rke/pki/deploy.go

package pki

import (
	"context"
	"crypto/rsa"
	"crypto/x509"
	"fmt"
	"io/ioutil"
	"time"

	"github.com/Sirupsen/logrus"
	"github.com/docker/docker/api/types"
	"github.com/docker/docker/api/types/container"
	"github.com/rancher/rke/docker"
	"github.com/rancher/rke/hosts"
	"k8s.io/client-go/util/cert"
)

func ConvertCrtToENV(name string, certificate *x509.Certificate) string {
	encodedCrt := cert.EncodeCertPEM(certificate)
	return fmt.Sprintf("%s=%s", name, string(encodedCrt))
}

func ConvertKeyToENV(name string, key *rsa.PrivateKey) string {
	encodedKey := cert.EncodePrivateKeyPEM(key)
	return fmt.Sprintf("%s=%s", name, string(encodedKey))
}

func ConvertConfigToENV(name string, config string) string {
	return fmt.Sprintf("%s=%s", name, config)
}

func DeployCertificatesOnMasters(cpHosts []hosts.Host, crtMap map[string]CertificatePKI) error {
	env := []string{
		ConvertCrtToENV(CACertENVName, crtMap[CACertName].Certificate),
		ConvertKeyToENV(CAKeyENVName, crtMap[CACertName].Key),
		ConvertCrtToENV(KubeAPICertENVName, crtMap[KubeAPICertName].Certificate),
		ConvertKeyToENV(KubeAPIKeyENVName, crtMap[KubeAPICertName].Key),
		ConvertCrtToENV(KubeControllerCertENVName, crtMap[KubeControllerName].Certificate),
		ConvertKeyToENV(KubeControllerKeyENVName, crtMap[KubeControllerName].Key),
		ConvertConfigToENV(KubeControllerConfigENVName, crtMap[KubeControllerName].Config),
		ConvertCrtToENV(KubeSchedulerCertENVName, crtMap[KubeSchedulerName].Certificate),
		ConvertKeyToENV(KubeSchedulerKeyENVName, crtMap[KubeSchedulerName].Key),
		ConvertConfigToENV(KubeSchedulerConfigENVName, crtMap[KubeSchedulerName].Config),
		ConvertCrtToENV(KubeProxyCertENVName, crtMap[KubeProxyName].Certificate),
		ConvertKeyToENV(KubeProxyKeyENVName, crtMap[KubeProxyName].Key),
		ConvertConfigToENV(KubeProxyConfigENVName, crtMap[KubeProxyName].Config),
		ConvertCrtToENV(KubeNodeCertENVName, crtMap[KubeNodeName].Certificate),
		ConvertKeyToENV(KubeNodeKeyENVName, crtMap[KubeNodeName].Key),
		ConvertConfigToENV(KubeNodeConfigENVName, crtMap[KubeNodeName].Config),
	}
	for i := range cpHosts {
		err := doRunDeployer(&cpHosts[i], env)
		if err != nil {
			return err
		}
	}
	return nil
}

func DeployCertificatesOnWorkers(workerHosts []hosts.Host, crtMap map[string]CertificatePKI) error {
	env := []string{
		ConvertCrtToENV(CACertENVName, crtMap[CACertName].Certificate),
		ConvertCrtToENV(KubeProxyCertENVName, crtMap[KubeProxyName].Certificate),
		ConvertKeyToENV(KubeProxyKeyENVName, crtMap[KubeProxyName].Key),
		ConvertConfigToENV(KubeProxyConfigENVName, crtMap[KubeProxyName].Config),
		ConvertCrtToENV(KubeNodeCertENVName, crtMap[KubeNodeName].Certificate),
		ConvertKeyToENV(KubeNodeKeyENVName, crtMap[KubeNodeName].Key),
		ConvertConfigToENV(KubeNodeConfigENVName, crtMap[KubeNodeName].Config),
	}
	for i := range workerHosts {
		err := doRunDeployer(&workerHosts[i], env)
		if err != nil {
			return err
		}
	}
	return nil
}

func doRunDeployer(host *hosts.Host, containerEnv []string) error {
	logrus.Debugf("[certificates] Pulling Certificate downloader Image on host [%s]", host.Hostname)
	err := docker.PullImage(host.DClient, host.Hostname, CrtDownloaderImage)
	if err != nil {
		return err
	}
	imageCfg := &container.Config{
		Image: CrtDownloaderImage,
		Env:   containerEnv,
	}
	hostCfg := &container.HostConfig{
		Binds: []string{
			"/etc/kubernetes:/etc/kubernetes",
		},
		Privileged:    true,
		RestartPolicy: container.RestartPolicy{Name: "never"},
	}
	resp, err := host.DClient.ContainerCreate(context.Background(), imageCfg, hostCfg, nil, CrtDownloaderContainer)
	if err != nil {
		return fmt.Errorf("Failed to create Certificates deployer container on host [%s]: %v", host.Hostname, err)
	}

