Ensure MasterConfiguration is refered to as cfg throughout
This commit is contained in:
Ilya Dmitrichenko
@@ -32,7 +32,7 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
// TODO(phase1+): kube-proxy should be a daemonset, three different daemonsets should not be here
|
// TODO(phase1+): kube-proxy should be a daemonset, three different daemonsets should not be here
|
||||||
func createKubeProxyPodSpec(s *kubeadmapi.MasterConfiguration, architecture string) api.PodSpec {
|
func createKubeProxyPodSpec(cfg *kubeadmapi.MasterConfiguration, architecture string) api.PodSpec {
|
||||||
envParams := kubeadmapi.GetEnvParams()
|
envParams := kubeadmapi.GetEnvParams()
|
||||||
privilegedTrue := true
|
privilegedTrue := true
|
||||||
return api.PodSpec{
|
return api.PodSpec{
|
||||||
@@ -42,8 +42,8 @@ func createKubeProxyPodSpec(s *kubeadmapi.MasterConfiguration, architecture stri
|
|||||||
},
|
},
|
||||||
Containers: []api.Container{{
|
Containers: []api.Container{{
|
||||||
Name: kubeProxy,
|
Name: kubeProxy,
|
||||||
Image: images.GetCoreImage(images.KubeProxyImage, s, envParams["hyperkube_image"]),
|
Image: images.GetCoreImage(images.KubeProxyImage, cfg, envParams["hyperkube_image"]),
|
||||||
Command: append(getComponentCommand("proxy", s), "--kubeconfig=/run/kubeconfig"),
|
Command: append(getComponentCommand("proxy", cfg), "--kubeconfig=/run/kubeconfig"),
|
||||||
SecurityContext: &api.SecurityContext{Privileged: &privilegedTrue},
|
SecurityContext: &api.SecurityContext{Privileged: &privilegedTrue},
|
||||||
VolumeMounts: []api.VolumeMount{
|
VolumeMounts: []api.VolumeMount{
|
||||||
{
|
{
|
||||||
@@ -85,7 +85,7 @@ func createKubeProxyPodSpec(s *kubeadmapi.MasterConfiguration, architecture stri
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func createKubeDNSPodSpec(s *kubeadmapi.MasterConfiguration) api.PodSpec {
|
func createKubeDNSPodSpec(cfg *kubeadmapi.MasterConfiguration) api.PodSpec {
|
||||||
|
|
||||||
dnsPodResources := api.ResourceList{
|
dnsPodResources := api.ResourceList{
|
||||||
api.ResourceName(api.ResourceCPU): resource.MustParse("100m"),
|
api.ResourceName(api.ResourceCPU): resource.MustParse("100m"),
|
||||||
@@ -100,7 +100,7 @@ func createKubeDNSPodSpec(s *kubeadmapi.MasterConfiguration) api.PodSpec {
|
|||||||
kubeDNSPort := int32(10053)
|
kubeDNSPort := int32(10053)
|
||||||
dnsmasqPort := int32(53)
|
dnsmasqPort := int32(53)
|
||||||
|
|
||||||
nslookup := fmt.Sprintf("nslookup kubernetes.default.svc.%s 127.0.0.1", s.Networking.DNSDomain)
|
nslookup := fmt.Sprintf("nslookup kubernetes.default.svc.%s 127.0.0.1", cfg.Networking.DNSDomain)
|
||||||
|
|
||||||
nslookup = fmt.Sprintf("-cmd=%s:%d >/dev/null && %s:%d >/dev/null",
|
nslookup = fmt.Sprintf("-cmd=%s:%d >/dev/null && %s:%d >/dev/null",
|
||||||
nslookup, dnsmasqPort,
|
nslookup, dnsmasqPort,
|
||||||
@@ -121,7 +121,7 @@ func createKubeDNSPodSpec(s *kubeadmapi.MasterConfiguration) api.PodSpec {
|
|||||||
Requests: dnsPodResources,
|
Requests: dnsPodResources,
|
||||||
},
|
},
|
||||||
Args: []string{
|
Args: []string{
|
||||||
fmt.Sprintf("--domain=%s", s.Networking.DNSDomain),
|
fmt.Sprintf("--domain=%s", cfg.Networking.DNSDomain),
|
||||||
fmt.Sprintf("--dns-port=%d", kubeDNSPort),
|
fmt.Sprintf("--dns-port=%d", kubeDNSPort),
|
||||||
// TODO __PILLAR__FEDERATIONS__DOMAIN__MAP__
|
// TODO __PILLAR__FEDERATIONS__DOMAIN__MAP__
|
||||||
},
|
},
|
||||||
@@ -214,14 +214,14 @@ func createKubeDNSPodSpec(s *kubeadmapi.MasterConfiguration) api.PodSpec {
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func createKubeDNSServiceSpec(s *kubeadmapi.MasterConfiguration) (*api.ServiceSpec, error) {
|
func createKubeDNSServiceSpec(cfg *kubeadmapi.MasterConfiguration) (*api.ServiceSpec, error) {
|
||||||
_, n, err := net.ParseCIDR(s.Networking.ServiceSubnet)
|
_, n, err := net.ParseCIDR(cfg.Networking.ServiceSubnet)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("could not parse %q: %v", s.Networking.ServiceSubnet, err)
|
return nil, fmt.Errorf("could not parse %q: %v", cfg.Networking.ServiceSubnet, err)
|
||||||
}
|
}
|
||||||
ip, err := ipallocator.GetIndexedIP(n, 10)
|
ip, err := ipallocator.GetIndexedIP(n, 10)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("unable to allocate IP address for kube-dns addon from the given CIDR (%q) [%v]", s.Networking.ServiceSubnet, err)
|
return nil, fmt.Errorf("unable to allocate IP address for kube-dns addon from the given CIDR (%q) [%v]", cfg.Networking.ServiceSubnet, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
svc := &api.ServiceSpec{
|
svc := &api.ServiceSpec{
|
||||||
@@ -236,11 +236,11 @@ func createKubeDNSServiceSpec(s *kubeadmapi.MasterConfiguration) (*api.ServiceSp
|
|||||||
return svc, nil
|
return svc, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func CreateEssentialAddons(s *kubeadmapi.MasterConfiguration, client *clientset.Clientset) error {
|
func CreateEssentialAddons(cfg *kubeadmapi.MasterConfiguration, client *clientset.Clientset) error {
|
||||||
arches := [3]string{"amd64", "arm", "arm64"}
|
arches := [3]string{"amd64", "arm", "arm64"}
|
||||||
|
|
||||||
for _, arch := range arches {
|
for _, arch := range arches {
|
||||||
kubeProxyDaemonSet := NewDaemonSet(kubeProxy+"-"+arch, createKubeProxyPodSpec(s, arch))
|
kubeProxyDaemonSet := NewDaemonSet(kubeProxy+"-"+arch, createKubeProxyPodSpec(cfg, arch))
|
||||||
SetMasterTaintTolerations(&kubeProxyDaemonSet.Spec.Template.ObjectMeta)
|
SetMasterTaintTolerations(&kubeProxyDaemonSet.Spec.Template.ObjectMeta)
|
||||||
|
|
||||||
if _, err := client.Extensions().DaemonSets(api.NamespaceSystem).Create(kubeProxyDaemonSet); err != nil {
|
if _, err := client.Extensions().DaemonSets(api.NamespaceSystem).Create(kubeProxyDaemonSet); err != nil {
|
||||||
@@ -250,14 +250,14 @@ func CreateEssentialAddons(s *kubeadmapi.MasterConfiguration, client *clientset.
|
|||||||
|
|
||||||
fmt.Println("<master/addons> created essential addon: kube-proxy")
|
fmt.Println("<master/addons> created essential addon: kube-proxy")
|
||||||
|
|
||||||
kubeDNSDeployment := NewDeployment("kube-dns", 1, createKubeDNSPodSpec(s))
|
kubeDNSDeployment := NewDeployment("kube-dns", 1, createKubeDNSPodSpec(cfg))
|
||||||
SetMasterTaintTolerations(&kubeDNSDeployment.Spec.Template.ObjectMeta)
|
SetMasterTaintTolerations(&kubeDNSDeployment.Spec.Template.ObjectMeta)
|
||||||
|
|
||||||
if _, err := client.Extensions().Deployments(api.NamespaceSystem).Create(kubeDNSDeployment); err != nil {
|
if _, err := client.Extensions().Deployments(api.NamespaceSystem).Create(kubeDNSDeployment); err != nil {
|
||||||
return fmt.Errorf("<master/addons> failed creating essential kube-dns addon [%v]", err)
|
return fmt.Errorf("<master/addons> failed creating essential kube-dns addon [%v]", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
kubeDNSServiceSpec, err := createKubeDNSServiceSpec(s)
|
