github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Salt configuration to add basic auth to GCE.

Browse Source
This commit is contained in:
Robert Bailey
2015-04-27 22:39:39 -07:00
parent 01f201945d
commit 8206aa9eac
5 changed files with 39 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
cluster/gce/configure-vm.sh
View File

@@ -22,6 +22,7 @@ set -o pipefail
is_push=$@
readonly KNOWN_TOKENS_FILE="/srv/salt-overlay/salt/kube-apiserver/known_tokens.csv"
readonly BASIC_AUTH_FILE="/srv/salt-overlay/salt/kube-apiserver/basic_auth.csv"
function ensure-install-dir() {
INSTALL_DIR="/var/cache/kubernetes-install"
@@ -238,12 +239,18 @@ EOF
}
# This should only happen on cluster initialization. Uses
# KUBE_PASSWORD and KUBE_USER to generate basic_auth.csv. Uses
# KUBE_BEARER_TOKEN, KUBELET_TOKEN, and KUBE_PROXY_TOKEN to generate
# known_tokens.csv (KNOWN_TOKENS_FILE). After the first boot and
# on upgrade, this file exists on the master-pd and should never
# be touched again (except perhaps an additional service account,
# see NB below.)
function create-salt-auth() {
if [ ! -e "${BASIC_AUTH_FILE}" ]; then
mkdir -p /srv/salt-overlay/salt/kube-apiserver
(umask 077;
echo "${KUBE_PASSWORD},${KUBE_USER},admin" > "${BASIC_AUTH_FILE}")
fi
if [ ! -e "${KNOWN_TOKENS_FILE}" ]; then
mkdir -p /srv/salt-overlay/salt/kube-apiserver
(umask 077;

7
cluster/gce/util.sh
View File

@@ -471,6 +471,8 @@ ENABLE_CLUSTER_DNS: $(yaml-quote ${ENABLE_CLUSTER_DNS:-false})
DNS_REPLICAS: $(yaml-quote ${DNS_REPLICAS:-})
DNS_SERVER_IP: $(yaml-quote ${DNS_SERVER_IP:-})
DNS_DOMAIN: $(yaml-quote ${DNS_DOMAIN:-})
KUBE_USER: $(yaml-quote ${KUBE_USER})
KUBE_PASSWORD: $(yaml-quote ${KUBE_PASSWORD})
KUBE_BEARER_TOKEN: $(yaml-quote ${KUBE_BEARER_TOKEN})
KUBELET_TOKEN: $(yaml-quote ${KUBELET_TOKEN:-})
KUBE_PROXY_TOKEN: $(yaml-quote ${KUBE_PROXY_TOKEN:-})
@@ -507,6 +509,7 @@ function write-node-env {
# variables are set:
# ensure-temp-dir
# detect-project
# get-password
# get-bearer-token
#
function create-master-instance {
@@ -540,6 +543,7 @@ function kube-up {
ensure-temp-dir
detect-project
get-password
get-bearer-token
# Make sure we have the tar files staged on Google Storage
@@ -803,6 +807,7 @@ function kube-push {
detect-project
detect-master
detect-minion-names
get-password
get-bearer-token
# Make sure we have the tar files staged on Google Storage
@@ -831,7 +836,7 @@ function kube-push {
echo
echo " https://${KUBE_MASTER_IP}"
echo
echo "The user name and password to use is located in ~/.kubernetes_auth."
echo "The user name and password to use is located in ~/.kube/config"
echo
}