rancher/rke
1
0
Fork 0
mirror of https://github.com/rancher/rke.git synced 2025-06-30 09:12:55 +00:00
Code Issues Releases Wiki Activity

Merge pull request #298 from moelsayed/refactor_cert_deploy

Browse Source 
Refactor certificates deployment
This commit is contained in:
Alena Prokharchyk 2018-02-01 14:11:55 -08:00 committed by GitHub
commit ebb64ec3f9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 34 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
cluster/hosts.go
View File

@ -10,6 +10,7 @@ import (
"github.com/rancher/rke/pki" "github.com/rancher/rke/pki"
"github.com/rancher/rke/services" "github.com/rancher/rke/services"
"github.com/sirupsen/logrus" "github.com/sirupsen/logrus"
"golang.org/x/sync/errgroup"
) )
const ( const (
@ -96,14 +97,16 @@ func (c *Cluster) InvertIndexHosts() error {
func (c *Cluster) SetUpHosts(ctx context.Context) error { func (c *Cluster) SetUpHosts(ctx context.Context) error {
if c.Authentication.Strategy == X509AuthenticationProvider { if c.Authentication.Strategy == X509AuthenticationProvider {
log.Infof(ctx, "[certificates] Deploying kubernetes certificates to Cluster nodes") log.Infof(ctx, "[certificates] Deploying kubernetes certificates to Cluster nodes")
if err := pki.DeployCertificatesOnMasters(ctx, c.ControlPlaneHosts, c.Certificates, c.SystemImages.CertDownloader, c.PrivateRegistriesMap); err != nil { hosts := c.getUniqueHostList()
return err var errgrp errgroup.Group
for _, host := range hosts {
runHost := host
errgrp.Go(func() error {
return pki.DeployCertificatesOnPlaneHost(ctx, runHost, c.EtcdHosts, c.Certificates, c.SystemImages.CertDownloader, c.PrivateRegistriesMap)
})
} }
if err := pki.DeployCertificatesOnWorkers(ctx, c.WorkerHosts, c.Certificates, c.SystemImages.CertDownloader, c.PrivateRegistriesMap); err != nil { if err := errgrp.Wait(); err != nil {
return err
}
// Deploying etcd certificates
if err := pki.DeployCertificatesOnEtcd(ctx, c.EtcdHosts, c.Certificates, c.SystemImages.CertDownloader, c.PrivateRegistriesMap); err != nil {
return err return err
} }

89
pki/deploy.go
View File

@ -20,76 +20,35 @@ import (
"k8s.io/client-go/util/cert" "k8s.io/client-go/util/cert"
) )
func DeployCertificatesOnMasters(ctx context.Context, cpHosts []*hosts.Host, crtMap map[string]CertificatePKI, certDownloaderImage string, prsMap map[string]v3.PrivateRegistry) error { func DeployCertificatesOnPlaneHost(ctx context.Context, host *hosts.Host, etcdHosts []*hosts.Host, crtMap map[string]CertificatePKI, certDownloaderImage string, prsMap map[string]v3.PrivateRegistry) error {
// list of certificates that should be deployed on the masters certList := []string{}
crtList := []string{ if host.IsControl {
CACertName, certList = []string{
KubeAPICertName, CACertName,
KubeControllerCertName, KubeAPICertName,
KubeSchedulerCertName, KubeControllerCertName,
KubeProxyCertName, KubeSchedulerCertName,
KubeNodeCertName, KubeProxyCertName,
KubeNodeCertName,
}
} else {
certList = []string{
CACertName,
KubeProxyCertName,
KubeNodeCertName,
}
}
if host.IsEtcd {
for _, host := range etcdHosts {
certList = append(certList, GetEtcdCrtName(host.InternalAddress))
}
} }
env := []string{} env := []string{}
for _, crtName := range crtList { for _, crtName := range certList {
c := crtMap[crtName] c := crtMap[crtName]
env = append(env, c.ToEnv()...) env = append(env, c.ToEnv()...)
} }
return doRunDeployer(ctx, host, env, certDownloaderImage, prsMap)
for i := range cpHosts {
err := doRunDeployer(ctx, cpHosts[i], env, certDownloaderImage, prsMap)
if err != nil {
return err
}
}
return nil
}
func DeployCertificatesOnWorkers(ctx context.Context, workerHosts []*hosts.Host, crtMap map[string]CertificatePKI, certDownloaderImage string, prsMap map[string]v3.PrivateRegistry) error {
// list of certificates that should be deployed on the workers
crtList := []string{
CACertName,
KubeProxyCertName,
KubeNodeCertName,
}
env := []string{}
for _, crtName := range crtList {
c := crtMap[crtName]
env = append(env, c.ToEnv()...)
}
for i := range workerHosts {
err := doRunDeployer(ctx, workerHosts[i], env, certDownloaderImage, prsMap)
if err != nil {
return err
}
}
return nil
}
func DeployCertificatesOnEtcd(ctx context.Context, etcdHosts []*hosts.Host, crtMap map[string]CertificatePKI, certDownloaderImage string, prsMap map[string]v3.PrivateRegistry) error {
// list of certificates that should be deployed on the etcd
crtList := []string{
CACertName,
KubeProxyCertName,
KubeNodeCertName,
}
for _, host := range etcdHosts {
crtList = append(crtList, GetEtcdCrtName(host.InternalAddress))
}
env := []string{}
for _, crtName := range crtList {
c := crtMap[crtName]
env = append(env, c.ToEnv()...)
}
for i := range etcdHosts {
err := doRunDeployer(ctx, etcdHosts[i], env, certDownloaderImage, prsMap)
if err != nil {
return err
}
}
return nil
} }
func doRunDeployer(ctx context.Context, host *hosts.Host, containerEnv []string, certDownloaderImage string, prsMap map[string]v3.PrivateRegistry) error { func doRunDeployer(ctx context.Context, host *hosts.Host, containerEnv []string, certDownloaderImage string, prsMap map[string]v3.PrivateRegistry) error {