scottk/kubernetes
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/kubernetes.git synced 2025-11-03 19:58:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #39629 from deads2k/generic-18-move-ssh

Browse Source 
Automatic merge from submit-queue

move tunneler out of generic

moves the tunneler out of genericapiserver and under master where its used.

@sttts
This commit is contained in:
Kubernetes Submit Queue
2017-01-12 10:33:49 -08:00
committed by GitHub
parent 9350af311e 9a8bf348a6
commit 1144c2b64c
8 changed files with 71 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
cmd/kube-apiserver/app/BUILD
View File

@@ -33,6 +33,7 @@ go_library(
"//pkg/kubeapiserver/admission:go_default_library",
"//pkg/kubeapiserver/authenticator:go_default_library",
"//pkg/master:go_default_library",
"//pkg/master/tunneler:go_default_library",
"//pkg/registry/cachesize:go_default_library",
"//pkg/version:go_default_library",
"//plugin/pkg/admission/admit:go_default_library",

23
cmd/kube-apiserver/app/server.go
View File

@@ -57,6 +57,7 @@ import (
kubeadmission "k8s.io/kubernetes/pkg/kubeapiserver/admission"
kubeauthenticator "k8s.io/kubernetes/pkg/kubeapiserver/authenticator"
"k8s.io/kubernetes/pkg/master"
"k8s.io/kubernetes/pkg/master/tunneler"
"k8s.io/kubernetes/pkg/registry/cachesize"
"k8s.io/kubernetes/pkg/version"
)
@@ -123,19 +124,19 @@ func Run(s *options.ServerRunOptions) error {
PerConnectionBandwidthLimitBytesPerSec: s.MaxConnectionBytesPerSec,
})
// Setup tunneler if needed
var tunneler genericapiserver.Tunneler
// Setup nodeTunneler if needed
var nodeTunneler tunneler.Tunneler
var proxyDialerFn utilnet.DialFunc
if len(s.SSHUser) > 0 {
// Get ssh key distribution func, if supported
var installSSH genericapiserver.InstallSSHKey
var installSSHKey tunneler.InstallSSHKey
cloud, err := cloudprovider.InitCloudProvider(s.CloudProvider.CloudProvider, s.CloudProvider.CloudConfigFile)
if err != nil {
return fmt.Errorf("cloud provider could not be initialized: %v", err)
}
if cloud != nil {
if instances, supported := cloud.Instances(); supported {
installSSH = instances.AddSSHKeyToAllInstances
installSSHKey = instances.AddSSHKeyToAllInstances
}
}
if s.KubeletConfig.Port == 0 {
@@ -144,7 +145,7 @@ func Run(s *options.ServerRunOptions) error {
if s.KubeletConfig.ReadOnlyPort == 0 {
return fmt.Errorf("must enable kubelet readonly port if proxy ssh-tunneling is specified")
}
// Set up the tunneler
// Set up the nodeTunneler
// TODO(cjcullen): If we want this to handle per-kubelet ports or other
// kubelet listen-addresses, we need to plumb through options.
healthCheckPath := &url.URL{
@@ -152,12 +153,12 @@ func Run(s *options.ServerRunOptions) error {
Host: net.JoinHostPort("127.0.0.1", strconv.FormatUint(uint64(s.KubeletConfig.ReadOnlyPort), 10)),
Path: "healthz",
}
tunneler = genericapiserver.NewSSHTunneler(s.SSHUser, s.SSHKeyfile, healthCheckPath, installSSH)
nodeTunneler = tunneler.New(s.SSHUser, s.SSHKeyfile, healthCheckPath, installSSHKey)
// Use the tunneler's dialer to connect to the kubelet
s.KubeletConfig.Dial = tunneler.Dial
// Use the tunneler's dialer when proxying to pods, services, and nodes
proxyDialerFn = tunneler.Dial
// Use the nodeTunneler's dialer to connect to the kubelet
s.KubeletConfig.Dial = nodeTunneler.Dial
// Use the nodeTunneler's dialer when proxying to pods, services, and nodes
proxyDialerFn = nodeTunneler.Dial
}
// Proxying to pods and services is IP-based... don't expect to be able to verify the hostname
@@ -311,7 +312,7 @@ func Run(s *options.ServerRunOptions) error {
EnableLogsSupport: true,
ProxyTransport: proxyTransport,
Tunneler: tunneler,
Tunneler: nodeTunneler,
ServiceIPRange: serviceIPRange,
APIServerServiceIP: apiServerServiceIP,

