Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
K
k3s
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Jacklull
k3s
Commits
7f75c982
Commit
7f75c982
authored
Apr 20, 2015
by
Brendan Burns
Browse files
Options
Browse Files
Download
Plain Diff
Merge pull request #6691 from jlowdermilk/gen-kubeconfig
Generate kubeconfig for all providers in cluster/ that use auth
parents
e079e23e
3787fc5e
Hide whitespace changes
Inline
Side-by-side
Showing
10 changed files
with
122 additions
and
227 deletions
+122
-227
util.sh
cluster/aws/util.sh
+15
-40
util.sh
cluster/azure/util.sh
+14
-36
common.sh
cluster/common.sh
+27
-9
util.sh
cluster/gce/util.sh
+3
-3
kubectl.sh
cluster/kubectl.sh
+0
-5
util.sh
cluster/libvirt-coreos/util.sh
+8
-9
util.sh
cluster/rackspace/util.sh
+13
-17
util.sh
cluster/vagrant/util.sh
+13
-43
util.sh
cluster/vsphere/util.sh
+25
-43
ginkgo-e2e.sh
hack/ginkgo-e2e.sh
+4
-22
No files found.
cluster/aws/util.sh
View file @
7f75c982
...
@@ -20,6 +20,7 @@
...
@@ -20,6 +20,7 @@
# config-default.sh.
# config-default.sh.
KUBE_ROOT
=
$(
dirname
"
${
BASH_SOURCE
}
"
)
/../..
KUBE_ROOT
=
$(
dirname
"
${
BASH_SOURCE
}
"
)
/../..
source
"
${
KUBE_ROOT
}
/cluster/aws/
${
KUBE_CONFIG_FILE
-
"config-default.sh"
}
"
source
"
${
KUBE_ROOT
}
/cluster/aws/
${
KUBE_CONFIG_FILE
-
"config-default.sh"
}
"
source
"
${
KUBE_ROOT
}
/cluster/common.sh"
# This removes the final character in bash (somehow)
# This removes the final character in bash (somehow)
AWS_REGION
=
${
ZONE
%?
}
AWS_REGION
=
${
ZONE
%?
}
...
@@ -265,7 +266,7 @@ function upload-server-tars() {
...
@@ -265,7 +266,7 @@ function upload-server-tars() {
# Ensure that we have a password created for validating to the master. Will
# Ensure that we have a password created for validating to the master. Will
# read from
the kubernetes auth-file
for the current context if available.
# read from
kubeconfig
for the current context if available.
#
#
# Assumed vars
# Assumed vars
# KUBE_ROOT
# KUBE_ROOT
...
@@ -274,17 +275,11 @@ function upload-server-tars() {
...
@@ -274,17 +275,11 @@ function upload-server-tars() {
# KUBE_USER
# KUBE_USER
# KUBE_PASSWORD
# KUBE_PASSWORD
function
get-password
{
function
get-password
{
# go template to extract the auth-path of the current-context user
get-kubeconfig-basicauth
# Note: we save dot ('.') to $dot because the 'with' action overrides dot
if
[[
-z
"
${
KUBE_USER
}
"
||
-z
"
${
KUBE_PASSWORD
}
"
]]
;
then
local
template
=
'{{$dot := .}}{{with $ctx := index $dot "current-context"}}{{range $element := (index $dot "contexts")}}{{ if eq .name $ctx }}{{ with $user := .context.user }}{{range $element := (index $dot "users")}}{{ if eq .name $user }}{{ index . "user" "auth-path" }}{{end}}{{end}}{{end}}{{end}}{{end}}{{end}}'
KUBE_USER
=
admin
local
file
=
$(
"
${
KUBE_ROOT
}
/cluster/kubectl.sh"
config view
-o
template
--template
=
"
${
template
}
"
)
KUBE_PASSWORD
=
$(
python
-c
'import string,random; print "".join(random.SystemRandom().choice(string.ascii_letters + string.digits) for _ in range(16))'
)
if
[[
!
-z
"
$file
"
&&
-r
"
$file
"
]]
;
then
KUBE_USER
=
$(
cat
"
$file
"
| python
-c
'import json,sys;print json.load(sys.stdin)["User"]'
)
KUBE_PASSWORD
=
$(
cat
"
$file
"
| python
-c
'import json,sys;print json.load(sys.stdin)["Password"]'
)
return
fi
fi
KUBE_USER
=
admin
KUBE_PASSWORD
=
$(
python
-c
'import string,random; print "".join(random.SystemRandom().choice(string.ascii_letters + string.digits) for _ in range(16))'
)
}
}
# Adds a tag to an AWS resource
# Adds a tag to an AWS resource
...
@@ -609,44 +604,24 @@ function kube-up {
...
@@ -609,44 +604,24 @@ function kube-up {
echo
"Kubernetes cluster created."
echo
"Kubernetes cluster created."
local
kube_cert
=
"kubecfg.crt"
local
kube_key
=
"kubecfg.key"
local
ca_cert
=
"kubernetes.ca.crt"
# TODO use token instead of kube_auth
# TODO use token instead of kube_auth
local
kube_auth
=
"kubernetes_auth"
export
KUBE_CERT
=
"/tmp/
$RANDOM
-kubecfg.crt"
export
KUBE_KEY
=
"/tmp/
$RANDOM
-kubecfg.key"
export
CA_CERT
=
"/tmp/
$RANDOM
-kubernetes.ca.crt"
export
CONTEXT
=
"aws_
${
INSTANCE_PREFIX
}
"
local
kubectl
=
"
${
KUBE_ROOT
}
/cluster/kubectl.sh"
local
kubectl
=
"
${
KUBE_ROOT
}
/cluster/kubectl.sh"
local
context
=
"
${
INSTANCE_PREFIX
}
"
local
user
=
"
${
INSTANCE_PREFIX
}
-admin"
local
config_dir
=
"
${
HOME
}
/.kube/
${
context
}
"
# TODO: generate ADMIN (and KUBELET) tokens and put those in the master's
# TODO: generate ADMIN (and KUBELET) tokens and put those in the master's
# config file. Distribute the same way the htpasswd is done.
# config file. Distribute the same way the htpasswd is done.
(
(
mkdir
-p
"
${
config_dir
}
"
mkdir
-p
"
${
config_dir
}
"
umask
077
umask
077
ssh
-oStrictHostKeyChecking
=
no
-i
"
${
AWS_SSH_KEY
}
"
ubuntu@
${
KUBE_MASTER_IP
}
sudo cat
/srv/kubernetes/kubecfg.crt
>
"
${
config_dir
}
/
${
kube_cert
}
"
2>
$LOG
ssh
-oStrictHostKeyChecking
=
no
-i
"
${
AWS_SSH_KEY
}
"
"ubuntu@
${
KUBE_MASTER_IP
}
"
sudo cat
/srv/kubernetes/kubecfg.crt
>
"
${
KUBE_CERT
}
"
2>
"
$LOG
"
ssh
-oStrictHostKeyChecking
=
no
-i
"
${
AWS_SSH_KEY
}
"
ubuntu@
${
KUBE_MASTER_IP
}
sudo cat
/srv/kubernetes/kubecfg.key
>
"
${
config_dir
}
/
${
kube_key
}
"
2>
$LOG
ssh
-oStrictHostKeyChecking
=
no
-i
"
${
AWS_SSH_KEY
}
"
"ubuntu@
${
KUBE_MASTER_IP
}
"
sudo cat
/srv/kubernetes/kubecfg.key
>
"
${
KUBE_KEY
}
"
2>
"
$LOG
"
ssh
-oStrictHostKeyChecking
=
no
-i
"
${
AWS_SSH_KEY
}
"
ubuntu@
${
KUBE_MASTER_IP
}
sudo cat
/srv/kubernetes/ca.crt
>
"
${
config_dir
}
/
${
ca_cert
}
"
2>
$LOG
ssh
-oStrictHostKeyChecking
=
no
-i
"
${
AWS_SSH_KEY
}
"
"ubuntu@
${
KUBE_MASTER_IP
}
"
sudo cat
/srv/kubernetes/ca.crt
>
"
${
CA_CERT
}
"
2>
"
$LOG
"
"
${
kubectl
}
"
config set-cluster
"
${
context
}
"
--server
=
"https://
${
KUBE_MASTER_IP
}
"
--certificate-authority
=
"
${
config_dir
}
/
${
ca_cert
}
"
--global
"
${
kubectl
}
"
config set-credentials
"
${
user
}
"
--auth-path
=
"
${
config_dir
}
/
${
kube_auth
}
"
--global
"
${
kubectl
}
"
config set-context
"
${
context
}
"
--cluster
=
"
${
context
}
"
--user
=
"
${
user
}
"
--global
"
${
kubectl
}
"
config use-context
"
${
context
}
"
--global
cat
<<
EOF
> "
${
config_dir
}
/
${
kube_auth
}
"
{
"User": "
$KUBE_USER
",
"Password": "
$KUBE_PASSWORD
",
"CAFile": "
${
config_dir
}
/
${
ca_cert
}
",
"CertFile": "
${
config_dir
}
/
${
kube_cert
}
",
"KeyFile": "
${
config_dir
}
/
${
kube_key
}
"
}
EOF
chmod
0600
"
${
config_dir
}
/
${
kube_auth
}
"
"
${
config_dir
}
/
$kube_cert
"
\
create-kubeconfig
"
${
config_dir
}
/
${
kube_key
}
"
"
${
config_dir
}
/
${
ca_cert
}
"
echo
"Wrote
${
config_dir
}
/
${
kube_auth
}
"
)
)
echo
"Sanity checking cluster..."
echo
"Sanity checking cluster..."
...
@@ -700,7 +675,7 @@ EOF
...
@@ -700,7 +675,7 @@ EOF
echo
echo
echo
-e
"
${
color_yellow
}
https://
${
KUBE_MASTER_IP
}
"
echo
-e
"
${
color_yellow
}
https://
${
KUBE_MASTER_IP
}
"
echo
echo
echo
-e
"
${
color_green
}
The user name and password to use is located in
${
config_dir
}
/
${
kube_auth
}
${
color_norm
}
"
echo
-e
"
${
color_green
}
The user name and password to use is located in
${
KUBECONFIG
}
.
${
color_norm
}
"
echo
echo
}
}
...
...
cluster/azure/util.sh
View file @
7f75c982
...
@@ -21,6 +21,7 @@
...
@@ -21,6 +21,7 @@
KUBE_ROOT
=
$(
dirname
"
${
BASH_SOURCE
}
"
)
/../..
