER_TOKEN:-}" ]]; then
append_or_replace_prefixed_line "${known_tokens_csv}" "${KUBE_BEARER_TOKEN}," "admin,admin,system:masters" append_or_replace_prefixed_line "${known_tokens_csv}" "${KUBE_BEARER_TOKEN}," "admin,admin,system:masters"
fi fi
if [[ -n "${KUBE_BOOTSTRAP_TOKEN:-}" ]]; then
append_or_replace_prefixed_line "${known_tokens_csv}" "${KUBE_BOOTSTRAP_TOKEN}," "system:cluster-bootstrap,uid:system:cluster-bootstrap,system:masters"
fi
if [[ -n "${KUBE_CONTROLLER_MANAGER_TOKEN:-}" ]]; then if [[ -n "${KUBE_CONTROLLER_MANAGER_TOKEN:-}" ]]; then
append_or_replace_prefixed_line "${known_tokens_csv}" "${KUBE_CONTROLLER_MANAGER_TOKEN}," "system:kube-controller-manager,uid:system:kube-controller-manager" append_or_replace_prefixed_line "${known_tokens_csv}" "${KUBE_CONTROLLER_MANAGER_TOKEN}," "system:kube-controller-manager,uid:system:kube-controller-manager"
fi fi
@ -2825,6 +2828,14 @@ function wait-till-apiserver-ready() {
done done
} }
function ensure-bootstrap-kubectl-auth {
# Creating an authenticated kubeconfig is only necessary if the insecure port is disabled.
if [[ -n "${KUBE_BOOTSTRAP_TOKEN}" ]]; then
create-kubeconfig "cluster-bootstrap" ${KUBE_BOOTSTRAP_TOKEN}
export KUBECONFIG=/etc/srv/kubernetes/cluster-bootstrap/kubeconfig
fi
}
########### Main Function ########### ########### Main Function ###########
function main() { function main() {
echo "Start to configure instance for kubernetes" echo "Start to configure instance for kubernetes"
@ -2872,10 +2883,12 @@ function main() {
fi fi
fi fi
# generate the controller manager, scheduler and cluster autoscaler tokens here since they are only used on the master.
KUBE_CONTROLLER_MANAGER_TOKEN="$(secure_random 32)" KUBE_CONTROLLER_MANAGER_TOKEN="$(secure_random 32)"
KUBE_SCHEDULER_TOKEN="$(secure_random 32)" KUBE_SCHEDULER_TOKEN="$(secure_random 32)"
KUBE_CLUSTER_AUTOSCALER_TOKEN="$(secure_random 32)" KUBE_CLUSTER_AUTOSCALER_TOKEN="$(secure_random 32)"
if [[ "${ENABLE_APISERVER_INSECURE_PORT:-true}" != "true" ]]; then
KUBE_BOOTSTRAP_TOKEN="$(secure_random 32)"
fi
if [[ "${ENABLE_L7_LOADBALANCING:-}" == "glbc" ]]; then if [[ "${ENABLE_L7_LOADBALANCING:-}" == "glbc" ]]; then
GCE_GLBC_TOKEN="$(secure_random 32)" GCE_GLBC_TOKEN="$(secure_random 32)"
fi fi
@ -2892,6 +2905,7 @@ function main() {
create-node-pki create-node-pki
create-master-pki create-master-pki
create-master-auth create-master-auth
ensure-bootstrap-kubectl-auth
create-master-kubelet-auth create-master-kubelet-auth
create-master-etcd-auth create-master-etcd-auth
create-master-etcd-apiserver-auth create-master-etcd-apiserver-auth