8
pkg/genericapiserver/BUILD
View File

@@ -23,7 +23,6 @@ go_library(
"resource_encoding_config.go",
"serve.go",
"storage_factory.go",
"tunneler.go",
],
tags = ["automanaged"],
deps = [
@@ -42,11 +41,8 @@ go_library(
"//pkg/genericapiserver/mux:go_default_library",
"//pkg/genericapiserver/options:go_default_library",
"//pkg/genericapiserver/routes:go_default_library",
"//pkg/ssh:go_default_library",
"//pkg/storage/storagebackend:go_default_library",
"//pkg/util:go_default_library",
"//pkg/util/cert:go_default_library",
"//pkg/util/clock:go_default_library",
"//pkg/util/config:go_default_library",
"//pkg/version:go_default_library",
"//vendor:github.com/coreos/go-systemd/daemon",
@@ -56,7 +52,6 @@ go_library(
"//vendor:github.com/golang/glog",
"//vendor:github.com/pborman/uuid",
"//vendor:github.com/pkg/errors",
"//vendor:github.com/prometheus/client_golang/prometheus",
"//vendor:gopkg.in/natefinch/lumberjack.v2",
"//vendor:k8s.io/apimachinery/pkg/apimachinery",
"//vendor:k8s.io/apimachinery/pkg/apimachinery/registered",
@@ -69,7 +64,6 @@ go_library(
"//vendor:k8s.io/apimachinery/pkg/util/runtime",
"//vendor:k8s.io/apimachinery/pkg/util/sets",
"//vendor:k8s.io/apimachinery/pkg/util/validation",
"//vendor:k8s.io/apimachinery/pkg/util/wait",
"//vendor:k8s.io/apiserver/pkg/authentication/authenticator",
"//vendor:k8s.io/apiserver/pkg/authentication/request/union",
"//vendor:k8s.io/apiserver/pkg/authentication/user",
@@ -88,7 +82,6 @@ go_test(
"serve_test.go",
"server_run_options_test.go",
"storage_factory_test.go",
"tunneler_test.go",
],
library = ":go_default_library",
tags = ["automanaged"],
@@ -107,7 +100,6 @@ go_test(
"//pkg/storage/etcd/testing:go_default_library",
"//pkg/storage/storagebackend:go_default_library",
"//pkg/util/cert:go_default_library",
"//pkg/util/clock:go_default_library",
"//pkg/util/config:go_default_library",
"//pkg/version:go_default_library",
"//vendor:github.com/go-openapi/spec",

2
pkg/master/BUILD
View File

@@ -52,6 +52,7 @@ go_library(
"//pkg/genericapiserver:go_default_library",
"//pkg/kubelet/client:go_default_library",
"//pkg/master/thirdparty:go_default_library",
"//pkg/master/tunneler:go_default_library",
"//pkg/registry/apps/rest:go_default_library",
"//pkg/registry/authentication/rest:go_default_library",
"//pkg/registry/authorization/rest:go_default_library",
@@ -148,6 +149,7 @@ filegroup(
":package-srcs",
"//pkg/master/ports:all-srcs",
"//pkg/master/thirdparty:all-srcs",
"//pkg/master/tunneler:all-srcs",
],
tags = ["automanaged"],
)

11
pkg/master/master.go
View File

@@ -45,6 +45,7 @@ import (
"k8s.io/kubernetes/pkg/genericapiserver"
kubeletclient "k8s.io/kubernetes/pkg/kubelet/client"
"k8s.io/kubernetes/pkg/master/thirdparty"
"k8s.io/kubernetes/pkg/master/tunneler"
"k8s.io/kubernetes/pkg/registry/generic"
genericregistry "k8s.io/kubernetes/pkg/registry/generic/registry"
"k8s.io/kubernetes/pkg/routes"
@@ -86,7 +87,7 @@ type Config struct {
KubeletClientConfig kubeletclient.KubeletClientConfig
// Used to start and monitor tunneling
Tunneler genericapiserver.Tunneler
Tunneler tunneler.Tunneler
EnableUISupport bool
EnableLogsSupport bool
ProxyTransport http.RoundTripper
@@ -283,13 +284,13 @@ func (m *Master) InstallLegacyAPI(c *Config, restOptionsGetter generic.RESTOptio
}
}
func (m *Master) installTunneler(tunneler genericapiserver.Tunneler, nodeClient corev1client.NodeInterface) {
tunneler.Run(nodeAddressProvider{nodeClient}.externalAddresses)
m.GenericAPIServer.AddHealthzChecks(healthz.NamedCheck("SSH Tunnel Check", genericapiserver.TunnelSyncHealthChecker(tunneler)))
func (m *Master) installTunneler(nodeTunneler tunneler.Tunneler, nodeClient corev1client.NodeInterface) {
nodeTunneler.Run(nodeAddressProvider{nodeClient}.externalAddresses)
m.GenericAPIServer.AddHealthzChecks(healthz.NamedCheck("SSH Tunnel Check", tunneler.TunnelSyncHealthChecker(nodeTunneler)))
prometheus.NewGaugeFunc(prometheus.GaugeOpts{
Name: "apiserver_proxy_tunnel_sync_latency_secs",
Help: "The time since the last successful synchronization of the SSH tunnels for proxy requests.",
}, func() float64 { return float64(tunneler.SecondsSinceSync()) })
}, func() float64 { return float64(nodeTunneler.SecondsSinceSync()) })
}
// RESTStorageProvider is a factory type for REST storage.

47
pkg/master/tunneler/BUILD Normal file
View File

@@ -0,0 +1,47 @@
package(default_visibility = ["//visibility:public"])
licenses(["notice"])
load(
"@io_bazel_rules_go//go:def.bzl",
"go_library",
"go_test",
)
go_test(
name = "go_default_test",
srcs = ["ssh_test.go"],
library = ":go_default_library",
tags = ["automanaged"],
deps = [
"//pkg/util/clock:go_default_library",
"//vendor:github.com/stretchr/testify/assert",
],
)
go_library(
name = "go_default_library",
srcs = ["ssh.go"],
tags = ["automanaged"],
deps = [
"//pkg/ssh:go_default_library",
"//pkg/util:go_default_library",
"//pkg/util/clock:go_default_library",
"//vendor:github.com/golang/glog",
"//vendor:github.com/prometheus/client_golang/prometheus",
"//vendor:k8s.io/apimachinery/pkg/util/wait",
],
)
filegroup(
name = "package-srcs",
srcs = glob(["**"]),
tags = ["automanaged"],
visibility = ["//visibility:private"],
)
filegroup(
name = "all-srcs",
srcs = [":package-srcs"],
tags = ["automanaged"],
)

4
pkg/genericapiserver/tunneler.go → pkg/master/tunneler/ssh.go
View File

@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
limitations under the License.
*/
package genericapiserver
package tunneler
import (
"fmt"
@@ -85,7 +85,7 @@ type SSHTunneler struct {
stopChan chan struct{}
}
func NewSSHTunneler(sshUser, sshKeyfile string, healthCheckURL *url.URL, installSSHKey InstallSSHKey) Tunneler {
func New(sshUser, sshKeyfile string, healthCheckURL *url.URL, installSSHKey InstallSSHKey) Tunneler {
return &SSHTunneler{
SSHUser: sshUser,
SSHKeyfile: sshKeyfile,

2
pkg/genericapiserver/tunneler_test.go → pkg/master/tunneler/ssh_test.go
View File

@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
limitations under the License.
*/
package genericapiserver
package tunneler
import (
"fmt"