Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
K
k3s
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Jacklull
k3s
Commits
bfd44853
Commit
bfd44853
authored
Sep 15, 2016
by
bprashanth
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Retrieve username/password from basicauth section of kubeconfig
parent
57604d13
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
32 additions
and
2 deletions
+32
-2
common.sh
cluster/common.sh
+25
-2
upgrade.sh
cluster/gce/upgrade.sh
+7
-0
No files found.
cluster/common.sh
View file @
bfd44853
...
@@ -195,8 +195,31 @@ function get-kubeconfig-basicauth() {
...
@@ -195,8 +195,31 @@ function get-kubeconfig-basicauth() {
cc
=
"
${
KUBE_CONTEXT
}
"
cc
=
"
${
KUBE_CONTEXT
}
"
fi
fi
local
user
=
$(
"
${
KUBE_ROOT
}
/cluster/kubectl.sh"
config view
-o
jsonpath
=
"{.contexts[?(@.name ==
\"
${
cc
}
\"
)].context.user}"
)
local
user
=
$(
"
${
KUBE_ROOT
}
/cluster/kubectl.sh"
config view
-o
jsonpath
=
"{.contexts[?(@.name ==
\"
${
cc
}
\"
)].context.user}"
)
KUBE_USER
=
$(
"
${
KUBE_ROOT
}
/cluster/kubectl.sh"
config view
-o
jsonpath
=
"{.users[?(@.name ==
\"
${
user
}
\"
)].user.username}"
)
get-kubeconfig-user-basicauth
"
${
user
}
"
KUBE_PASSWORD
=
$(
"
${
KUBE_ROOT
}
/cluster/kubectl.sh"
config view
-o
jsonpath
=
"{.users[?(@.name ==
\"
${
user
}
\"
)].user.password}"
)
if
[[
-z
"
${
KUBE_USER
:-}
"
||
-z
"
${
KUBE_PASSWORD
:-}
"
]]
;
then
# kube-up stores username/password in a an additional kubeconfig section
# suffixed with "-basic-auth". Cloudproviders like GKE store in directly
# in the top level section along with the other credential information.
# TODO: Handle this uniformly, either get rid of "basic-auth" or
# consolidate its usage into a function across scripts in cluster/
get-kubeconfig-user-basicauth
"
${
user
}
-basic-auth"
fi
}
# Sets KUBE_USER and KUBE_PASSWORD to the username and password specified in
# the kubeconfig section corresponding to $1.
#
# Args:
# $1 kubeconfig section to look for basic auth (eg: user or user-basic-auth).
# Assumed vars:
# KUBE_ROOT
# Vars set:
# KUBE_USER
# KUBE_PASSWORD
function
get-kubeconfig-user-basicauth
()
{
KUBE_USER
=
$(
"
${
KUBE_ROOT
}
/cluster/kubectl.sh"
config view
-o
jsonpath
=
"{.users[?(@.name ==
\"
$1
\"
)].user.username}"
)
KUBE_PASSWORD
=
$(
"
${
KUBE_ROOT
}
/cluster/kubectl.sh"
config view
-o
jsonpath
=
"{.users[?(@.name ==
\"
$1
\"
)].user.password}"
)
}
}
# Generate basic auth user and password.
# Generate basic auth user and password.
...
...
cluster/gce/upgrade.sh
View file @
bfd44853
...
@@ -70,6 +70,13 @@ function usage() {
...
@@ -70,6 +70,13 @@ function usage() {
function
upgrade-master
()
{
function
upgrade-master
()
{
echo
"== Upgrading master to '
${
SERVER_BINARY_TAR_URL
}
'. Do not interrupt, deleting master instance. =="
echo
"== Upgrading master to '
${
SERVER_BINARY_TAR_URL
}
'. Do not interrupt, deleting master instance. =="
# Tries to figure out KUBE_USER/KUBE_PASSWORD by first looking under
# kubeconfig:username, and then under kubeconfig:username-basic-auth.
# TODO: KUBE_USER is used in generating ABAC policy which the
# apiserver may not have enabled. If it's enabled, we must have a user
# to generate a valid ABAC policy. If the username changes, should
# the script fail? Should we generate a default username and password
# if the section is missing in kubeconfig? Handle this better in 1.5.
get-kubeconfig-basicauth
get-kubeconfig-basicauth
get-kubeconfig-bearertoken
get-kubeconfig-bearertoken
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment