rancher/rke
1
0
Fork 0
mirror of https://github.com/rancher/rke.git synced 2025-08-10 03:08:50 +00:00
Code Issues Releases Wiki Activity

Deploy kube config file locally for admin

Browse Source
This commit is contained in:
galal-hussein 2017-11-01 23:46:43 +02:00
parent 03a7ef7c4b
commit 1bb4ab98c3
5 changed files with 67 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -3,3 +3,4 @@
/dist /dist
*.swp *.swp
/.trash-cache /.trash-cache
admin.config

4
pki/constants.go
View File

@ -52,4 +52,8 @@ const (
KubeNodeCertPath = "/etc/kubernetes/ssl/kube-node.pem" KubeNodeCertPath = "/etc/kubernetes/ssl/kube-node.pem"
KubeNodeKeyPath = "/etc/kubernetes/ssl/kube-node-key.pem" KubeNodeKeyPath = "/etc/kubernetes/ssl/kube-node-key.pem"
KubeNodeConfigPath = "/etc/kubernetes/ssl/kubecfg-kube-node.yaml" KubeNodeConfigPath = "/etc/kubernetes/ssl/kubecfg-kube-node.yaml"
KubeAdminCommonName = "kube-admin"
KubeAdminOrganizationName = "system:masters"
KubeAdminConfigPath = "admin.config"
) )

13
pki/deploy.go
View File

@ -5,6 +5,8 @@ import (
"crypto/rsa" "crypto/rsa"
"crypto/x509" "crypto/x509"
"fmt" "fmt"
"io/ioutil"
"os"
"time" "time"
"github.com/Sirupsen/logrus" "github.com/Sirupsen/logrus"
@ -127,3 +129,14 @@ func doRunDeployer(host *hosts.Host, containerEnv []string) error {
return nil return nil
} }
} }
func deployAdminConfig(kubeConfig string, forceDeploy bool) error {
logrus.Debugf("Deploying admin Kubeconfig locally: %s", kubeConfig)
if _, err := os.Stat(KubeAdminConfigPath); os.IsNotExist(err) || forceDeploy {
err := ioutil.WriteFile(KubeAdminConfigPath, []byte(kubeConfig), 0644)
if err != nil {
return fmt.Errorf("Failed to create local admin kubeconfig file: %v", err)
}
}
return nil
}

24
pki/kubeconfig.go
View File

@ -1,5 +1,7 @@
package pki package pki
import "encoding/base64"
func getKubeConfigX509(kubernetesURL string, componentName string, caPath string, crtPath string, keyPath string) string { func getKubeConfigX509(kubernetesURL string, componentName string, caPath string, crtPath string, keyPath string) string {
return `apiVersion: v1 return `apiVersion: v1
kind: Config kind: Config
@ -21,3 +23,25 @@ users:
client-certificate: ` + crtPath + ` client-certificate: ` + crtPath + `
client-key: ` + keyPath + `` client-key: ` + keyPath + ``
} }
func getKubeConfigX509WithData(kubernetesURL string, componentName string, cacrt string, crt string, key string) string {
return `apiVersion: v1
kind: Config
clusters:
- cluster:
api-version: v1
certificate-authority-data: ` + base64.StdEncoding.EncodeToString([]byte(cacrt)) + `
server: "` + kubernetesURL + `"
name: "local"
contexts:
- context:
cluster: "local"
user: "` + componentName + `"
name: "Default"
current-context: "Default"
users:
- name: "` + componentName + `"
user:
client-certificate-data: ` + base64.StdEncoding.EncodeToString([]byte(crt)) + `
client-key-data: ` + base64.StdEncoding.EncodeToString([]byte(key)) + ``
}

25
pki/pki.go
View File

@ -26,6 +26,11 @@ func StartCertificatesGeneration(ctx *cli.Context, cpHosts []hosts.Host, workerH
if err != nil { if err != nil {
return err return err
} }
logrus.Infof("[certificates] Generating admin certificates and kubeconfig")
err = generateAdminCerts(certs, clusterDomain, cpHosts, forceDeploy)
if err != nil {
return err
}
err = deployCertificatesOnMasters(cpHosts, certs, forceDeploy) err = deployCertificatesOnMasters(cpHosts, certs, forceDeploy)
if err != nil { if err != nil {
return err return err
@ -103,6 +108,7 @@ func generateCerts(cpHosts []hosts.Host, clusterDomain string, KubernetesService
config: getKubeConfigX509("https://"+cpHosts[0].ControlPlaneIP+":6443", KubeProxyName, CACertPath, KubeProxyCertPath, KubeProxyKeyPath), config: getKubeConfigX509("https://"+cpHosts[0].ControlPlaneIP+":6443", KubeProxyName, CACertPath, KubeProxyCertPath, KubeProxyKeyPath),
} }
// generate Kubelet certificate and key
logrus.Infof("[certificates] Generating Node certificate") logrus.Infof("[certificates] Generating Node certificate")
nodeCrt, nodeKey, err := generateClientCertAndKey(caCrt, caKey, KubeNodeCommonName, []string{KubeNodeOrganizationName}) nodeCrt, nodeKey, err := generateClientCertAndKey(caCrt, caKey, KubeNodeCommonName, []string{KubeNodeOrganizationName})
if err != nil { if err != nil {
@ -117,6 +123,25 @@ func generateCerts(cpHosts []hosts.Host, clusterDomain string, KubernetesService
return certs, nil return certs, nil
} }
func generateAdminCerts(certs map[string]CertificatePKI, clusterDomain string, cpHosts []hosts.Host, forceDeploy bool) error {
// generate API certificate and key
caCrt, caKey := certs[CACertName].certificate, certs[CACertName].key
kubeAdminCrt, kubeAdminKey, err := generateClientCertAndKey(caCrt, caKey, KubeAdminCommonName, []string{KubeAdminOrganizationName})
if err != nil {
return err
}
logrus.Debugf("[certificates] Kube Admin Certificate: %s", string(cert.EncodeCertPEM(kubeAdminCrt)))
kubeAdminConfig := getKubeConfigX509WithData(
"https://"+cpHosts[0].IP+":6443",
KubeAdminCommonName,
string(cert.EncodeCertPEM(caCrt)),
string(cert.EncodeCertPEM(kubeAdminCrt)),
string(cert.EncodePrivateKeyPEM(kubeAdminKey)))
err = deployAdminConfig(kubeAdminConfig, forceDeploy)
return err
}
func generateClientCertAndKey(caCrt *x509.Certificate, caKey *rsa.PrivateKey, commonName string, orgs []string) (*x509.Certificate, *rsa.PrivateKey, error) { func generateClientCertAndKey(caCrt *x509.Certificate, caKey *rsa.PrivateKey, commonName string, orgs []string) (*x509.Certificate, *rsa.PrivateKey, error) {
rootKey, err := cert.NewPrivateKey() rootKey, err := cert.NewPrivateKey()
if err != nil { if err != nil {