rancher/rke
1
0
Fork 0
mirror of https://github.com/rancher/rke.git synced 2025-04-28 19:43:26 +00:00
Code Issues Releases Wiki Activity

Add auditlog checksum to trigger restart on update

Browse Source
This commit is contained in:
Sebastiaan van Steenis 2020-12-10 15:41:13 +01:00
parent 5824366b06
commit 5e50b51b13
1 changed files with 14 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
cluster/plan.go
View File

@ -21,6 +21,7 @@ import (
v3 "github.com/rancher/rke/types"
"github.com/rancher/rke/util"
"github.com/sirupsen/logrus"
"sigs.k8s.io/yaml"
)
const (
@ -39,6 +40,7 @@ const (
EtcdPathPrefix = "/registry"
CloudConfigSumEnv = "RKE_CLOUD_CONFIG_CHECKSUM"
CloudProviderNameEnv = "RKE_CLOUD_PROVIDER_NAME"
AuditLogConfigSumEnv = "RKE_AUDITLOG_CONFIG_CHECKSUM"
DefaultToolsEntrypoint = "/opt/rke-tools/entrypoint.sh"
DefaultToolsEntrypointVersion = "0.1.13"
@ -191,7 +193,7 @@ func (c *Cluster) BuildKubeAPIProcess(host *hosts.Host, serviceOptions v3.Kubern
if len(c.CloudProvider.Name) > 0 {
c.Services.KubeAPI.ExtraEnv = append(
c.Services.KubeAPI.ExtraEnv,
fmt.Sprintf("%s=%s", CloudConfigSumEnv, getCloudConfigChecksum(c.CloudConfigFile)))
fmt.Sprintf("%s=%s", CloudConfigSumEnv, getStringChecksum(c.CloudConfigFile)))
}
if c.EncryptionConfig.EncryptionProviderFile != "" {
CommandArgs[EncryptionProviderConfigArgument] = EncryptionProviderFilePath
@ -265,6 +267,14 @@ func (c *Cluster) BuildKubeAPIProcess(host *hosts.Host, serviceOptions v3.Kubern
}
if c.Services.KubeAPI.AuditLog != nil && c.Services.KubeAPI.AuditLog.Enabled {
Binds = append(Binds, fmt.Sprintf("%s:/var/log/kube-audit:z", path.Join(host.PrefixPath, "/var/log/kube-audit")))
bytes, err := yaml.Marshal(c.Services.KubeAPI.AuditLog.Configuration.Policy)
if err != nil {
logrus.Warnf("Error while marshalling auditlog policy: %v", err)
}
c.Services.KubeAPI.ExtraEnv = append(
c.Services.KubeAPI.ExtraEnv,
fmt.Sprintf("%s=%s", AuditLogConfigSumEnv, getStringChecksum(string(bytes))))
}
// Override args if they exist, add additional args
@ -323,7 +333,7 @@ func (c *Cluster) BuildKubeControllerProcess(host *hosts.Host, serviceOptions v3
if len(c.CloudProvider.Name) > 0 {
c.Services.KubeController.ExtraEnv = append(
c.Services.KubeController.ExtraEnv,
fmt.Sprintf("%s=%s", CloudConfigSumEnv, getCloudConfigChecksum(c.CloudConfigFile)))
fmt.Sprintf("%s=%s", CloudConfigSumEnv, getStringChecksum(c.CloudConfigFile)))
}
if serviceOptions.KubeController != nil {
@ -499,7 +509,7 @@ func (c *Cluster) BuildKubeletProcess(host *hosts.Host, serviceOptions v3.Kubern
if len(c.CloudProvider.Name) > 0 {
Env = append(Env,
fmt.Sprintf("%s=%s", CloudConfigSumEnv, getCloudConfigChecksum(c.CloudConfigFile)))
fmt.Sprintf("%s=%s", CloudConfigSumEnv, getStringChecksum(c.CloudConfigFile)))
}
if len(c.PrivateRegistriesMap) > 0 {
kubeletDockerConfig, _ := docker.GetKubeletDockerConfig(c.PrivateRegistriesMap)
@ -1046,7 +1056,7 @@ func (c *Cluster) getDefaultKubernetesServicesOptions(osType string) (v3.Kuberne
return v3.KubernetesServicesOptions{}, fmt.Errorf("getDefaultKubernetesServicesOptions: No serviceOptions found for cluster version [%s] or cluster major version [%s]", c.Version, clusterMajorVersion)
}
func getCloudConfigChecksum(config string) string {
func getStringChecksum(config string) string {
configByteSum := md5.Sum([]byte(config))
return fmt.Sprintf("%x", configByteSum)
}