kubeDNSServiceSpec, err := createKubeDNSServiceSpec(cfg)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("<master/addons> failed creating essential kube-dns addon - %v", err)
|
return fmt.Errorf("<master/addons> failed creating essential kube-dns addon - %v", err)
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -40,18 +40,18 @@ const (
|
|||||||
kubeDiscoverySecretName = "clusterinfo"
|
kubeDiscoverySecretName = "clusterinfo"
|
||||||
)
|
)
|
||||||
|
|
||||||
func encodeKubeDiscoverySecretData(s *kubeadmapi.MasterConfiguration, caCert *x509.Certificate) map[string][]byte {
|
func encodeKubeDiscoverySecretData(cfg *kubeadmapi.MasterConfiguration, caCert *x509.Certificate) map[string][]byte {
|
||||||
var (
|
var (
|
||||||
data = map[string][]byte{}
|
data = map[string][]byte{}
|
||||||
endpointList = []string{}
|
endpointList = []string{}
|
||||||
tokenMap = map[string]string{}
|
tokenMap = map[string]string{}
|
||||||
)
|
)
|
||||||
|
|
||||||
for _, addr := range s.API.AdvertiseAddresses {
|
for _, addr := range cfg.API.AdvertiseAddresses {
|
||||||
endpointList = append(endpointList, fmt.Sprintf("https://%s:%d", addr, s.API.BindPort))
|
endpointList = append(endpointList, fmt.Sprintf("https://%s:%d", addr, cfg.API.BindPort))
|
||||||
}
|
}
|
||||||
|
|
||||||
tokenMap[s.Secrets.TokenID] = s.Secrets.BearerToken
|
tokenMap[cfg.Secrets.TokenID] = cfg.Secrets.BearerToken
|
||||||
|
|
||||||
data["endpoint-list.json"], _ = json.Marshal(endpointList)
|
data["endpoint-list.json"], _ = json.Marshal(endpointList)
|
||||||
data["token-map.json"], _ = json.Marshal(tokenMap)
|
data["token-map.json"], _ = json.Marshal(tokenMap)
|
||||||
@@ -60,7 +60,7 @@ func encodeKubeDiscoverySecretData(s *kubeadmapi.MasterConfiguration, caCert *x5
|
|||||||
return data
|
return data
|
||||||
}
|
}
|
||||||
|
|
||||||
func newKubeDiscoveryPodSpec(s *kubeadmapi.MasterConfiguration) api.PodSpec {
|
func newKubeDiscoveryPodSpec(cfg *kubeadmapi.MasterConfiguration) api.PodSpec {
|
||||||
envParams := kubeadmapi.GetEnvParams()
|
envParams := kubeadmapi.GetEnvParams()
|
||||||
return api.PodSpec{
|
return api.PodSpec{
|
||||||
// We have to use host network namespace, as `HostPort`/`HostIP` are Docker's
|
// We have to use host network namespace, as `HostPort`/`HostIP` are Docker's
|
||||||
@@ -80,7 +80,7 @@ func newKubeDiscoveryPodSpec(s *kubeadmapi.MasterConfiguration) api.PodSpec {
|
|||||||
Ports: []api.ContainerPort{
|
Ports: []api.ContainerPort{
|
||||||
// TODO when CNI issue (#31307) is resolved, we should consider adding
|
// TODO when CNI issue (#31307) is resolved, we should consider adding
|
||||||
// `HostIP: s.API.AdvertiseAddrs[0]`, if there is only one address`
|
// `HostIP: s.API.AdvertiseAddrs[0]`, if there is only one address`
|
||||||
{Name: "http", ContainerPort: kubeadmapi.DefaultDiscoveryBindPort, HostPort: s.Discovery.BindPort},
|
{Name: "http", ContainerPort: kubeadmapi.DefaultDiscoveryBindPort, HostPort: cfg.Discovery.BindPort},
|
||||||
},
|
},
|
||||||
SecurityContext: &api.SecurityContext{
|
SecurityContext: &api.SecurityContext{
|
||||||
SELinuxOptions: &api.SELinuxOptions{
|
SELinuxOptions: &api.SELinuxOptions{
|
||||||
@@ -101,13 +101,13 @@ func newKubeDiscoveryPodSpec(s *kubeadmapi.MasterConfiguration) api.PodSpec {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func newKubeDiscovery(s *kubeadmapi.MasterConfiguration, caCert *x509.Certificate) kubeDiscovery {
|
func newKubeDiscovery(cfg *kubeadmapi.MasterConfiguration, caCert *x509.Certificate) kubeDiscovery {
|
||||||
kd := kubeDiscovery{
|
kd := kubeDiscovery{
|
||||||
Deployment: NewDeployment(kubeDiscoveryName, 1, newKubeDiscoveryPodSpec(s)),
|
Deployment: NewDeployment(kubeDiscoveryName, 1, newKubeDiscoveryPodSpec(cfg)),
|
||||||
Secret: &api.Secret{
|
Secret: &api.Secret{
|
||||||
ObjectMeta: api.ObjectMeta{Name: kubeDiscoverySecretName},
|
ObjectMeta: api.ObjectMeta{Name: kubeDiscoverySecretName},
|
||||||
Type: api.SecretTypeOpaque,
|
Type: api.SecretTypeOpaque,
|
||||||
Data: encodeKubeDiscoverySecretData(s, caCert),
|
Data: encodeKubeDiscoverySecretData(cfg, caCert),
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -117,8 +117,8 @@ func newKubeDiscovery(s *kubeadmapi.MasterConfiguration, caCert *x509.Certificat
|
|||||||
return kd
|
return kd
|
||||||
}
|
}
|
||||||
|
|
||||||
func CreateDiscoveryDeploymentAndSecret(s *kubeadmapi.MasterConfiguration, client *clientset.Clientset, caCert *x509.Certificate) error {
|
func CreateDiscoveryDeploymentAndSecret(cfg *kubeadmapi.MasterConfiguration, client *clientset.Clientset, caCert *x509.Certificate) error {
|
||||||
kd := newKubeDiscovery(s, caCert)
|
kd := newKubeDiscovery(cfg, caCert)
|
||||||
|
|
||||||
if _, err := client.Extensions().Deployments(api.NamespaceSystem).Create(kd.Deployment); err != nil {
|
if _, err := client.Extensions().Deployments(api.NamespaceSystem).Create(kd.Deployment); err != nil {
|
||||||
return fmt.Errorf("<master/discovery> failed to create %q deployment [%v]", kubeDiscoveryName, err)
|
return fmt.Errorf("<master/discovery> failed to create %q deployment [%v]", kubeDiscoveryName, err)
|
||||||
|
|||||||
@@ -53,37 +53,37 @@ const (
|
|||||||
|
|
||||||
// WriteStaticPodManifests builds manifest objects based on user provided configuration and then dumps it to disk
|
// WriteStaticPodManifests builds manifest objects based on user provided configuration and then dumps it to disk
|
||||||
// where kubelet will pick and schedule them.
|
// where kubelet will pick and schedule them.
|
||||||
func WriteStaticPodManifests(s *kubeadmapi.MasterConfiguration) error {
|
func WriteStaticPodManifests(cfg *kubeadmapi.MasterConfiguration) error {
|
||||||
envParams := kubeadmapi.GetEnvParams()
|
envParams := kubeadmapi.GetEnvParams()
|
||||||
// Prepare static pod specs
|
// Prepare static pod specs
|
||||||
staticPodSpecs := map[string]api.Pod{
|
staticPodSpecs := map[string]api.Pod{
|
||||||
kubeAPIServer: componentPod(api.Container{
|
kubeAPIServer: componentPod(api.Container{
|
||||||
Name: kubeAPIServer,
|
Name: kubeAPIServer,
|
||||||
Image: images.GetCoreImage(images.KubeAPIServerImage, s, envParams["hyperkube_image"]),
|
Image: images.GetCoreImage(images.KubeAPIServerImage, cfg, envParams["hyperkube_image"]),
|
||||||
Command: getComponentCommand(apiServer, s),
|
Command: getComponentCommand(apiServer, cfg),
|
||||||
VolumeMounts: []api.VolumeMount{certsVolumeMount(), k8sVolumeMount()},
|
VolumeMounts: []api.VolumeMount{certsVolumeMount(), k8sVolumeMount()},
|
||||||
LivenessProbe: componentProbe(8080, "/healthz"),
|
LivenessProbe: componentProbe(8080, "/healthz"),
|
||||||
Resources: componentResources("250m"),
|
Resources: componentResources("250m"),
|
||||||
}, certsVolume(s), k8sVolume(s)),
|
}, certsVolume(cfg), k8sVolume(cfg)),
|
||||||
kubeControllerManager: componentPod(api.Container{
|
kubeControllerManager: componentPod(api.Container{
|
||||||
Name: kubeControllerManager,
|
Name: kubeControllerManager,
|
||||||
Image: images.GetCoreImage(images.KubeControllerManagerImage, s, envParams["hyperkube_image"]),
|
Image: images.GetCoreImage(images.KubeControllerManagerImage, cfg, envParams["hyperkube_image"]),
|
||||||
Command: getComponentCommand(controllerManager, s),
|
Command: getComponentCommand(controllerManager, cfg),
|
||||||
VolumeMounts: []api.VolumeMount{certsVolumeMount(), k8sVolumeMount()},
|
VolumeMounts: []api.VolumeMount{certsVolumeMount(), k8sVolumeMount()},
|
||||||
LivenessProbe: componentProbe(10252, "/healthz"),
|
LivenessProbe: componentProbe(10252, "/healthz"),
|
||||||
Resources: componentResources("200m"),
|
Resources: componentResources("200m"),
|
||||||
}, certsVolume(s), k8sVolume(s)),
|
}, certsVolume(cfg), k8sVolume(cfg)),
|
||||||
kubeScheduler: componentPod(api.Container{
|
kubeScheduler: componentPod(api.Container{
|
||||||
Name: kubeScheduler,
|
Name: kubeScheduler,
|
||||||
Image: images.GetCoreImage(images.KubeSchedulerImage, s, envParams["hyperkube_image"]),
|
Image: images.GetCoreImage(images.KubeSchedulerImage, cfg, envParams["hyperkube_image"]),
|
||||||
Command: getComponentCommand(scheduler, s),
|
Command: getComponentCommand(scheduler, cfg),
|
||||||
LivenessProbe: componentProbe(10251, "/healthz"),
|
LivenessProbe: componentProbe(10251, "/healthz"),
|
||||||
Resources: componentResources("100m"),
|
Resources: componentResources("100m"),
|
||||||
}),
|
}),
|
||||||
}
|
}
|
||||||
|
|
||||||
// Add etcd static pod spec only if external etcd is not configured
|
// Add etcd static pod spec only if external etcd is not configured
|
||||||
if len(s.Etcd.Endpoints) == 0 {
|
if len(cfg.Etcd.Endpoints) == 0 {
|
||||||
staticPodSpecs[etcd] = componentPod(api.Container{
|
staticPodSpecs[etcd] = componentPod(api.Container{
|
||||||
Name: etcd,
|
Name: etcd,
|
||||||
Command: []string{
|
Command: []string{
|
||||||
@@ -93,7 +93,7 @@ func WriteStaticPodManifests(s *kubeadmapi.MasterConfiguration) error {
|
|||||||
"--data-dir=/var/etcd/data",
|
"--data-dir=/var/etcd/data",
|
||||||
},
|
},
|
||||||
VolumeMounts: []api.VolumeMount{certsVolumeMount(), etcdVolumeMount(), k8sVolumeMount()},
|
VolumeMounts: []api.VolumeMount{certsVolumeMount(), etcdVolumeMount(), k8sVolumeMount()},
|
||||||
Image: images.GetCoreImage(images.KubeEtcdImage, s, envParams["etcd_image"]),
|
Image: images.GetCoreImage(images.KubeEtcdImage, cfg, envParams["etcd_image"]),
|
||||||
LivenessProbe: componentProbe(2379, "/health"),
|
LivenessProbe: componentProbe(2379, "/health"),
|
||||||
Resources: componentResources("200m"),
|
Resources: componentResources("200m"),
|
||||||
SecurityContext: &api.SecurityContext{
|
SecurityContext: &api.SecurityContext{
|
||||||
@@ -105,7 +105,7 @@ func WriteStaticPodManifests(s *kubeadmapi.MasterConfiguration) error {
|
|||||||
Type: "unconfined_t",
|
Type: "unconfined_t",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
}, certsVolume(s), etcdVolume(s), k8sVolume(s))
|
}, certsVolume(cfg), etcdVolume(cfg), k8sVolume(cfg))
|
||||||
}
|
}
|
||||||
|
|
||||||
manifestsPath := path.Join(envParams["kubernetes_dir"], "manifests")
|
manifestsPath := path.Join(envParams["kubernetes_dir"], "manifests")
|
||||||
@@ -126,7 +126,7 @@ func WriteStaticPodManifests(s *kubeadmapi.MasterConfiguration) error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// etcdVolume exposes a path on the host in order to guarantee data survival during reboot.
|
// etcdVolume exposes a path on the host in order to guarantee data survival during reboot.