	if err := host.DClient.ContainerStart(context.Background(), resp.ID, types.ContainerStartOptions{}); err != nil {
		return fmt.Errorf("Failed to start Certificates deployer container on host [%s]: %v", host.Hostname, err)
	}
	logrus.Debugf("[certificates] Successfully started Certificate deployer container: %s", resp.ID)
	for {
		isDeployerRunning, err := docker.IsContainerRunning(host.DClient, host.Hostname, CrtDownloaderContainer)
		if err != nil {
			return err
		}
		if isDeployerRunning {
			time.Sleep(5 * time.Second)
			continue
		}
		if err := host.DClient.ContainerRemove(context.Background(), resp.ID, types.ContainerRemoveOptions{}); err != nil {
			return fmt.Errorf("Failed to delete Certificates deployer container on host[%s]: %v", host.Hostname, err)
		}
		return nil
	}
}

func DeployAdminConfig(kubeConfig string) error {
	logrus.Debugf("Deploying admin Kubeconfig locally: %s", kubeConfig)
	err := ioutil.WriteFile(KubeAdminConfigPath, []byte(kubeConfig), 0644)
	if err != nil {
		return fmt.Errorf("Failed to create local admin kubeconfig file: %v", err)
	}
	return nil
}
Add default cluster config file and return service container pointer Add more generic functions to go services Add x509 authentication 2017-10-31 13:55:35 +00:00			`package pki`

			`import (`
			`"context"`
			`"crypto/rsa"`
			`"crypto/x509"`
			`"fmt"`
Deploy kube config file locally for admin 2017-11-01 21:46:43 +00:00			`"io/ioutil"`
Add default cluster config file and return service container pointer Add more generic functions to go services Add x509 authentication 2017-10-31 13:55:35 +00:00			`"time"`

			`"github.com/Sirupsen/logrus"`
			`"github.com/docker/docker/api/types"`
			`"github.com/docker/docker/api/types/container"`
			`"github.com/rancher/rke/docker"`
			`"github.com/rancher/rke/hosts"`
			`"k8s.io/client-go/util/cert"`
			`)`

Refactor kubectl Export pki utlitity functions 2017-11-08 17:45:51 +00:00			`func ConvertCrtToENV(name string, certificate *x509.Certificate) string {`
Add default cluster config file and return service container pointer Add more generic functions to go services Add x509 authentication 2017-10-31 13:55:35 +00:00			`encodedCrt := cert.EncodeCertPEM(certificate)`
Use Cluster structure Use separate cluster package Save cluster state and certs to kubernetes Handle Remove and sync cluster state/crts Reuse kubernetes client and combine image and version Separate building functions and small fixes 2017-11-02 10:07:10 +00:00			`return fmt.Sprintf("%s=%s", name, string(encodedCrt))`
Add default cluster config file and return service container pointer Add more generic functions to go services Add x509 authentication 2017-10-31 13:55:35 +00:00			`}`

Refactor kubectl Export pki utlitity functions 2017-11-08 17:45:51 +00:00			`func ConvertKeyToENV(name string, key *rsa.PrivateKey) string {`
Add default cluster config file and return service container pointer Add more generic functions to go services Add x509 authentication 2017-10-31 13:55:35 +00:00			`encodedKey := cert.EncodePrivateKeyPEM(key)`
Use Cluster structure Use separate cluster package Save cluster state and certs to kubernetes Handle Remove and sync cluster state/crts Reuse kubernetes client and combine image and version Separate building functions and small fixes 2017-11-02 10:07:10 +00:00			`return fmt.Sprintf("%s=%s", name, string(encodedKey))`
Add default cluster config file and return service container pointer Add more generic functions to go services Add x509 authentication 2017-10-31 13:55:35 +00:00			`}`

Refactor kubectl Export pki utlitity functions 2017-11-08 17:45:51 +00:00			`func ConvertConfigToENV(name string, config string) string {`
Use Cluster structure Use separate cluster package Save cluster state and certs to kubernetes Handle Remove and sync cluster state/crts Reuse kubernetes client and combine image and version Separate building functions and small fixes 2017-11-02 10:07:10 +00:00			`return fmt.Sprintf("%s=%s", name, config)`
Add default cluster config file and return service container pointer Add more generic functions to go services Add x509 authentication 2017-10-31 13:55:35 +00:00			`}`

Use Cluster structure Use separate cluster package Save cluster state and certs to kubernetes Handle Remove and sync cluster state/crts Reuse kubernetes client and combine image and version Separate building functions and small fixes 2017-11-02 10:07:10 +00:00			`func DeployCertificatesOnMasters(cpHosts []hosts.Host, crtMap map[string]CertificatePKI) error {`
Add default cluster config file and return service container pointer Add more generic functions to go services Add x509 authentication 2017-10-31 13:55:35 +00:00			`env := []string{`
Refactor kubectl Export pki utlitity functions 2017-11-08 17:45:51 +00:00			`ConvertCrtToENV(CACertENVName, crtMap[CACertName].Certificate),`
			`ConvertKeyToENV(CAKeyENVName, crtMap[CACertName].Key),`
			`ConvertCrtToENV(KubeAPICertENVName, crtMap[KubeAPICertName].Certificate),`
			`ConvertKeyToENV(KubeAPIKeyENVName, crtMap[KubeAPICertName].Key),`
			`ConvertCrtToENV(KubeControllerCertENVName, crtMap[KubeControllerName].Certificate),`
			`ConvertKeyToENV(KubeControllerKeyENVName, crtMap[KubeControllerName].Key),`
			`ConvertConfigToENV(KubeControllerConfigENVName, crtMap[KubeControllerName].Config),`
			`ConvertCrtToENV(KubeSchedulerCertENVName, crtMap[KubeSchedulerName].Certificate),`
			`ConvertKeyToENV(KubeSchedulerKeyENVName, crtMap[KubeSchedulerName].Key),`
			`ConvertConfigToENV(KubeSchedulerConfigENVName, crtMap[KubeSchedulerName].Config),`
			`ConvertCrtToENV(KubeProxyCertENVName, crtMap[KubeProxyName].Certificate),`
			`ConvertKeyToENV(KubeProxyKeyENVName, crtMap[KubeProxyName].Key),`
			`ConvertConfigToENV(KubeProxyConfigENVName, crtMap[KubeProxyName].Config),`
			`ConvertCrtToENV(KubeNodeCertENVName, crtMap[KubeNodeName].Certificate),`
			`ConvertKeyToENV(KubeNodeKeyENVName, crtMap[KubeNodeName].Key),`
			`ConvertConfigToENV(KubeNodeConfigENVName, crtMap[KubeNodeName].Config),`
Add default cluster config file and return service container pointer Add more generic functions to go services Add x509 authentication 2017-10-31 13:55:35 +00:00			`}`
Use Cluster structure Use separate cluster package Save cluster state and certs to kubernetes Handle Remove and sync cluster state/crts Reuse kubernetes client and combine image and version Separate building functions and small fixes 2017-11-02 10:07:10 +00:00			`for i := range cpHosts {`
			`err := doRunDeployer(&cpHosts[i], env)`
Add default cluster config file and return service container pointer Add more generic functions to go services Add x509 authentication 2017-10-31 13:55:35 +00:00			`if err != nil {`
			`return err`
			`}`
			`}`
			`return nil`
			`}`

Use Cluster structure Use separate cluster package Save cluster state and certs to kubernetes Handle Remove and sync cluster state/crts Reuse kubernetes client and combine image and version Separate building functions and small fixes 2017-11-02 10:07:10 +00:00			`func DeployCertificatesOnWorkers(workerHosts []hosts.Host, crtMap map[string]CertificatePKI) error {`
Add default cluster config file and return service container pointer Add more generic functions to go services Add x509 authentication 2017-10-31 13:55:35 +00:00			`env := []string{`
Refactor kubectl Export pki utlitity functions 2017-11-08 17:45:51 +00:00			`ConvertCrtToENV(CACertENVName, crtMap[CACertName].Certificate),`
			`ConvertCrtToENV(KubeProxyCertENVName, crtMap[KubeProxyName].Certificate),`
			`ConvertKeyToENV(KubeProxyKeyENVName, crtMap[KubeProxyName].Key),`
			`ConvertConfigToENV(KubeProxyConfigENVName, crtMap[KubeProxyName].Config),`
			`ConvertCrtToENV(KubeNodeCertENVName, crtMap[KubeNodeName].Certificate),`
			`ConvertKeyToENV(KubeNodeKeyENVName, crtMap[KubeNodeName].Key),`
			`ConvertConfigToENV(KubeNodeConfigENVName, crtMap[KubeNodeName].Config),`
Add default cluster config file and return service container pointer Add more generic functions to go services Add x509 authentication 2017-10-31 13:55:35 +00:00			`}`
Use Cluster structure Use separate cluster package Save cluster state and certs to kubernetes Handle Remove and sync cluster state/crts Reuse kubernetes client and combine image and version Separate building functions and small fixes 2017-11-02 10:07:10 +00:00			`for i := range workerHosts {`
			`err := doRunDeployer(&workerHosts[i], env)`
Add default cluster config file and return service container pointer Add more generic functions to go services Add x509 authentication 2017-10-31 13:55:35 +00:00			`if err != nil {`
			`return err`
			`}`
			`}`
			`return nil`
			`}`

			`func doRunDeployer(host *hosts.Host, containerEnv []string) error {`
			`logrus.Debugf("[certificates] Pulling Certificate downloader Image on host [%s]", host.Hostname)`
Use Cluster structure Use separate cluster package Save cluster state and certs to kubernetes Handle Remove and sync cluster state/crts Reuse kubernetes client and combine image and version Separate building functions and small fixes 2017-11-02 10:07:10 +00:00			`err := docker.PullImage(host.DClient, host.Hostname, CrtDownloaderImage)`
Add default cluster config file and return service container pointer Add more generic functions to go services Add x509 authentication 2017-10-31 13:55:35 +00:00			`if err != nil {`
			`return err`
			`}`
			`imageCfg := &container.Config{`
			`Image: CrtDownloaderImage,`
			`Env: containerEnv,`
			`}`
			`hostCfg := &container.HostConfig{`
			`Binds: []string{`
			`"/etc/kubernetes:/etc/kubernetes",`
			`},`
			`Privileged: true,`
			`RestartPolicy: container.RestartPolicy{Name: "never"},`
			`}`
			`resp, err := host.DClient.ContainerCreate(context.Background(), imageCfg, hostCfg, nil, CrtDownloaderContainer)`
			`if err != nil {`
			`return fmt.Errorf("Failed to create Certificates deployer container on host [%s]: %v", host.Hostname, err)`
			`}`

			`if err := host.DClient.ContainerStart(context.Background(), resp.ID, types.ContainerStartOptions{}); err != nil {`
			`return fmt.Errorf("Failed to start Certificates deployer container on host [%s]: %v", host.Hostname, err)`
			`}`
			`logrus.Debugf("[certificates] Successfully started Certificate deployer container: %s", resp.ID)`
			`for {`
Use Cluster structure Use separate cluster package Save cluster state and certs to kubernetes Handle Remove and sync cluster state/crts Reuse kubernetes client and combine image and version Separate building functions and small fixes 2017-11-02 10:07:10 +00:00			`isDeployerRunning, err := docker.IsContainerRunning(host.DClient, host.Hostname, CrtDownloaderContainer)`
Add default cluster config file and return service container pointer Add more generic functions to go services Add x509 authentication 2017-10-31 13:55:35 +00:00			`if err != nil {`
			`return err`
			`}`
			`if isDeployerRunning {`
			`time.Sleep(5 * time.Second)`
			`continue`
			`}`
			`if err := host.DClient.ContainerRemove(context.Background(), resp.ID, types.ContainerRemoveOptions{}); err != nil {`
			`return fmt.Errorf("Failed to delete Certificates deployer container on host[%s]: %v", host.Hostname, err)`
			`}`
			`return nil`
			`}`
			`}`
Deploy kube config file locally for admin 2017-11-01 21:46:43 +00:00
Use Cluster structure Use separate cluster package Save cluster state and certs to kubernetes Handle Remove and sync cluster state/crts Reuse kubernetes client and combine image and version Separate building functions and small fixes 2017-11-02 10:07:10 +00:00			`func DeployAdminConfig(kubeConfig string) error {`
Deploy kube config file locally for admin 2017-11-01 21:46:43 +00:00			`logrus.Debugf("Deploying admin Kubeconfig locally: %s", kubeConfig)`
Use Cluster structure Use separate cluster package Save cluster state and certs to kubernetes Handle Remove and sync cluster state/crts Reuse kubernetes client and combine image and version Separate building functions and small fixes 2017-11-02 10:07:10 +00:00			`err := ioutil.WriteFile(KubeAdminConfigPath, []byte(kubeConfig), 0644)`
			`if err != nil {`
			`return fmt.Errorf("Failed to create local admin kubeconfig file: %v", err)`
Deploy kube config file locally for admin 2017-11-01 21:46:43 +00:00			`}`
			`return nil`
			`}`