mirror of
https://github.com/optim-enterprises-bv/kubernetes.git
synced 2025-11-03 19:58:17 +00:00
Write ca.crt down to disk in kubeadm join
This commit is contained in:
Lucas Käldström
@@ -25,6 +25,7 @@ go_library(
|
|||||||
"//cmd/kubeadm/app/apis/kubeadm/v1alpha1:go_default_library",
|
"//cmd/kubeadm/app/apis/kubeadm/v1alpha1:go_default_library",
|
||||||
"//cmd/kubeadm/app/apis/kubeadm/validation:go_default_library",
|
"//cmd/kubeadm/app/apis/kubeadm/validation:go_default_library",
|
||||||
"//cmd/kubeadm/app/cmd/flags:go_default_library",
|
"//cmd/kubeadm/app/cmd/flags:go_default_library",
|
||||||
|
"//cmd/kubeadm/app/constants:go_default_library",
|
||||||
"//cmd/kubeadm/app/discovery:go_default_library",
|
"//cmd/kubeadm/app/discovery:go_default_library",
|
||||||
"//cmd/kubeadm/app/master:go_default_library",
|
"//cmd/kubeadm/app/master:go_default_library",
|
||||||
"//cmd/kubeadm/app/node:go_default_library",
|
"//cmd/kubeadm/app/node:go_default_library",
|
||||||
@@ -46,6 +47,7 @@ go_library(
|
|||||||
"//vendor:k8s.io/apimachinery/pkg/fields",
|
"//vendor:k8s.io/apimachinery/pkg/fields",
|
||||||
"//vendor:k8s.io/apimachinery/pkg/runtime",
|
"//vendor:k8s.io/apimachinery/pkg/runtime",
|
||||||
"//vendor:k8s.io/apimachinery/pkg/util/net",
|
"//vendor:k8s.io/apimachinery/pkg/util/net",
|
||||||
|
"//vendor:k8s.io/client-go/pkg/util/cert",
|
||||||
],
|
],
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|||||||
@@ -20,15 +20,17 @@ import (
|
|||||||
"fmt"
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"path"
|
"path/filepath"
|
||||||
|
|
||||||
"github.com/renstrom/dedent"
|
"github.com/renstrom/dedent"
|
||||||
"github.com/spf13/cobra"
|
"github.com/spf13/cobra"
|
||||||
|
|
||||||
"k8s.io/apimachinery/pkg/runtime"
|
"k8s.io/apimachinery/pkg/runtime"
|
||||||
|
certutil "k8s.io/client-go/pkg/util/cert"
|
||||||
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
|
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
|
||||||
kubeadmapiext "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1alpha1"
|
kubeadmapiext "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1alpha1"
|
||||||
"k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/validation"
|
"k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/validation"
|
||||||
|
kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants"
|
||||||
"k8s.io/kubernetes/cmd/kubeadm/app/discovery"
|
"k8s.io/kubernetes/cmd/kubeadm/app/discovery"
|
||||||
kubenode "k8s.io/kubernetes/cmd/kubeadm/app/node"
|
kubenode "k8s.io/kubernetes/cmd/kubeadm/app/node"
|
||||||
kubeconfigphase "k8s.io/kubernetes/cmd/kubeadm/app/phases/kubeconfig"
|
kubeconfigphase "k8s.io/kubernetes/cmd/kubeadm/app/phases/kubeconfig"
|
||||||
@@ -136,10 +138,20 @@ func (j *Join) Run(out io.Writer) error {
|
|||||||
if err := kubenode.PerformTLSBootstrap(cfg); err != nil {
|
if err := kubenode.PerformTLSBootstrap(cfg); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
if err := kubeconfigphase.WriteKubeconfigToDisk(path.Join(kubeadmapi.GlobalEnvParams.KubernetesDir, kubeconfigphase.KubeletKubeConfigFileName), cfg); err != nil {
|
|
||||||
|
kubeconfigFile := filepath.Join(kubeadmapi.GlobalEnvParams.KubernetesDir, kubeconfigphase.KubeletKubeConfigFileName)
|
||||||
|
if err := kubeconfigphase.WriteKubeconfigToDisk(kubeconfigFile, cfg); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Write the ca certificate to disk so kubelet can use it for authentication
|
||||||
|
cluster := cfg.Contexts[cfg.CurrentContext].Cluster
|
||||||
|
caCertFile := filepath.Join(kubeadmapi.GlobalEnvParams.KubernetesDir, kubeadmconstants.CACertName)
|
||||||
|
err = certutil.WriteCert(caCertFile, cfg.Clusters[cluster].CertificateAuthorityData)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("couldn't save the CA certificate to disk: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
fmt.Fprintf(out, joinDoneMsgf)
|
fmt.Fprintf(out, joinDoneMsgf)
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -21,12 +21,13 @@ import (
|
|||||||
"io"
|
"io"
|
||||||
"os"
|
"os"
|
||||||
"os/exec"
|
"os/exec"
|
||||||
"path"
|
"path/filepath"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"github.com/spf13/cobra"
|
"github.com/spf13/cobra"
|
||||||
|
|
||||||
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
|
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
|
||||||
|
kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants"
|
||||||
"k8s.io/kubernetes/cmd/kubeadm/app/phases/kubeconfig"
|
"k8s.io/kubernetes/cmd/kubeadm/app/phases/kubeconfig"
|
||||||
"k8s.io/kubernetes/cmd/kubeadm/app/preflight"
|
"k8s.io/kubernetes/cmd/kubeadm/app/preflight"
|
||||||
kubeadmutil "k8s.io/kubernetes/cmd/kubeadm/app/util"
|
kubeadmutil "k8s.io/kubernetes/cmd/kubeadm/app/util"
|
||||||
@@ -123,7 +124,7 @@ func (r *Reset) Run(out io.Writer) error {
|
|||||||
|
|
||||||
// Only clear etcd data when the etcd manifest is found. In case it is not found, we must assume that the user
|
// Only clear etcd data when the etcd manifest is found. In case it is not found, we must assume that the user
|
||||||
// provided external etcd endpoints. In that case, it is his own responsibility to reset etcd
|
// provided external etcd endpoints. In that case, it is his own responsibility to reset etcd
|
||||||
etcdManifestPath := path.Join(kubeadmapi.GlobalEnvParams.KubernetesDir, "manifests/etcd.json")
|
etcdManifestPath := filepath.Join(kubeadmapi.GlobalEnvParams.KubernetesDir, "manifests/etcd.json")
|
||||||
if _, err := os.Stat(etcdManifestPath); err == nil {
|
if _, err := os.Stat(etcdManifestPath); err == nil {
|
||||||
dirsToClean = append(dirsToClean, "/var/lib/etcd")
|
dirsToClean = append(dirsToClean, "/var/lib/etcd")
|
||||||
} else {
|
} else {
|
||||||
@@ -151,7 +152,7 @@ func drainAndRemoveNode(removeNode bool) error {
|
|||||||
hostname = strings.ToLower(hostname)
|
hostname = strings.ToLower(hostname)
|
||||||
|
|
||||||
// TODO: Use the "native" k8s client for this once we're confident the versioned is working
|
// TODO: Use the "native" k8s client for this once we're confident the versioned is working
|
||||||
kubeConfigPath := path.Join(kubeadmapi.GlobalEnvParams.KubernetesDir, kubeconfig.KubeletKubeConfigFileName)
|
kubeConfigPath := filepath.Join(kubeadmapi.GlobalEnvParams.KubernetesDir, kubeconfig.KubeletKubeConfigFileName)
|
||||||
|
|
||||||
getNodesCmd := fmt.Sprintf("kubectl --kubeconfig %s get nodes | grep %s", kubeConfigPath, hostname)
|
getNodesCmd := fmt.Sprintf("kubectl --kubeconfig %s get nodes | grep %s", kubeConfigPath, hostname)
|
||||||
output, err := exec.Command("sh", "-c", getNodesCmd).Output()
|
output, err := exec.Command("sh", "-c", getNodesCmd).Output()
|
||||||
@@ -180,14 +181,14 @@ func drainAndRemoveNode(removeNode bool) error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// cleanDir removes everything in a directory, but not the directory itself
|
// cleanDir removes everything in a directory, but not the directory itself
|
||||||
func cleanDir(filepath string) error {
|
func cleanDir(filePath string) error {
|
||||||
// If the directory doesn't even exist there's nothing to do, and we do
|
// If the directory doesn't even exist there's nothing to do, and we do
|
||||||
// not consider this an error
|
// not consider this an error
|
||||||
if _, err := os.Stat(filepath); os.IsNotExist(err) {
|
if _, err := os.Stat(filePath); os.IsNotExist(err) {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
d, err := os.Open(filepath)
|
d, err := os.Open(filePath)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
@@ -197,7 +198,7 @@ func cleanDir(filepath string) error {
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
for _, name := range names {
|
for _, name := range names {
|
||||||
err = os.RemoveAll(path.Join(filepath, name))
|
err = os.RemoveAll(filepath.Join(filePath, name))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
@@ -208,7 +209,7 @@ func cleanDir(filepath string) error {
|
|||||||
// resetConfigDir is used to cleanup the files kubeadm writes in /etc/kubernetes/.
|
// resetConfigDir is used to cleanup the files kubeadm writes in /etc/kubernetes/.
|
||||||
func resetConfigDir(configPathDir, pkiPathDir string) {
|
func resetConfigDir(configPathDir, pkiPathDir string) {
|
||||||
dirsToClean := []string{
|
dirsToClean := []string{
|
||||||
path.Join(configPathDir, "manifests"),
|
filepath.Join(configPathDir, "manifests"),
|
||||||
pkiPathDir,
|
pkiPathDir,
|
||||||
}
|
}
|
||||||
fmt.Printf("[reset] Deleting contents of config directories: %v\n", dirsToClean)
|
fmt.Printf("[reset] Deleting contents of config directories: %v\n", dirsToClean)
|
||||||
@@ -220,8 +221,9 @@ func resetConfigDir(configPathDir, pkiPathDir string) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
filesToClean := []string{
|
filesToClean := []string{
|
||||||
path.Join(configPathDir, kubeconfig.AdminKubeConfigFileName),
|
filepath.Join(configPathDir, kubeconfig.AdminKubeConfigFileName),
|
||||||
path.Join(configPathDir, kubeconfig.KubeletKubeConfigFileName),
|
filepath.Join(configPathDir, kubeconfig.KubeletKubeConfigFileName),
|
||||||
|
filepath.Join(configPathDir, kubeadmconstants.CACertName),
|
||||||
}
|
}
|
||||||
fmt.Printf("[reset] Deleting files: %v\n", filesToClean)
|
fmt.Printf("[reset] Deleting files: %v\n", filesToClean)
|
||||||
for _, path := range filesToClean {
|
for _, path := range filesToClean {
|
||||||
|
|||||||
@@ -14,6 +14,7 @@ go_library(
|
|||||||
tags = ["automanaged"],
|
tags = ["automanaged"],
|
||||||
deps = [
|
deps = [
|
||||||
"//cmd/kubeadm/app/apis/kubeadm:go_default_library",
|
"//cmd/kubeadm/app/apis/kubeadm:go_default_library",
|
||||||
|
"//cmd/kubeadm/app/constants:go_default_library",
|
||||||
"//cmd/kubeadm/app/phases/kubeconfig:go_default_library",
|
"//cmd/kubeadm/app/phases/kubeconfig:go_default_library",
|
||||||
"//pkg/api/validation:go_default_library",
|
"//pkg/api/validation:go_default_library",
|
||||||
"//pkg/util/initsystem:go_default_library",
|
"//pkg/util/initsystem:go_default_library",
|
||||||
|
|||||||
@@ -25,10 +25,11 @@ import (
|
|||||||
"net/http"
|
"net/http"
|
||||||
"os"
|
"os"
|
||||||
"os/exec"
|
"os/exec"
|
||||||
"path"
|
"path/filepath"
|
||||||
|
|
||||||
utilerrors "k8s.io/apimachinery/pkg/util/errors"
|
utilerrors "k8s.io/apimachinery/pkg/util/errors"
|
||||||
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
|
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
|
||||||
|
kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants"
|
||||||
"k8s.io/kubernetes/cmd/kubeadm/app/phases/kubeconfig"
|
"k8s.io/kubernetes/cmd/kubeadm/app/phases/kubeconfig"
|
||||||
"k8s.io/kubernetes/pkg/api/validation"
|
"k8s.io/kubernetes/pkg/api/validation"
|
||||||
"k8s.io/kubernetes/pkg/util/initsystem"
|
"k8s.io/kubernetes/pkg/util/initsystem"
|
||||||
@@ -213,7 +214,7 @@ func (fcc FileContentCheck) Check() (warnings, errors []error) {
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// InPathCheck checks if the given executable is present in the path.
|
// InPathCheck checks if the given executable is present in the path
|
||||||
type InPathCheck struct {
|
type InPathCheck struct {
|
||||||
executable string
|
executable string
|
||||||
mandatory bool
|
mandatory bool
|
||||||
@@ -318,7 +319,7 @@ func RunInitMasterChecks(cfg *kubeadmapi.MasterConfiguration) error {
|
|||||||
PortOpenCheck{port: 10251},
|
PortOpenCheck{port: 10251},
|
||||||
PortOpenCheck{port: 10252},
|
PortOpenCheck{port: 10252},
|
||||||
HTTPProxyCheck{Proto: "https", Host: cfg.API.AdvertiseAddresses[0], Port: int(cfg.API.Port)},
|
HTTPProxyCheck{Proto: "https", Host: cfg.API.AdvertiseAddresses[0], Port: int(cfg.API.Port)},
|
||||||
DirAvailableCheck{Path: path.Join(kubeadmapi.GlobalEnvParams.KubernetesDir, "manifests")},
|
DirAvailableCheck{Path: filepath.Join(kubeadmapi.GlobalEnvParams.KubernetesDir, "manifests")},
|
||||||
DirAvailableCheck{Path: "/var/lib/kubelet"},
|
DirAvailableCheck{Path: "/var/lib/kubelet"},
|
||||||
FileContentCheck{Path: bridgenf, Content: []byte{'1'}},
|
FileContentCheck{Path: bridgenf, Content: []byte{'1'}},
|
||||||
InPathCheck{executable: "ip", mandatory: true},
|
InPathCheck{executable: "ip", mandatory: true},
|
||||||
@@ -351,9 +352,10 @@ func RunJoinNodeChecks(cfg *kubeadmapi.NodeConfiguration) error {
|
|||||||
ServiceCheck{Service: "kubelet", CheckIfActive: false},
|
ServiceCheck{Service: "kubelet", CheckIfActive: false},
|
||||||
ServiceCheck{Service: "docker", CheckIfActive: true},
|
ServiceCheck{Service: "docker", CheckIfActive: true},
|
||||||
PortOpenCheck{port: 10250},
|
PortOpenCheck{port: 10250},
|
||||||
DirAvailableCheck{Path: path.Join(kubeadmapi.GlobalEnvParams.KubernetesDir, "manifests")},
|
DirAvailableCheck{Path: filepath.Join(kubeadmapi.GlobalEnvParams.KubernetesDir, "manifests")},
|
||||||
DirAvailableCheck{Path: "/var/lib/kubelet"},
|
DirAvailableCheck{Path: "/var/lib/kubelet"},
|
||||||
FileAvailableCheck{Path: path.Join(kubeadmapi.GlobalEnvParams.KubernetesDir, kubeconfig.KubeletKubeConfigFileName)},
|
FileAvailableCheck{Path: filepath.Join(kubeadmapi.GlobalEnvParams.KubernetesDir, kubeadmconstants.CACertName)},
|
||||||
|
FileAvailableCheck{Path: filepath.Join(kubeadmapi.GlobalEnvParams.KubernetesDir, kubeconfig.KubeletKubeConfigFileName)},
|
||||||
FileContentCheck{Path: bridgenf, Content: []byte{'1'}},
|
FileContentCheck{Path: bridgenf, Content: []byte{'1'}},
|
||||||
InPathCheck{executable: "ip", mandatory: true},
|
InPathCheck{executable: "ip", mandatory: true},
|
||||||
InPathCheck{executable: "iptables", mandatory: true},
|
InPathCheck{executable: "iptables", mandatory: true},
|
||||||
|
|||||||
Reference in New Issue
Block a user