|
||||||
func etcdVolume(s *kubeadmapi.MasterConfiguration) api.Volume {
|
func etcdVolume(cfg *kubeadmapi.MasterConfiguration) api.Volume {
|
||||||
envParams := kubeadmapi.GetEnvParams()
|
envParams := kubeadmapi.GetEnvParams()
|
||||||
return api.Volume{
|
return api.Volume{
|
||||||
Name: "etcd",
|
Name: "etcd",
|
||||||
@@ -144,7 +144,7 @@ func etcdVolumeMount() api.VolumeMount {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// certsVolume exposes host SSL certificates to pod containers.
|
// certsVolume exposes host SSL certificates to pod containers.
|
||||||
func certsVolume(s *kubeadmapi.MasterConfiguration) api.Volume {
|
func certsVolume(cfg *kubeadmapi.MasterConfiguration) api.Volume {
|
||||||
return api.Volume{
|
return api.Volume{
|
||||||
Name: "certs",
|
Name: "certs",
|
||||||
VolumeSource: api.VolumeSource{
|
VolumeSource: api.VolumeSource{
|
||||||
@@ -161,7 +161,7 @@ func certsVolumeMount() api.VolumeMount {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func k8sVolume(s *kubeadmapi.MasterConfiguration) api.Volume {
|
func k8sVolume(cfg *kubeadmapi.MasterConfiguration) api.Volume {
|
||||||
envParams := kubeadmapi.GetEnvParams()
|
envParams := kubeadmapi.GetEnvParams()
|
||||||
return api.Volume{
|
return api.Volume{
|
||||||
Name: "pki",
|
Name: "pki",
|
||||||
@@ -221,18 +221,18 @@ func componentPod(container api.Container, volumes ...api.Volume) api.Pod {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func getComponentCommand(component string, s *kubeadmapi.MasterConfiguration) (command []string) {
|
func getComponentCommand(component string, cfg *kubeadmapi.MasterConfiguration) (command []string) {
|
||||||
baseFlags := map[string][]string{
|
baseFlags := map[string][]string{
|
||||||
apiServer: {
|
apiServer: {
|
||||||
"--insecure-bind-address=127.0.0.1",
|
"--insecure-bind-address=127.0.0.1",
|
||||||
"--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota",
|
"--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota",
|
||||||
"--service-cluster-ip-range=" + s.Networking.ServiceSubnet,
|
"--service-cluster-ip-range=" + cfg.Networking.ServiceSubnet,
|
||||||
"--service-account-key-file=" + pkiDir + "/apiserver-key.pem",
|
"--service-account-key-file=" + pkiDir + "/apiserver-key.pem",
|
||||||
"--client-ca-file=" + pkiDir + "/ca.pem",
|
"--client-ca-file=" + pkiDir + "/ca.pem",
|
||||||
"--tls-cert-file=" + pkiDir + "/apiserver.pem",
|
"--tls-cert-file=" + pkiDir + "/apiserver.pem",
|
||||||
"--tls-private-key-file=" + pkiDir + "/apiserver-key.pem",
|
"--tls-private-key-file=" + pkiDir + "/apiserver-key.pem",
|
||||||
"--token-auth-file=" + pkiDir + "/tokens.csv",
|
"--token-auth-file=" + pkiDir + "/tokens.csv",
|
||||||
fmt.Sprintf("--secure-port=%d", s.API.BindPort),
|
fmt.Sprintf("--secure-port=%d", cfg.API.BindPort),
|
||||||
"--allow-privileged",
|
"--allow-privileged",
|
||||||
},
|
},
|
||||||
controllerManager: {
|
controllerManager: {
|
||||||
@@ -266,30 +266,30 @@ func getComponentCommand(component string, s *kubeadmapi.MasterConfiguration) (c
|
|||||||
|
|
||||||
if component == apiServer {
|
if component == apiServer {
|
||||||
// Use first address we are given
|
// Use first address we are given
|
||||||
if len(s.API.AdvertiseAddresses) > 0 {
|
if len(cfg.API.AdvertiseAddresses) > 0 {
|
||||||
command = append(command, fmt.Sprintf("--advertise-address=%s", s.API.AdvertiseAddresses[0]))
|
command = append(command, fmt.Sprintf("--advertise-address=%s", cfg.API.AdvertiseAddresses[0]))
|
||||||
}
|
}
|
||||||
// Check if the user decided to use an external etcd cluster
|
// Check if the user decided to use an external etcd cluster
|
||||||
if len(s.Etcd.Endpoints) > 0 {
|
if len(cfg.Etcd.Endpoints) > 0 {
|
||||||
command = append(command, fmt.Sprintf("--etcd-servers=%s", strings.Join(s.Etcd.Endpoints, ",")))
|
command = append(command, fmt.Sprintf("--etcd-servers=%s", strings.Join(cfg.Etcd.Endpoints, ",")))
|
||||||
} else {
|
} else {
|
||||||
command = append(command, "--etcd-servers=http://127.0.0.1:2379")
|
command = append(command, "--etcd-servers=http://127.0.0.1:2379")
|
||||||
}
|
}
|
||||||
|
|
||||||
// Is etcd secured?
|
// Is etcd secured?
|
||||||
if s.Etcd.CAFile != "" {
|
if cfg.Etcd.CAFile != "" {
|
||||||
command = append(command, fmt.Sprintf("--etcd-cafile=%s", s.Etcd.CAFile))
|
command = append(command, fmt.Sprintf("--etcd-cafile=%s", cfg.Etcd.CAFile))
|
||||||
}
|
}
|
||||||
if s.Etcd.CertFile != "" && s.Etcd.KeyFile != "" {
|
if cfg.Etcd.CertFile != "" && cfg.Etcd.KeyFile != "" {
|
||||||
etcdClientFileArg := fmt.Sprintf("--etcd-certfile=%s", s.Etcd.CertFile)
|
etcdClientFileArg := fmt.Sprintf("--etcd-certfile=%s", cfg.Etcd.CertFile)
|
||||||
etcdKeyFileArg := fmt.Sprintf("--etcd-keyfile=%s", s.Etcd.KeyFile)
|
etcdKeyFileArg := fmt.Sprintf("--etcd-keyfile=%s", cfg.Etcd.KeyFile)
|
||||||
command = append(command, etcdClientFileArg, etcdKeyFileArg)
|
command = append(command, etcdClientFileArg, etcdKeyFileArg)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if component == controllerManager {
|
if component == controllerManager {
|
||||||
if s.CloudProvider != "" {
|
if cfg.CloudProvider != "" {
|
||||||
command = append(command, "--cloud-provider="+s.CloudProvider)
|
command = append(command, "--cloud-provider="+cfg.CloudProvider)
|
||||||
|
|
||||||
// Only append the --cloud-config option if there's a such file
|
// Only append the --cloud-config option if there's a such file
|
||||||
// TODO(phase1+) this won't work unless it's in one of the few directories we bind-mount
|
// TODO(phase1+) this won't work unless it's in one of the few directories we bind-mount
|
||||||
@@ -299,8 +299,8 @@ func getComponentCommand(component string, s *kubeadmapi.MasterConfiguration) (c
|
|||||||
}
|
}
|
||||||
// Let the controller-manager allocate Node CIDRs for the Pod network.
|
// Let the controller-manager allocate Node CIDRs for the Pod network.
|
||||||
// Each node will get a subspace of the address CIDR provided with --pod-network-cidr.
|
// Each node will get a subspace of the address CIDR provided with --pod-network-cidr.
|
||||||
if s.Networking.PodSubnet != "" {
|
if cfg.Networking.PodSubnet != "" {
|
||||||
command = append(command, "--allocate-node-cidrs=true", "--cluster-cidr="+s.Networking.PodSubnet)
|
command = append(command, "--allocate-node-cidrs=true", "--cluster-cidr="+cfg.Networking.PodSubnet)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -46,7 +46,7 @@ func newCertificateAuthority() (*rsa.PrivateKey, *x509.Certificate, error) {
|
|||||||
return key, cert, nil
|
return key, cert, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func newServerKeyAndCert(s *kubeadmapi.MasterConfiguration, caCert *x509.Certificate, caKey *rsa.PrivateKey, altNames certutil.AltNames) (*rsa.PrivateKey, *x509.Certificate, error) {
|
func newServerKeyAndCert(cfg *kubeadmapi.MasterConfiguration, caCert *x509.Certificate, caKey *rsa.PrivateKey, altNames certutil.AltNames) (*rsa.PrivateKey, *x509.Certificate, error) {
|
||||||
key, err := certutil.NewPrivateKey()
|
key, err := certutil.NewPrivateKey()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, nil, fmt.Errorf("unabel to create private key [%v]", err)
|
return nil, nil, fmt.Errorf("unabel to create private key [%v]", err)
|
||||||
@@ -56,16 +56,16 @@ func newServerKeyAndCert(s *kubeadmapi.MasterConfiguration, caCert *x509.Certifi
|
|||||||
"kubernetes",
|
"kubernetes",
|
||||||
"kubernetes.default",
|
"kubernetes.default",
|
||||||
"kubernetes.default.svc",
|
"kubernetes.default.svc",
|
||||||
fmt.Sprintf("kubernetes.default.svc.%s", s.Networking.DNSDomain),
|
fmt.Sprintf("kubernetes.default.svc.%s", cfg.Networking.DNSDomain),
|
||||||
}
|
}
|
||||||
|
|
||||||
_, n, err := net.ParseCIDR(s.Networking.ServiceSubnet)
|
_, n, err := net.ParseCIDR(cfg.Networking.ServiceSubnet)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, nil, fmt.Errorf("error parsing CIDR %q: %v", s.Networking.ServiceSubnet, err)
|
return nil, nil, fmt.Errorf("error parsing CIDR %q: %v", cfg.Networking.ServiceSubnet, err)
|
||||||
}
|
}
|
||||||
internalAPIServerVirtualIP, err := ipallocator.GetIndexedIP(n, 1)
|
internalAPIServerVirtualIP, err := ipallocator.GetIndexedIP(n, 1)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, nil, fmt.Errorf("unable to allocate IP address for the API server from the given CIDR (%q) [%v]", &s.Networking.ServiceSubnet, err)
|
return nil, nil, fmt.Errorf("unable to allocate IP address for the API server from the given CIDR (%q) [%v]", &cfg.Networking.ServiceSubnet, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
altNames.IPs = append(altNames.IPs, internalAPIServerVirtualIP)
|
altNames.IPs = append(altNames.IPs, internalAPIServerVirtualIP)
|
||||||
@@ -143,20 +143,20 @@ func newServiceAccountKey() (*rsa.PrivateKey, error) {
|
|||||||
// It first generates a self-signed CA certificate, a server certificate (signed by the CA) and a key for
|
// It first generates a self-signed CA certificate, a server certificate (signed by the CA) and a key for
|
||||||
// signing service account tokens. It returns CA key and certificate, which is convenient for use with
|
// signing service account tokens. It returns CA key and certificate, which is convenient for use with
|
||||||
// client config funcs.
|
// client config funcs.
|
||||||
func CreatePKIAssets(s *kubeadmapi.MasterConfiguration) (*rsa.PrivateKey, *x509.Certificate, error) {
|
func CreatePKIAssets(cfg *kubeadmapi.MasterConfiguration) (*rsa.PrivateKey, *x509.Certificate, error) {
|
||||||
var (
|
var (
|
||||||
err error
|
err error
|
||||||
altNames certutil.AltNames
|
altNames certutil.AltNames
|
||||||
)
|
)
|
||||||
|
|
||||||
for _, a := range s.API.AdvertiseAddresses {
|
for _, a := range cfg.API.AdvertiseAddresses {
|
||||||
if ip := net.ParseIP(a); ip != nil {
|
if ip := net.ParseIP(a); ip != nil {
|
||||||
altNames.IPs = append(altNames.IPs, ip)
|
altNames.IPs = append(altNames.IPs, ip)
|
||||||
} else {
|
} else {
|
||||||
return nil, nil, fmt.Errorf("could not parse ip %q", a)
|
return nil, nil, fmt.Errorf("could not parse ip %q", a)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
altNames.DNSNames = append(altNames.DNSNames, s.API.ExternalDNSNames...)
|
altNames.DNSNames = append(altNames.DNSNames, cfg.API.ExternalDNSNames...)
|
||||||
|
|
||||||
pkiPath := path.Join(kubeadmapi.GetEnvParams()["host_pki_path"])
|
pkiPath := path.Join(kubeadmapi.GetEnvParams()["host_pki_path"])
|
||||||
|
|
||||||
@@ -172,7 +172,7 @@ func CreatePKIAssets(s *kubeadmapi.MasterConfiguration) (*rsa.PrivateKey, *x509.
|
|||||||
pub, prv, cert := pathsKeysCerts(pkiPath, "ca")
|
pub, prv, cert := pathsKeysCerts(pkiPath, "ca")
|
||||||
fmt.Printf("Public: %s\nPrivate: %s\nCert: %s\n", pub, prv, cert)
|
fmt.Printf("Public: %s\nPrivate: %s\nCert: %s\n", pub, prv, cert)
|
||||||
|
|
||||||
apiKey, apiCert, err := newServerKeyAndCert(s, caCert, caKey, altNames)
|
apiKey, apiCert, err := newServerKeyAndCert(cfg, caCert, caKey, altNames)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, nil, fmt.Errorf("<master/pki> failure while creating API server keys and certificate - %v", err)
|
return nil, nil, fmt.Errorf("<master/pki> failure while creating API server keys and certificate - %v", err)
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user