KUBE_ROOT
=
$(
dirname
"
${
BASH_SOURCE
}
"
)
/../..
source
"
${
KUBE_ROOT
}
/cluster/azure/
${
KUBE_CONFIG_FILE
-
"config-default.sh"
}
"
source
"
${
KUBE_ROOT
}
/cluster/azure/
${
KUBE_CONFIG_FILE
-
"config-default.sh"
}
"
source
"
${
KUBE_ROOT
}
/cluster/common.sh"
function
azure_call
{
function
azure_call
{
local
-a
params
=()
local
-a
params
=()
...
@@ -242,30 +243,17 @@ function detect-master () {
...
@@ -242,30 +243,17 @@ function detect-master () {
}
}
# Ensure that we have a password created for validating to the master. Will
# Ensure that we have a password created for validating to the master. Will
# read from
$HOME/.kubernetres_auth
if available.
# read from
kubeconfig current-context
if available.
#
#
# Vars set:
# Vars set:
# KUBE_USER
# KUBE_USER
# KUBE_PASSWORD
# KUBE_PASSWORD
function
get-password
{
function
get-password
{
local
file
=
"
$HOME
/.kubernetes_auth"
get-kubeconfig-basicauth
if
[[
-r
"
$file
"
]]
;
then
if
[[
-z
"
${
KUBE_USER
}
"
||
-z
"
${
KUBE_PASSWORD
}
"
]]
;
then
KUBE_USER
=
$(
cat
"
$file
"
| python
-c
'import json,sys;print json.load(sys.stdin)["User"]'
)
KUBE_PASSWORD
=
$(
cat
"
$file
"
| python
-c
'import json,sys;print json.load(sys.stdin)["Password"]'
)
return
fi
KUBE_USER
=
admin
KUBE_USER
=
admin
KUBE_PASSWORD
=
$(
python
-c
'import string,random; print "".join(random.SystemRandom().choice(string.ascii_letters + string.digits) for _ in range(16))'
)
KUBE_PASSWORD
=
$(
python
-c
'import string,random; print "".join(random.SystemRandom().choice(string.ascii_letters + string.digits) for _ in range(16))'
)
fi
# Remove this code, since in all use cases I can see, we are overwriting this
# at cluster creation time.
cat
<<
EOF
> "
$file
"
{
"User": "
$KUBE_USER
",
"Password": "
$KUBE_PASSWORD
"
}
EOF
chmod
0600
"
$file
"
}
}
# Generate authentication token for admin user. Will
# Generate authentication token for admin user. Will
...
@@ -432,32 +420,22 @@ function kube-up {
...
@@ -432,32 +420,22 @@ function kube-up {
printf
"
\n
"
printf
"
\n
"
echo
"Kubernetes cluster created."
echo
"Kubernetes cluster created."
local
kube_cert
=
".kubecfg.crt"
export
KUBE_CERT
=
"/tmp/
$RANDOM
-kubecfg.crt"
local
kube_key
=
".kubecfg.key"
export
KUBE_KEY
=
"/tmp/
$RANDOM
-kubecfg.key"
local
ca_cert
=
".kubernetes.ca.crt"
export
CA_CERT
=
"/tmp/
$RANDOM
-kubernetes.ca.crt"
export
CONTEXT
=
"azure_
${
INSTANCE_PREFIX
}
"
# TODO: generate ADMIN (and KUBELET) tokens and put those in the master's
# TODO: generate ADMIN (and KUBELET) tokens and put those in the master's
# config file. Distribute the same way the htpasswd is done.
# config file. Distribute the same way the htpasswd is done.
(
umask
077
(
umask
077
ssh
-oStrictHostKeyChecking
=
no
-i
$AZ_SSH_KEY
-p
22000
$AZ_CS
.cloudapp.net
\
ssh
-oStrictHostKeyChecking
=
no
-i
$AZ_SSH_KEY
-p
22000
$AZ_CS
.cloudapp.net
\
sudo cat
/srv/kubernetes/kubecfg.crt
>
"
${
HOME
}
/
${
kube_cert
}
"
2>/dev/null
sudo cat
/srv/kubernetes/kubecfg.crt
>
"
${
KUBE_CERT
}
"
2>/dev/null
ssh
-oStrictHostKeyChecking
=
no
-i
$AZ_SSH_KEY
-p
22000
$AZ_CS
.cloudapp.net
\
ssh
-oStrictHostKeyChecking
=
no
-i
$AZ_SSH_KEY
-p
22000
$AZ_CS
.cloudapp.net
\
sudo cat
/srv/kubernetes/kubecfg.key
>
"
${
HOME
}
/
${
kube_key
}
"
2>/dev/null
sudo cat
/srv/kubernetes/kubecfg.key
>
"
${
KUBE_KEY
}
"
2>/dev/null
ssh
-oStrictHostKeyChecking
=
no
-i
$AZ_SSH_KEY
-p
22000
$AZ_CS
.cloudapp.net
\
ssh
-oStrictHostKeyChecking
=
no
-i
$AZ_SSH_KEY
-p
22000
$AZ_CS
.cloudapp.net
\
sudo cat
/srv/kubernetes/ca.crt
>
"
${
HOME
}
/
${
ca_cert
}
"
2>/dev/null
sudo cat
/srv/kubernetes/ca.crt
>
"
${
CA_CERT
}
"
2>/dev/null
cat
<<
EOF
> ~/.kubernetes_auth
{
"User": "
$KUBE_USER
",
"Password": "
$KUBE_PASSWORD
",
"CAFile": "
$HOME
/
$ca_cert
",
"CertFile": "
$HOME
/
$kube_cert
",
"KeyFile": "
$HOME
/
$kube_key
"
}
EOF
chmod
0600 ~/.kubernetes_auth
"
${
HOME
}
/
${
kube_cert
}
"
\
create-kubeconfig
"
${
HOME
}
/
${
kube_key
}
"
"
${
HOME
}
/
${
ca_cert
}
"
)
)
# Wait for salt on the minions
# Wait for salt on the minions
...
@@ -482,7 +460,7 @@ EOF
...
@@ -482,7 +460,7 @@ EOF
echo
echo
echo
" https://
${
KUBE_MASTER_IP
}
"
echo
" https://
${
KUBE_MASTER_IP
}
"
echo
echo
echo
"The user name and password to use is located in
~/.kubernetes_auth
."
echo
"The user name and password to use is located in
${
KUBECONFIG
}
."
echo
echo
}
}
...
...
cluster/common.sh
View file @
7f75c982
...
@@ -30,11 +30,12 @@ DEFAULT_KUBECONFIG="${HOME}/.kube/config"
...
@@ -30,11 +30,12 @@ DEFAULT_KUBECONFIG="${HOME}/.kube/config"
# KUBE_PASSWORD
# KUBE_PASSWORD
# KUBE_MASTER_IP
# KUBE_MASTER_IP
# KUBECONFIG
# KUBECONFIG
# CONTEXT
#
#
# The following can be omitted for --insecure-skip-tls-verify
# KUBE_CERT
# KUBE_CERT
# KUBE_KEY
# KUBE_KEY
# CA_CERT
# CA_CERT
# CONTEXT
function
create-kubeconfig
()
{
function
create-kubeconfig
()
{
local
kubectl
=
"
${
KUBE_ROOT
}
/cluster/kubectl.sh"
local
kubectl
=
"
${
KUBE_ROOT
}
/cluster/kubectl.sh"
...
@@ -44,14 +45,31 @@ function create-kubeconfig() {
...
@@ -44,14 +45,31 @@ function create-kubeconfig() {
mkdir
-p
$(
dirname
"
${
KUBECONFIG
}
"
)
mkdir
-p
$(
dirname
"
${
KUBECONFIG
}
"
)
touch
"
${
KUBECONFIG
}
"
touch
"
${
KUBECONFIG
}
"
fi
fi
"
${
kubectl
}
"
config set-cluster
"
${
CONTEXT
}
"
--server
=
"https://
${
KUBE_MASTER_IP
}
"
\
local
cluster_args
=(
--certificate-authority
=
"
${
CA_CERT
}
"
\
"--server=
${
KUBE_SERVER
:-
https
://
${
KUBE_MASTER_IP
}}
"
--embed-certs
=
true
)
"
${
kubectl
}
"
config set-credentials
"
${
CONTEXT
}
"
--username
=
"
${
KUBE_USER
}
"
\
if
[[
-z
"
${
CA_CERT
:-}
"
]]
;
then
--password
=
"
${
KUBE_PASSWORD
}
"
\
cluster_args+
=(
"--insecure-skip-tls-verify=true"
)
--client-certificate
=
"
${
KUBE_CERT
}
"
\
else
--client-key
=
"
${
KUBE_KEY
}
"
\
cluster_args+
=(
--embed-certs
=
true
"--certificate-authority=
${
CA_CERT
}
"
"--embed-certs=true"
)
fi
local
user_args
=(
"--username=
${
KUBE_USER
}
"
"--password=
${
KUBE_PASSWORD
}
"
)
if
[[
!
-z
"
${
KUBE_CERT
:-}
"
&&
!
-z
"
${
KUBE_KEY
:-}
"
]]
;
then
user_args+
=(
"--client-certificate=
${
KUBE_CERT
}
"
"--client-key=
${
KUBE_KEY
}
"
"--embed-certs=true"
)
fi
"
${
kubectl
}
"
config set-cluster
"
${
CONTEXT
}
"
"
${
cluster_args
[@]
}
"
"
${
kubectl
}
"
config set-credentials
"
${
CONTEXT
}
"
"
${
user_args
[@]
}
"
"
${
kubectl
}
"
config set-context
"
${
CONTEXT
}
"
--cluster
=
"
${
CONTEXT
}
"
--user
=
"
${
CONTEXT
}
"
"
${
kubectl
}
"
config set-context
"
${
CONTEXT
}
"
--cluster
=
"
${
CONTEXT
}
"
--user
=
"
${
CONTEXT
}
"
"
${
kubectl
}
"
config use-context
"
${
CONTEXT
}
"
--cluster
=
"
${
CONTEXT
}
"
"
${
kubectl
}
"
config use-context
"
${
CONTEXT
}
"
--cluster
=
"
${
CONTEXT
}
"
...
...
cluster/gce/util.sh
View file @
7f75c982
...
@@ -679,9 +679,9 @@ function kube-up {
...
@@ -679,9 +679,9 @@ function kube-up {
echo
"Kubernetes cluster created."
echo
"Kubernetes cluster created."
# TODO use token instead of basic auth
# TODO use token instead of basic auth
export
KUBE_CERT
=
"/tmp/kubecfg.crt"
export
KUBE_CERT
=
"/tmp/
$RANDOM
-
kubecfg.crt"
export
KUBE_KEY
=
"/tmp/kubecfg.key"
export
KUBE_KEY
=
"/tmp/
$RANDOM
-
kubecfg.key"
export
CA_CERT
=
"/tmp/kubernetes.ca.crt"
export
CA_CERT
=
"/tmp/
$RANDOM
-
kubernetes.ca.crt"
export
CONTEXT
=
"
${
PROJECT
}
_
${
INSTANCE_PREFIX
}
"
export
CONTEXT
=
"
${
PROJECT
}
_
${
INSTANCE_PREFIX
}
"
# TODO: generate ADMIN (and KUBELET) tokens and put those in the master's
# TODO: generate ADMIN (and KUBELET) tokens and put those in the master's
...
...
cluster/kubectl.sh
View file @
7f75c982
...
@@ -120,11 +120,6 @@ elif [[ "$KUBERNETES_PROVIDER" == "vagrant" ]]; then
...
@@ -120,11 +120,6 @@ elif [[ "$KUBERNETES_PROVIDER" == "vagrant" ]]; then
config
=(
config
=(
"--kubeconfig=
$HOME
/.kubernetes_vagrant_kubeconfig"
"--kubeconfig=
$HOME
/.kubernetes_vagrant_kubeconfig"
)
)
elif
[[
"
$KUBERNETES_PROVIDER
"
==
"libvirt-coreos"
]]
;
then
detect-master
>
/dev/null
config
=(
"--server=http://
${
KUBE_MASTER_IP
}
:8080"
)
fi
fi
echo
"current-context:
\"
$(${
kubectl
}
"
${
config
[@]
:+
${
config
[@]
}}
"
config view
-o
template
--template
=
'{{index . "current-context"}}'
)
\"
"
>
&2
echo
"current-context:
\"
$(${
kubectl
}
"
${
config
[@]
:+
${
config
[@]
}}
"
config view
-o
template
--template
=
'{{index . "current-context"}}'
)
\"
"
>
&2
...
...
cluster/libvirt-coreos/util.sh
View file @
7f75c982
...
@@ -18,7 +18,8 @@
...
@@ -18,7 +18,8 @@
KUBE_ROOT
=
$(
dirname
"
${
BASH_SOURCE
}
"
)
/../..
KUBE_ROOT
=
$(
dirname
"
${
BASH_SOURCE
}
"
)
/../..
readonly
ROOT
=
$(
dirname
"
${
BASH_SOURCE
}
"
)
readonly
ROOT
=
$(
dirname
"
${
BASH_SOURCE
}
"
)
source
$ROOT
/
${
KUBE_CONFIG_FILE
:-
"config-default.sh"
}
source
"
$ROOT
/
${
KUBE_CONFIG_FILE
:-
"config-default.sh"
}
"
source
"
$KUBE_ROOT
/cluster/common.sh"
export
LIBVIRT_DEFAULT_URI
=
qemu:///system
export
LIBVIRT_DEFAULT_URI
=
qemu:///system
...
@@ -199,6 +200,7 @@ function wait-cluster-readiness {
...
@@ -199,6 +200,7 @@ function wait-cluster-readiness {
function
kube-up
{
function
kube-up
{
detect-master
detect-master
detect-minions
detect-minions
get-password
initialize-pool keep_base_image
initialize-pool keep_base_image
initialize-network
initialize-network
...
@@ -235,12 +237,9 @@ function kube-up {
...
@@ -235,12 +237,9 @@ function kube-up {
rm
$domain_xml
rm
$domain_xml
done
done
export
KUBECONFIG
=
"
${
HOME
}
/.kube/.kubeconfig"
export
KUBE_SERVER
=
"http://192.168.10.1:8080"
local
kubectl
=
"
${
KUBE_ROOT
}
/cluster/kubectl.sh"
export
CONTEXT
=
"libvirt-coreos"
create-kubeconfig
"
${
kubectl
}
"
config set-cluster libvirt-coreos
--server
=
http://
${
KUBE_MASTER_IP
-
}
:8080
"
${
kubectl
}
"
config set-context libvirt-coreos
--cluster
=
libvirt-coreos
"
${
kubectl
}
"
config use-context libvirt-coreos
--cluster
=
libvirt-coreos
wait-cluster-readiness
wait-cluster-readiness
...
@@ -331,8 +330,8 @@ function test-teardown {
...
@@ -331,8 +330,8 @@ function test-teardown {
# Set the {KUBE_USER} and {KUBE_PASSWORD} environment values required to interact with provider
# Set the {KUBE_USER} and {KUBE_PASSWORD} environment values required to interact with provider
function
get-password
{
function
get-password
{
export
KUBE_USER
=
core
export
KUBE_USER
=
''
e
cho
"TODO get-password"
e
xport
KUBE_PASSWORD
=
''
}
}
# SSH to a node by name or IP ($1) and run a command ($2).
# SSH to a node by name or IP ($1) and run a command ($2).
...
...
cluster/rackspace/util.sh
View file @
7f75c982
...
@@ -20,6 +20,7 @@
...
@@ -20,6 +20,7 @@
# config-default.sh.
# config-default.sh.
KUBE_ROOT
=
$(
dirname
"
${
BASH_SOURCE
}
"
)
/../..
KUBE_ROOT
=
$(
dirname
"
${
BASH_SOURCE
}
"
)
/../..
source
$(
dirname
${
BASH_SOURCE
})
/
${
KUBE_CONFIG_FILE
-
"config-default.sh"
}
source
$(
dirname
${
BASH_SOURCE
})
/
${
KUBE_CONFIG_FILE
-
"config-default.sh"
}
source
"
${
KUBE_ROOT
}
/cluster/common.sh"
verify-prereqs
()
{
verify-prereqs
()
{
# Make sure that prerequisites are installed.
# Make sure that prerequisites are installed.
...
@@ -50,29 +51,17 @@ verify-prereqs() {
...
@@ -50,29 +51,17 @@ verify-prereqs() {
}
}
# Ensure that we have a password created for validating to the master. Will
# Ensure that we have a password created for validating to the master. Will
# read from
$HOME/.kubernetres_auth
if available.
# read from
kubeconfig current-context
if available.
#
#
# Vars set:
# Vars set:
# KUBE_USER
# KUBE_USER
# KUBE_PASSWORD
# KUBE_PASSWORD
get-password
()
{
get-password
()
{
local
file
=
"
$HOME
/.kubernetes_auth"
get-kubeconfig-basicauth
if
[[
-r
"
$file
"
]]
;
then
if
[[
-z
"
${
KUBE_USER
}
"
||
-z
"
${
KUBE_PASSWORD
}
"
]]
;
then
KUBE_USER
=
$(
cat
"
$file
"
| python
-c
'import json,sys;print json.load(sys.stdin)["User"]'
)
KUBE_USER
=
admin
KUBE_PASSWORD
=
$(
cat
"
$file
"
| python
-c
'import json,sys;print json.load(sys.stdin)["Password"]'
)
KUBE_PASSWORD
=
$(
python
-c
'import string,random; print "".join(random.SystemRandom().choice(string.ascii_letters + string.digits) for _ in range(16))'
)
return
fi
fi
KUBE_USER
=
admin
KUBE_PASSWORD
=
$(
python
-c
'import string,random; print "".join(random.SystemRandom().choice(string.ascii_letters + string.digits) for _ in range(16))'
)
# Store password for reuse.
cat
<<
EOF
> "
$file
"
{
"User": "
$KUBE_USER
",
"Password": "
$KUBE_PASSWORD
"
}
EOF
chmod
0600
"
$file
"
}
}
rax-ssh-key
()
{
rax-ssh-key
()
{
...
@@ -329,6 +318,13 @@ kube-up() {
...
@@ -329,6 +318,13 @@ kube-up() {
echo
"Kubernetes cluster created."
echo
"Kubernetes cluster created."
export
KUBE_CERT
=
""
export
KUBE_KEY
=
""
export
CA_CERT
=
""
export
CONTEXT
=
"rackspace_
${
INSTANCE_PREFIX
}
"
create-kubeconfig
# Don't bail on errors, we want to be able to print some info.
# Don't bail on errors, we want to be able to print some info.
set
+e
set
+e
...
...
cluster/vagrant/util.sh
View file @
7f75c982
...
@@ -18,6 +18,7 @@
...
@@ -18,6 +18,7 @@
KUBE_ROOT
=
$(
dirname
"
${
BASH_SOURCE
}
"
)
/../..
KUBE_ROOT
=
$(
dirname
"
${
BASH_SOURCE
}
"
)
/../..
source
"
${
KUBE_ROOT
}
/cluster/vagrant/
${
KUBE_CONFIG_FILE
-
"config-default.sh"
}
"
source
"
${
KUBE_ROOT
}
/cluster/vagrant/
${
KUBE_CONFIG_FILE
-
"config-default.sh"
}
"
source
"
${
KUBE_ROOT
}
/cluster/common.sh"
function
detect-master
()
{
function
detect-master
()
{
KUBE_MASTER_IP
=
$MASTER_IP
KUBE_MASTER_IP
=
$MASTER_IP
...
@@ -252,49 +253,18 @@ function kube-up {
...
@@ -252,49 +253,18 @@ function kube-up {
vagrant up
vagrant up
local
kube_cert
=
".kubecfg.vagrant.crt"
export
KUBE_CERT
=
"/tmp/
$RANDOM
-kubecfg.crt"
local
kube_key
=
".kubecfg.vagrant.key"
export
KUBE_KEY
=
"/tmp/
$RANDOM
-kubecfg.key"
local
ca_cert
=
".kubernetes.vagrant.ca.crt"
export
CA_CERT
=
"/tmp/
$RANDOM
-kubernetes.ca.crt"
export
CONTEXT
=
"vagrant"
(
umask
077
vagrant ssh master
--
sudo cat
/srv/kubernetes/kubecfg.crt
>
"
${
HOME
}
/
${
kube_cert
}
"
2>/dev/null
(
vagrant ssh master
--
sudo cat
/srv/kubernetes/kubecfg.key
>
"
${
HOME
}
/
${
kube_key
}
"
2>/dev/null
umask
077
vagrant ssh master
--
sudo cat
/srv/kubernetes/ca.crt
>
"
${
HOME
}
/
${
ca_cert
}
"
2>/dev/null
vagrant ssh master
--
sudo cat
/srv/kubernetes/kubecfg.crt
>
"
${
KUBE_CERT
}
"
2>/dev/null
vagrant ssh master
--
sudo cat
/srv/kubernetes/kubecfg.key
>
"
${
KUBE_KEY
}
"
2>/dev/null
cat
<<
EOF
>"
${
HOME
}
/.kubernetes_vagrant_auth"
vagrant ssh master
--
sudo cat
/srv/kubernetes/ca.crt
>
"
${
CA_CERT
}
"
2>/dev/null
{
"User": "
$KUBE_USER
",
create-kubeconfig
"Password": "
$KUBE_PASSWORD
",
"CAFile": "
$HOME
/
$ca_cert
",
"CertFile": "
$HOME
/
$kube_cert
",
"KeyFile": "
$HOME
/
$kube_key
"
}
EOF
cat
<<
EOF
>"
${
HOME
}
/.kubernetes_vagrant_kubeconfig"
apiVersion: v1
clusters:
- cluster:
certificate-authority:
${
HOME
}
/
$ca_cert
server: https://
${
MASTER_IP
}
:443
name: vagrant
contexts:
- context:
cluster: vagrant
namespace: default
user: vagrant
name: vagrant
current-context: "vagrant"
kind: Config
preferences: {}
users:
- name: vagrant
user:
auth-path:
${
HOME
}
/.kubernetes_vagrant_auth
EOF
chmod
0600 ~/.kubernetes_vagrant_auth
"
${
HOME
}
/
${
kube_cert
}
"
\
"
${
HOME
}
/
${
kube_key
}
"
"
${
HOME
}
/
${
ca_cert
}
"
)
)
verify-cluster
verify-cluster
...
