github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Sync with master

Browse Source 
Add fixes for newly added code.

Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
This commit is contained in:
Joakim Roubert 2020-06-24 12:02:02 +02:00 committed by Joakim Roubert
parent 196ae34f9b
commit 605be2216b
1 changed files with 17 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
cluster/gce/gci/configure-helper.sh
View File

@ -118,6 +118,8 @@ function gce-metadata-fw-helper {
;; ;;
esac esac
# Deliberately allow word split here
# shellcheck disable=SC2086
iptables ${command} OUTPUT -p tcp --dport 80 -d ${METADATA_SERVER_IP} -m owner ${invert:-} --uid-owner=${METADATA_SERVER_ALLOWED_UID_RANGE:-0-2999} -j ${action} iptables ${command} OUTPUT -p tcp --dport 80 -d ${METADATA_SERVER_IP} -m owner ${invert:-} --uid-owner=${METADATA_SERVER_ALLOWED_UID_RANGE:-0-2999} -j ${action}
} }
@ -171,6 +173,8 @@ function config-ip-firewall {
# node because we don't expect the daemonset to run on this node. # node because we don't expect the daemonset to run on this node.
if [[ "${ENABLE_METADATA_CONCEALMENT:-}" == "true" ]] && [[ ! "${METADATA_CONCEALMENT_NO_FIREWALL:-}" == "true" ]]; then if [[ "${ENABLE_METADATA_CONCEALMENT:-}" == "true" ]] && [[ ! "${METADATA_CONCEALMENT_NO_FIREWALL:-}" == "true" ]]; then
echo "Add rule for metadata concealment" echo "Add rule for metadata concealment"
# We do not want to add quotes for METADATA_SERVER_IP
# shellcheck disable=SC2086
iptables -w -t nat -I PREROUTING -p tcp -d ${METADATA_SERVER_IP} --dport 80 -m comment --comment "metadata-concealment: bridge traffic to metadata server goes to metadata proxy" -j DNAT --to-destination 127.0.0.1:988 iptables -w -t nat -I PREROUTING -p tcp -d ${METADATA_SERVER_IP} --dport 80 -m comment --comment "metadata-concealment: bridge traffic to metadata server goes to metadata proxy" -j DNAT --to-destination 127.0.0.1:988
fi fi
@ -300,7 +304,7 @@ function unique-uuid-bind-mount(){
udevadm trigger udevadm trigger
udevadm settle udevadm settle
# grep the exact match of actual device, prevents substring matching # find uuid for actual_device
local myuuid local myuuid
myuuid=$(find -L /dev/disk/by-uuid -maxdepth 1 -samefile /dev/"${actual_device}" -printf '%P\n') myuuid=$(find -L /dev/disk/by-uuid -maxdepth 1 -samefile /dev/"${actual_device}" -printf '%P\n')
# myuuid should be the uuid of the device as found in /dev/disk/by-uuid/ # myuuid should be the uuid of the device as found in /dev/disk/by-uuid/
@ -2133,10 +2137,18 @@ function get-metadata-value {
function copy-manifests { function copy-manifests {
local -r src_dir="$1" local -r src_dir="$1"
local -r dst_dir="$2" local -r dst_dir="$2"
mkdir -p "${dst_dir}" if [[ ! -d "${dst_dir}" ]]; then
mkdir -p "${dst_dir}"
find "${src_dir}" -maxdepth 1 \( -name "*.yaml" -o -name "*.json" -o -name "*.yaml.in" \) -exec cp {} "$dst_dir" \; fi
if [[ -n "$(ls "${src_dir}"/*.yaml 2>/dev/null)" ]]; then
cp "${src_dir}/"*.yaml "${dst_dir}"
fi
if [[ -n "$(ls "${src_dir}"/*.json 2>/dev/null)" ]]; then
cp "${src_dir}/"*.json "${dst_dir}"
fi
if [[ -n "$(ls "${src_dir}"/*.yaml.in 2>/dev/null)" ]]; then
cp "${src_dir}/"*.yaml.in "${dst_dir}"
fi
chown -R root:root "${dst_dir}" chown -R root:root "${dst_dir}"
chmod 755 "${dst_dir}" chmod 755 "${dst_dir}"
chmod 644 "${dst_dir}"/* chmod 644 "${dst_dir}"/*