github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Read the federation controller manager kubeconfig from a filesystem path.

Browse Source 
This decoupling from the Kubernetes API allows admins to run federation
control plane components wherever they like, even outside Kubernetes.
This commit is contained in:
Madhusudan.C.S 2016-08-14 16:54:09 -07:00
parent a96f028208
commit 362c561bd4
2 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
federation/cmd/federation-controller-manager/app/controllermanager.go
View File

@ -52,10 +52,6 @@ import (
) )
const ( const (
// TODO(madhusudancs): Consider making this configurable via a flag.
// "federation-apiserver-kubeconfig" is a reserved secret name which
// stores the kubeconfig for federation-apiserver.
KubeconfigSecretName = "federation-apiserver-kubeconfig"
// "federation-apiserver-secret" was the old name we used to store // "federation-apiserver-secret" was the old name we used to store
// Federation API server kubeconfig secret. Unfortunately, this name // Federation API server kubeconfig secret. Unfortunately, this name
// is very close to "federation-apiserver-secrets" and causes a lot // is very close to "federation-apiserver-secrets" and causes a lot
@ -95,8 +91,7 @@ func Run(s *options.CMServer) error {
glog.Errorf("unable to register configz: %s", err) glog.Errorf("unable to register configz: %s", err)
} }
// Create the config to talk to federation-apiserver. // Create the config to talk to federation-apiserver.
kubeconfigGetter := util.KubeconfigGetterForSecret(KubeconfigSecretName) restClientCfg, err := clientcmd.BuildConfigFromFlags(s.Master, s.Kubeconfig)
restClientCfg, err := clientcmd.BuildConfigFromKubeconfigGetter(s.Master, kubeconfigGetter)
if err != nil || restClientCfg == nil { if err != nil || restClientCfg == nil {
// Retry with the deprecated name in 1.4. // Retry with the deprecated name in 1.4.
// TODO(madhusudancs): Remove this in 1.5. // TODO(madhusudancs): Remove this in 1.5.

7
federation/manifests/federation-controller-manager-deployment.yaml
View File

@ -17,17 +17,24 @@ spec:
- name: ssl-certs - name: ssl-certs
hostPath: hostPath:
path: /etc/ssl/certs path: /etc/ssl/certs
- name: kubeconfig
secret:
secretName: federation-apiserver-kubeconfig
containers: containers:
- name: controller-manager - name: controller-manager
volumeMounts: volumeMounts:
- name: ssl-certs - name: ssl-certs
readOnly: true readOnly: true
mountPath: /etc/ssl/certs mountPath: /etc/ssl/certs
- name: kubeconfig
readOnly: true
mountPath: "/etc/federation/controller-manager",
image: {{.FEDERATION_CONTROLLER_MANAGER_IMAGE_REPO}}:{{.FEDERATION_CONTROLLER_MANAGER_IMAGE_TAG}} image: {{.FEDERATION_CONTROLLER_MANAGER_IMAGE_REPO}}:{{.FEDERATION_CONTROLLER_MANAGER_IMAGE_TAG}}
command: command:
- /usr/local/bin/hyperkube - /usr/local/bin/hyperkube
- federation-controller-manager - federation-controller-manager
- --master=https://{{.FEDERATION_APISERVER_DEPLOYMENT_NAME}}:443 - --master=https://{{.FEDERATION_APISERVER_DEPLOYMENT_NAME}}:443
- --kubeconfig=/etc/federation/controller-manager/kubeconfig
- --dns-provider={{.FEDERATION_DNS_PROVIDER}} - --dns-provider={{.FEDERATION_DNS_PROVIDER}}
- --dns-provider-config={{.FEDERATION_DNS_PROVIDER_CONFIG}} - --dns-provider-config={{.FEDERATION_DNS_PROVIDER_CONFIG}}
- --federation-name={{.FEDERATION_NAME}} - --federation-name={{.FEDERATION_NAME}}