...
cluster/vsphere/util.sh
View file @
7f75c982
...
@@ -21,6 +21,7 @@
...
@@ -21,6 +21,7 @@
KUBE_ROOT
=
$(
dirname
"
${
BASH_SOURCE
}
"
)
/../..
KUBE_ROOT
=
$(
dirname
"
${
BASH_SOURCE
}
"
)
/../..
source
"
${
KUBE_ROOT
}
/cluster/vsphere/config-common.sh"
source
"
${
KUBE_ROOT
}
/cluster/vsphere/config-common.sh"
source
"
${
KUBE_ROOT
}
/cluster/vsphere/
${
KUBE_CONFIG_FILE
-
"config-default.sh"
}
"
source
"
${
KUBE_ROOT
}
/cluster/vsphere/
${
KUBE_CONFIG_FILE
-
"config-default.sh"
}
"
source
"
${
KUBE_ROOT
}
/cluster/common.sh"
# Detect the IP for the master
# Detect the IP for the master
#
#
...
@@ -169,29 +170,17 @@ function upload-server-tars {
...
@@ -169,29 +170,17 @@ function upload-server-tars {
}
}
# Ensure that we have a password created for validating to the master. Will
# Ensure that we have a password created for validating to the master. Will
# read from
$HOME/.kubernetes_auth
if available.
# read from
kubeconfig
if available.
#
#
# Vars set:
# Vars set:
# KUBE_USER
# KUBE_USER
# KUBE_PASSWORD
# KUBE_PASSWORD
function
get-password
{
function
get-password
{
local
file
=
"
$HOME
/.kubernetes_auth"
get-kubeconfig-basicauth
if
[[
-r
"
$file
"
]]
;
then
if
[[
-z
"
${
KUBE_USER
}
"
||
-z
"
${
KUBE_PASSWORD
}
"
]]
;
then
KUBE_USER
=
$(
cat
"
$file
"
| python
-c
'import json,sys;print json.load(sys.stdin)["User"]'
)
KUBE_USER
=
admin
KUBE_PASSWORD
=
$(
cat
"
$file
"
| python
-c
'import json,sys;print json.load(sys.stdin)["Password"]'
)
KUBE_PASSWORD
=
$(
python
-c
'import string,random; print "".join(random.SystemRandom().choice(string.ascii_letters + string.digits) for _ in range(16))'
)
return
fi
fi
KUBE_USER
=
admin
KUBE_PASSWORD
=
$(
python
-c
'import string,random; print "".join(random.SystemRandom().choice(string.ascii_letters + string.digits) for _ in range(16))'
)
# Store password for reuse.
cat
<<
EOF
> "
$file
"
{
"User": "
$KUBE_USER
",
"Password": "
$KUBE_PASSWORD
"
}
EOF
chmod
0600
"
$file
"
}
}
# Run command over ssh
# Run command over ssh
...
@@ -372,6 +361,24 @@ function kube-up {
...
@@ -372,6 +361,24 @@ function kube-up {
printf
" OK
\n
"
printf
" OK
\n
"
done
done
echo
"Kubernetes cluster created."
# TODO use token instead of basic auth
export
KUBE_CERT
=
"/tmp/
$RANDOM
-kubecfg.crt"
export
KUBE_KEY
=
"/tmp/
$RANDOM
-kubecfg.key"
export
CA_CERT
=
"/tmp/
$RANDOM
-kubernetes.ca.crt"
export
CONTEXT
=
"vsphere_
${
INSTANCE_PREFIX
}
"
(
umask
077
kube-ssh
"
${
KUBE_MASTER_IP
}
"
sudo cat
/srv/kubernetes/kubecfg.crt
>
"
${
KUBE_CERT
}
"
2>/dev/null
kube-ssh
"
${
KUBE_MASTER_IP
}
"
sudo cat
/srv/kubernetes/kubecfg.key
>
"
${
KUBE_KEY
}
"
2>/dev/null
kube-ssh
"
${
KUBE_MASTER_IP
}
"
sudo cat
/srv/kubernetes/ca.crt
>
"
${
CA_CERT
}
"
2>/dev/null
create-kubeconfig
)
echo
echo
echo
"Sanity checking cluster..."
echo
"Sanity checking cluster..."
...
@@ -394,33 +401,8 @@ function kube-up {
...
@@ -394,33 +401,8 @@ function kube-up {
echo
echo
echo
" https://
${
KUBE_MASTER_IP
}
"
echo
" https://
${
KUBE_MASTER_IP
}
"
echo
echo
echo
"The user name and password to use is located in
~/.kubernetes_auth.
"
echo
"The user name and password to use is located in
${
KUBECONFIG
}
"
echo
echo
local
kube_cert
=
".kubecfg.crt"
local
kube_key
=
".kubecfg.key"
local
ca_cert
=
".kubernetes.ca.crt"
(
umask
077
kube-ssh
"
${
KUBE_MASTER_IP
}
"
sudo cat
/srv/kubernetes/kubecfg.crt
>
"
${
HOME
}
/
${
kube_cert
}
"
2>/dev/null
kube-ssh
"
${
KUBE_MASTER_IP
}
"
sudo cat
/srv/kubernetes/kubecfg.key
>
"
${
HOME
}
/
${
kube_key
}
"
2>/dev/null
kube-ssh
"
${
KUBE_MASTER_IP
}
"
sudo cat
/srv/kubernetes/ca.crt
>
"
${
HOME
}
/
${
ca_cert
}
"
2>/dev/null
cat
<<
EOF
> ~/.kubernetes_auth
{
"User": "
$KUBE_USER
",
"Password": "
$KUBE_PASSWORD
",
"CAFile": "
$HOME
/
$ca_cert
",
"CertFile": "
$HOME
/
$kube_cert
",
"KeyFile": "
$HOME
/
$kube_key
"
}
EOF
chmod
0600 ~/.kubernetes_auth
"
${
HOME
}
/
${
kube_cert
}
"
\
"
${
HOME
}
/
${
kube_key
}
"
"
${
HOME
}
/
${
ca_cert
}
"
)
}
}
# Delete a kubernetes cluster
# Delete a kubernetes cluster
...
...
hack/ginkgo-e2e.sh
View file @
7f75c982
...
@@ -87,15 +87,7 @@ if [[ -z "${AUTH_CONFIG:-}" ]]; then
...
@@ -87,15 +87,7 @@ if [[ -z "${AUTH_CONFIG:-}" ]]; then
detect-master
>
/dev/null
detect-master
>
/dev/null
if
[[
"
${
KUBERNETES_PROVIDER
}
"
==
"gke"
]]
;
then
if
[[
"
$KUBERNETES_PROVIDER
"
==
"vagrant"
]]
;
then
# When we are using vagrant it has hard coded auth. We repeat that here so that
# we don't clobber auth that might be used for a publicly facing cluster.
auth_config
=(
"--auth_config=
${
HOME
}
/.kubernetes_vagrant_auth"
"--kubeconfig=
${
HOME
}
/.kubernetes_vagrant_kubeconfig"
)
elif
[[
"
${
KUBERNETES_PROVIDER
}
"
==
"gke"
]]
;
then
# GKE stores its own kubeconfig in gcloud's config directory.
# GKE stores its own kubeconfig in gcloud's config directory.
detect-project &> /dev/null
detect-project &> /dev/null
auth_config
=(
auth_config
=(
...
@@ -103,25 +95,15 @@ if [[ -z "${AUTH_CONFIG:-}" ]]; then
...
@@ -103,25 +95,15 @@ if [[ -z "${AUTH_CONFIG:-}" ]]; then
# gcloud doesn't set the current-context, so we have to set it
# gcloud doesn't set the current-context, so we have to set it
"--context=gke_
${
PROJECT
}
_
${
ZONE
}
_
${
CLUSTER_NAME
}
"
"--context=gke_
${
PROJECT
}
_
${
ZONE
}
_
${
CLUSTER_NAME
}
"
)
)
elif
[[
"
${
KUBERNETES_PROVIDER
}
"
==
"gce"
]]
;
then
auth_config
=(
"--kubeconfig=
${
KUBECONFIG
:-
$DEFAULT_KUBECONFIG
}
"
)
elif
[[
"
${
KUBERNETES_PROVIDER
}
"
==
"aws"
]]
;
then
auth_config
=(
"--auth_config=
${
HOME
}
/.kube/
${
INSTANCE_PREFIX
}
/kubernetes_auth"
)
elif
[[
"
${
KUBERNETES_PROVIDER
}
"
==
"libvirt-coreos"
]]
;
then
auth_config
=(
"--kubeconfig=
${
HOME
}
/.kube/.kubeconfig"
)
elif
[[
"
${
KUBERNETES_PROVIDER
}
"
==
"conformance_test"
]]
;
then
elif
[[
"
${
KUBERNETES_PROVIDER
}
"
==
"conformance_test"
]]
;
then
auth_config
=(
auth_config
=(
"--auth_config=
${
KUBERNETES_CONFORMANCE_TEST_AUTH_CONFIG
:-}
"
"--auth_config=
${
KUBERNETES_CONFORMANCE_TEST_AUTH_CONFIG
:-}
"
"--cert_dir=
${
KUBERNETES_CONFORMANCE_TEST_CERT_DIR
:-}
"
"--cert_dir=
${
KUBERNETES_CONFORMANCE_TEST_CERT_DIR
:-}
"
)
)
else
else
auth_config
=()
auth_config
=(
"--kubeconfig=
${
KUBECONFIG
:-
$DEFAULT_KUBECONFIG
}
"
)
fi
fi
else
else
echo
"Conformance Test. No cloud-provider-specific preparation."
echo
"Conformance Test. No cloud-provider-specific preparation."
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment