Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
K
k3s
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Jacklull
k3s
Commits
43821684
Commit
43821684
authored
Aug 21, 2015
by
Jeff Lowdermilk
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Stop reusing basic auth on cluster create
parent
185b5af2
Hide whitespace changes
Inline
Side-by-side
Showing
12 changed files
with
46 additions
and
157 deletions
+46
-157
util.sh
cluster/aws/util.sh
+4
-20
util.sh
cluster/azure/util.sh
+4
-16
common.sh
cluster/common.sh
+18
-0
util.sh
cluster/gce/util.sh
+6
-36
util.sh
cluster/gke/util.sh
+0
-19
util.sh
cluster/juju/util.sh
+0
-4
kube-util.sh
cluster/kube-util.sh
+0
-5
util.sh
cluster/libvirt-coreos/util.sh
+1
-1
util.sh
cluster/rackspace/util.sh
+3
-15
util.sh
cluster/ubuntu/util.sh
+1
-15
util.sh
cluster/vagrant/util.sh
+5
-10
util.sh
cluster/vsphere/util.sh
+4
-16
No files found.
cluster/aws/util.sh
View file @
43821684
...
...
@@ -544,24 +544,6 @@ function upload-server-tars() {
SALT_TAR_URL
=
"
${
s3_url_base
}
/
${
AWS_S3_BUCKET
}
/
${
salt_tar_path
}
"
}
# Ensure that we have a password created for validating to the master. Will
# read from kubeconfig for the current context if available.
#
# Assumed vars
# KUBE_ROOT
#
# Vars set:
# KUBE_USER
# KUBE_PASSWORD
function
get-password
{
get-kubeconfig-basicauth
if
[[
-z
"
${
KUBE_USER
}
"
||
-z
"
${
KUBE_PASSWORD
}
"
]]
;
then
KUBE_USER
=
admin
KUBE_PASSWORD
=
$(
python
-c
'import string,random; print "".join(random.SystemRandom().choice(string.ascii_letters + string.digits) for _ in range(16))'
)
fi
}
# Adds a tag to an AWS resource
# usage: add-tag <resource-id> <tag-name> <tag-value>
function
add-tag
{
...
...
@@ -681,7 +663,7 @@ function kube-up {
ensure-iam-profiles
ge
t-password
ge
n-kube-basicauth
if
[[
!
-f
"
$AWS_SSH_KEY
"
]]
;
then
ssh-keygen
-f
"
$AWS_SSH_KEY
"
-N
''
...
...
@@ -1082,6 +1064,8 @@ function kube-up {
done
done
# ensures KUBECONFIG is set
get-kubeconfig-basicauth
echo
echo
-e
"
${
color_green
}
Kubernetes cluster is running. The master is running at:"
echo
...
...
@@ -1241,7 +1225,7 @@ function kube-push {
echo
"sudo salt --force-color '*' state.highstate"
)
| ssh
-oStrictHostKeyChecking
=
no
-i
"
${
AWS_SSH_KEY
}
"
${
SSH_USER
}
@
${
KUBE_MASTER_IP
}
sudo
bash
get-
password
get-
kubeconfig-basicauth
echo
echo
"Kubernetes cluster is running. The master is running at:"
...
...
cluster/azure/util.sh
View file @
43821684
...
...
@@ -242,20 +242,6 @@ function detect-master () {
echo
"Using master:
$KUBE_MASTER
(external IP:
$KUBE_MASTER_IP
)"
}
# Ensure that we have a password created for validating to the master. Will
# read from kubeconfig current-context if available.
#
# Vars set:
# KUBE_USER
# KUBE_PASSWORD
function
get-password
{
get-kubeconfig-basicauth
if
[[
-z
"
${
KUBE_USER
}
"
||
-z
"
${
KUBE_PASSWORD
}
"
]]
;
then
KUBE_USER
=
admin
KUBE_PASSWORD
=
$(
python
-c
'import string,random; print "".join(random.SystemRandom().choice(string.ascii_letters + string.digits) for _ in range(16))'
)
fi
}
# Instantiate a kubernetes cluster
#
# Assumed vars
...
...
@@ -268,7 +254,7 @@ function kube-up {
ensure-temp-dir
ge
t-password
ge
n-kube-basicauth
python
"
${
KUBE_ROOT
}
/third_party/htpasswd/htpasswd.py"
\
-b
-c
"
${
KUBE_TEMP
}
/htpasswd"
"
$KUBE_USER
"
"
$KUBE_PASSWORD
"
local
htpasswd
...
...
@@ -442,6 +428,8 @@ function kube-up {
done
done
# ensures KUBECONFIG is set
get-kubeconfig-basicauth
echo
echo
"Kubernetes cluster is running. The master is running at:"
echo
...
...
@@ -486,7 +474,7 @@ function kube-down {
# echo "sudo salt --force-color '*' state.highstate"
# ) | gcutil ssh --project "$PROJECT" --zone "$ZONE" "$KUBE_MASTER" sudo bash
# get-
password
# get-
kubeconfig-basicauth
# echo
# echo "Kubernetes cluster is running. The master is running at:"
...
...
cluster/common.sh
View file @
43821684
...
...
@@ -146,6 +146,16 @@ function get-kubeconfig-basicauth() {
fi
}
# Generate basic auth user and password.
# Vars set:
# KUBE_USER
# KUBE_PASSWORD
function
gen-kube-basicauth
()
{
KUBE_USER
=
admin
KUBE_PASSWORD
=
$(
python
-c
'import string,random; print "".join(random.SystemRandom().choice(string.ascii_letters + string.digits) for _ in range(16))'
)
}
# Get the bearer token for the current-context in kubeconfig if one exists.
# Assumed vars:
# KUBECONFIG # if unset, defaults to global
...
...
@@ -171,6 +181,14 @@ function get-kubeconfig-bearertoken() {
fi
}
# Generate bearer token.
#
# Vars set:
# KUBE_BEARER_TOKEN
function
gen-kube-bearertoken
()
{
KUBE_BEARER_TOKEN
=
$(
dd
if
=
/dev/urandom
bs
=
128
count
=
1 2>/dev/null |
base64
|
tr
-d
"=+/"
|
dd
bs
=
32
count
=
1 2>/dev/null
)
}
# Get the master IP for the current-context in kubeconfig if one exists.
#
# Assumed vars:
...
...
cluster/gce/util.sh
View file @
43821684
...
...
@@ -304,38 +304,6 @@ function detect-master () {
echo
"Using master:
$KUBE_MASTER
(external IP:
$KUBE_MASTER_IP
)"
}
# Ensure that we have a password created for validating to the master. Will
# read from kubeconfig for the current context if available.
#
# Assumed vars
# KUBE_ROOT
#
# Vars set:
# KUBE_USER
# KUBE_PASSWORD
function
get-password
{
get-kubeconfig-basicauth
if
[[
-z
"
${
KUBE_USER
}
"
||
-z
"
${
KUBE_PASSWORD
}
"
]]
;
then
KUBE_USER
=
admin
KUBE_PASSWORD
=
$(
python
-c
'import string,random; print "".join(random.SystemRandom().choice(string.ascii_letters + string.digits) for _ in range(16))'
)
fi
}
# Ensure that we have a bearer token created for validating to the master.
# Will read from kubeconfig for the current context if available.
#
# Assumed vars
# KUBE_ROOT
#
# Vars set:
# KUBE_BEARER_TOKEN
function
get-bearer-token
()
{
get-kubeconfig-bearertoken
if
[[
-z
"
${
KUBE_BEARER_TOKEN
:-}
"
]]
;
then
KUBE_BEARER_TOKEN
=
$(
dd
if
=
/dev/urandom
bs
=
128
count
=
1 2>/dev/null |
base64
|
tr
-d
"=+/"
|
dd
bs
=
32
count
=
1 2>/dev/null
)
fi
}
# Wait for background jobs to finish. Exit with
# an error status if any of the jobs failed.
function
wait-for-jobs
{
...
...
@@ -577,8 +545,8 @@ function kube-up {
ensure-temp-dir
detect-project
ge
t-password
ge
t-bearer-
token
ge
n-kube-basicauth
ge
n-kube-bearer
token
# Make sure we have the tar files staged on Google Storage
find-release-tars
...
...
@@ -758,6 +726,8 @@ function kube-up {
create-kubeconfig
)
# ensures KUBECONFIG is set
get-kubeconfig-basicauth
echo
echo
-e
"
${
color_green
}
Kubernetes cluster is running. The master is running at:"
echo
...
...
@@ -1035,8 +1005,8 @@ function prepare-push() {
detect-project
detect-master
detect-minion-names
get-
password
get-
bearer-
token
get-
kubeconfig-basicauth
get-
kubeconfig-bearer
token
# Make sure we have the tar files staged on Google Storage
tars_from_version
...
...
cluster/gke/util.sh
View file @
43821684
...
...
@@ -189,25 +189,6 @@ function test-setup() {
--network
=
"
${
NETWORK
}
"
}
# Ensure that we have a password created for validating to the master.
#
# Assumed vars:
# ZONE
# CLUSTER_NAME
# Vars set:
# KUBE_USER
# KUBE_PASSWORD
function
get-password
()
{
echo
"... in gke:get-password()"
>
&2
detect-project
>
&2
KUBE_USER
=
$(
"
${
GCLOUD
}
"
"
${
CMD_GROUP
}
"
container clusters describe
\
--project
=
"
${
PROJECT
}
"
--zone
=
"
${
ZONE
}
"
"
${
CLUSTER_NAME
}
"
\
|
grep
user |
cut
-f
4
-d
' '
)
KUBE_PASSWORD
=
$(
"
${
GCLOUD
}
"
"
${
CMD_GROUP
}
"
container clusters describe
\
--project
=
"
${
PROJECT
}
"
--zone
=
"
${
ZONE
}
"
"
${
CLUSTER_NAME
}
"
\
|
grep
password |
cut
-f
4
-d
' '
)
}
# Detect the IP for the master. Note that on GKE, we don't know the name of the
# master, so KUBE_MASTER is not set.
#
...
...
cluster/juju/util.sh
View file @
43821684
...
...
@@ -41,10 +41,6 @@ function build-local() {
cp
-v
$OUTPUT_DIR
/
*
cluster/juju/charms/trusty/kubernetes-master/files/output
}
function
get-password
()
{
echo
"TODO: Assign username/password security"
}
function
kube-up
()
{
build-local
if
[[
-d
"~/.juju/current-env"
]]
;
then
...
...
cluster/kube-util.sh
View file @
43821684
...
...
@@ -91,11 +91,6 @@ function test-teardown {
echo
"TODO: test-teardown"
1>&2
}
# Set the {KUBE_USER} and {KUBE_PASSWORD} environment values required to interact with provider
function
get-password
{
echo
"TODO: get-password"
1>&2
}
# Providers util.sh scripts should define functions that override the above default functions impls
if
[
-n
"
${
KUBERNETES_PROVIDER
}
"
]
;
then
PROVIDER_UTILS
=
"
${
KUBE_ROOT
}
/cluster/
${
KUBERNETES_PROVIDER
}
/util.sh"
...
...
cluster/libvirt-coreos/util.sh
View file @
43821684
...
...
@@ -183,7 +183,7 @@ function wait-cluster-readiness {
function
kube-up
{
detect-master
detect-minions
ge
t-kubeconfig
-bearertoken
ge
n-kube
-bearertoken
initialize-pool keep_base_image
initialize-network
...
...
cluster/rackspace/util.sh
View file @
43821684
...
...
@@ -51,20 +51,6 @@ verify-prereqs() {
fi
}
# Ensure that we have a password created for validating to the master. Will
# read from kubeconfig current-context if available.
#
# Vars set:
# KUBE_USER
# KUBE_PASSWORD
get-password
()
{
get-kubeconfig-basicauth
if
[[
-z
"
${
KUBE_USER
}
"
||
-z
"
${
KUBE_PASSWORD
}
"
]]
;
then
KUBE_USER
=
admin
KUBE_PASSWORD
=
$(
python2.7
-c
'import string,random; print "".join(random.SystemRandom().choice(string.ascii_letters + string.digits) for _ in range(16))'
)
fi
}
rax-ssh-key
()
{
if
[
!
-f
$HOME
/.ssh/
${
SSH_KEY_NAME
}
]
;
then
echo
"cluster/rackspace/util.sh: Generating SSH KEY
${
HOME
}
/.ssh/
${
SSH_KEY_NAME
}
"
...
...
@@ -301,7 +287,7 @@ kube-up() {
KUBE_TEMP
=
$(
mktemp
-d
-t
kubernetes.XXXXXX
)
trap
"rm -rf
${
KUBE_TEMP
}
"
EXIT
ge
t-password
ge
n-kube-basicauth
python2.7
$(
dirname
$0
)
/../third_party/htpasswd/htpasswd.py
-b
-c
${
KUBE_TEMP
}
/htpasswd
$KUBE_USER
$KUBE_PASSWORD
HTPASSWD
=
$(
cat
${
KUBE_TEMP
}
/htpasswd
)
...
...
@@ -365,6 +351,8 @@ kube-up() {
detect-minions
# ensures KUBECONFIG is set
get-kubeconfig-basicauth
echo
"All minions may not be online yet, this is okay."
echo
echo
"Kubernetes cluster is running. The master is running at:"
...
...
cluster/ubuntu/util.sh
View file @
43821684
...
...
@@ -260,20 +260,6 @@ FLANNEL_OPTS=""
EOF
}
# Ensure that we have a password created for validating to the master. Will
# read from ${KUBECONFIG:-$DEFAULT_KUBECONFIG} if available.
#
# Vars set:
# KUBE_USER
# KUBE_PASSWORD
function
get-password
{
get-kubeconfig-basicauth
if
[[
-z
"
${
KUBE_USER
}
"
||
-z
"
${
KUBE_PASSWORD
}
"
]]
;
then
KUBE_USER
=
admin
KUBE_PASSWORD
=
$(
python
-c
'import string,random; print "".join(random.SystemRandom().choice(string.ascii_letters + string.digits) for _ in range(16))'
)
fi
}
# Detect the IP for the master
#
# Assumed vars:
...
...
@@ -360,7 +346,7 @@ function kube-up() {
source
"
${
KUBE_ROOT
}
/cluster/common.sh"
# set kubernetes user and password
ge
t-password
ge
n-kube-basicauth
create-kubeconfig
}
...
...
cluster/vagrant/util.sh
View file @
43821684
...
...
@@ -253,19 +253,21 @@ function verify-cluster {
}
(
# ensures KUBECONFIG is set
get-kubeconfig-basicauth
echo
echo
"Kubernetes cluster is running. The master is running at:"
echo
echo
" https://
${
MASTER_IP
}
"
echo
echo
"The user name and password to use is located in
~/.kubernetes_vagrant_auth.
"
echo
"The user name and password to use is located in
${
KUBECONIG
}
"
echo
)
}
# Instantiate a kubernetes cluster
function
kube-up
{
ge
t-password
ge
n-kube-basicauth
get-tokens
create-provision-scripts
...
...
@@ -295,7 +297,7 @@ function kube-down {
# Update a kubernetes cluster with latest source
function
kube-push
{
get-
password
get-
kubeconfig-basicauth
create-provision-scripts
vagrant provision
}
...
...
@@ -316,13 +318,6 @@ function test-teardown {
kube-down
}
# Set the {user} and {password} environment values required to interact with provider
function
get-password
{
export
KUBE_USER
=
vagrant
export
KUBE_PASSWORD
=
vagrant
echo
"Using credentials:
$KUBE_USER
:
$KUBE_PASSWORD
"
1>&2
}
# Find the minion name based on the IP address
function
find-vagrant-name-by-ip
{
local
ip
=
"
$1
"
...
...
cluster/vsphere/util.sh
View file @
43821684
...
...
@@ -169,20 +169,6 @@ function upload-server-tars {
done
}
# Ensure that we have a password created for validating to the master. Will
# read from kubeconfig if available.
#
# Vars set:
# KUBE_USER
# KUBE_PASSWORD
function
get-password
{
get-kubeconfig-basicauth
if
[[
-z
"
${
KUBE_USER
}
"
||
-z
"
${
KUBE_PASSWORD
}
"
]]
;
then
KUBE_USER
=
admin
KUBE_PASSWORD
=
$(
python
-c
'import string,random; print "".join(random.SystemRandom().choice(string.ascii_letters + string.digits) for _ in range(16))'
)
fi
}
# Run command over ssh
function
kube-ssh
{
local
host
=
"
$1
"
...
...
@@ -264,7 +250,7 @@ function kube-up {
ensure-temp-dir
ge
t-password
ge
n-kube-basicauth
python
"
${
KUBE_ROOT
}
/third_party/htpasswd/htpasswd.py"
\
-b
-c
"
${
KUBE_TEMP
}
/htpasswd"
"
$KUBE_USER
"
"
$KUBE_PASSWORD
"
local
htpasswd
...
...
@@ -395,6 +381,8 @@ function kube-up {
}
done
# ensures KUBECONFIG is set
get-kubeconfig-basicauth
echo
echo
"Kubernetes cluster is running. The master is running at:"
echo
...
...
@@ -434,7 +422,7 @@ function kube-push {
echo
"sudo salt --force-color '*' state.highstate"
)
| kube-ssh
"
${
KUBE_MASTER_IP
}
"
get-
password
get-
kubeconfig-basicauth
echo
echo
"Kubernetes cluster is running. The master is running at:"
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment