-
Notifications
You must be signed in to change notification settings - Fork 40.4k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #49982 from luxas/kubeadm_node_bootstrap_token_phase
Automatic merge from submit-queue (batch tested with PRs 49615, 49321, 49982, 49788, 50355) kubeadm: Move all node bootstrap token related code in one phase package **What this PR does / why we need it**: Part of the phases refactoring. Moves everything Node Bootstrap Token-related into its own package. In the future there will be a `phases/bootstraptoken/master` pkg as well. The generic bootstrap token client functions should be moved to client go eventually kubernetes/client-go#114 **Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes # **Special notes for your reviewer**: I'll yet add the CLI interface for this tomorrow. Not sure if this compiles currently, but I'm uploading this now for initial review. **Release note**: ```release-note NONE ``` @kubernetes/sig-cluster-lifecycle-pr-reviews @mattmoyer
- Loading branch information
Showing
26 changed files
with
828 additions
and
327 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,139 @@ | ||
| /* | ||
| Copyright 2017 The Kubernetes Authors. | ||
| Licensed under the Apache License, Version 2.0 (the "License"); | ||
| you may not use this file except in compliance with the License. | ||
| You may obtain a copy of the License at | ||
| http://www.apache.org/licenses/LICENSE-2.0 | ||
| Unless required by applicable law or agreed to in writing, software | ||
| distributed under the License is distributed on an "AS IS" BASIS, | ||
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| See the License for the specific language governing permissions and | ||
| limitations under the License. | ||
| */ | ||
|
|
||
| package phases | ||
|
|
||
| import ( | ||
| "fmt" | ||
|
|
||
| "github.com/spf13/cobra" | ||
|
|
||
| clientset "k8s.io/client-go/kubernetes" | ||
| "k8s.io/kubernetes/cmd/kubeadm/app/phases/bootstraptoken/clusterinfo" | ||
| "k8s.io/kubernetes/cmd/kubeadm/app/phases/bootstraptoken/node" | ||
| kubeadmutil "k8s.io/kubernetes/cmd/kubeadm/app/util" | ||
| kubeconfigutil "k8s.io/kubernetes/cmd/kubeadm/app/util/kubeconfig" | ||
| versionutil "k8s.io/kubernetes/pkg/util/version" | ||
| ) | ||
|
|
||
| // NewCmdBootstrapToken returns the Cobra command for running the mark-master phase | ||
| func NewCmdBootstrapToken() *cobra.Command { | ||
| var kubeConfigFile string | ||
| cmd := &cobra.Command{ | ||
| Use: "bootstrap-token", | ||
| Short: "Manage kubeadm-specific Bootstrap Token functions.", | ||
| Aliases: []string{"bootstraptoken"}, | ||
| RunE: subCmdRunE("bootstrap-token"), | ||
| } | ||
|
|
||
| cmd.PersistentFlags().StringVar(&kubeConfigFile, "kubeconfig", "/etc/kubernetes/admin.conf", "The KubeConfig file to use for talking to the cluster") | ||
|
|
||
| // Add subcommands | ||
| cmd.AddCommand(NewSubCmdClusterInfo(&kubeConfigFile)) | ||
| cmd.AddCommand(NewSubCmdNodeBootstrapToken(&kubeConfigFile)) | ||
|
|
||
| return cmd | ||
| } | ||
|
|
||
| // NewSubCmdClusterInfo returns the Cobra command for running the cluster-info sub-phase | ||
| func NewSubCmdClusterInfo(kubeConfigFile *string) *cobra.Command { | ||
| cmd := &cobra.Command{ | ||
| Use: "cluster-info <clusterinfo-file>", | ||
| Short: "Uploads and exposes the cluster-info ConfigMap publicly from the given cluster-info file", | ||
| Aliases: []string{"clusterinfo"}, | ||
| Run: func(cmd *cobra.Command, args []string) { | ||
| err := validateExactArgNumber(args, []string{"clusterinfo-file"}) | ||
| kubeadmutil.CheckErr(err) | ||
|
|
||
| client, err := kubeconfigutil.ClientSetFromFile(*kubeConfigFile) | ||
| kubeadmutil.CheckErr(err) | ||
|
|
||
| // Here it's safe to get args[0], since we've validated that the argument exists above in validateExactArgNumber | ||
| clusterInfoFile := args[0] | ||
| // Create the cluster-info ConfigMap or update if it already exists | ||
| err = clusterinfo.CreateBootstrapConfigMapIfNotExists(client, clusterInfoFile) | ||
| kubeadmutil.CheckErr(err) | ||
|
|
||
| // Create the RBAC rules that expose the cluster-info ConfigMap properly | ||
| err = clusterinfo.CreateClusterInfoRBACRules(client) | ||
| kubeadmutil.CheckErr(err) | ||
| }, | ||
| } | ||
| return cmd | ||
| } | ||
|
|
||
| // NewSubCmdNodeBootstrapToken returns the Cobra command for running the node sub-phase | ||
| func NewSubCmdNodeBootstrapToken(kubeConfigFile *string) *cobra.Command { | ||
| cmd := &cobra.Command{ | ||
| Use: "node", | ||
| Short: "Manages Node Bootstrap Tokens", | ||
| Aliases: []string{"clusterinfo"}, | ||
| RunE: subCmdRunE("node"), | ||
| } | ||
|
|
||
| cmd.AddCommand(NewSubCmdNodeBootstrapTokenPostCSRs(kubeConfigFile)) | ||
| cmd.AddCommand(NewSubCmdNodeBootstrapTokenAutoApprove(kubeConfigFile)) | ||
|
|
||
| return cmd | ||
| } | ||
|
|
||
| // NewSubCmdNodeBootstrapTokenPostCSRs returns the Cobra command for running the allow-post-csrs sub-phase | ||
| func NewSubCmdNodeBootstrapTokenPostCSRs(kubeConfigFile *string) *cobra.Command { | ||
| cmd := &cobra.Command{ | ||
| Use: "allow-post-csrs", | ||
| Short: "Configure RBAC to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials", | ||
| Run: func(cmd *cobra.Command, args []string) { | ||
| client, err := kubeconfigutil.ClientSetFromFile(*kubeConfigFile) | ||
| kubeadmutil.CheckErr(err) | ||
|
|
||
| err = node.AllowBootstrapTokensToPostCSRs(client) | ||
| kubeadmutil.CheckErr(err) | ||
| }, | ||
| } | ||
| return cmd | ||
| } | ||
|
|
||
| // NewSubCmdNodeBootstrapToken returns the Cobra command for running the allow-auto-approve sub-phase | ||
| func NewSubCmdNodeBootstrapTokenAutoApprove(kubeConfigFile *string) *cobra.Command { | ||
| cmd := &cobra.Command{ | ||
| Use: "allow-auto-approve", | ||
| Short: "Configure RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token", | ||
| Run: func(cmd *cobra.Command, args []string) { | ||
| client, err := kubeconfigutil.ClientSetFromFile(*kubeConfigFile) | ||
| kubeadmutil.CheckErr(err) | ||
|
|
||
| clusterVersion, err := getClusterVersion(client) | ||
| kubeadmutil.CheckErr(err) | ||
|
|
||
| err = node.AutoApproveNodeBootstrapTokens(client, clusterVersion) | ||
| kubeadmutil.CheckErr(err) | ||
| }, | ||
| } | ||
| return cmd | ||
| } | ||
|
|
||
| // getClusterVersion fetches the API server version and parses it | ||
| func getClusterVersion(client clientset.Interface) (*versionutil.Version, error) { | ||
| clusterVersionInfo, err := client.Discovery().ServerVersion() | ||
| if err != nil { | ||
| return nil, fmt.Errorf("failed to check server version: %v", err) | ||
| } | ||
| clusterVersion, err := versionutil.ParseSemantic(clusterVersionInfo.String()) | ||
| if err != nil { | ||
| return nil, fmt.Errorf("failed to parse server version: %v", err) | ||
| } | ||
| return clusterVersion, nil | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,64 @@ | ||
| /* | ||
| Copyright 2017 The Kubernetes Authors. | ||
| Licensed under the Apache License, Version 2.0 (the "License"); | ||
| you may not use this file except in compliance with the License. | ||
| You may obtain a copy of the License at | ||
| http://www.apache.org/licenses/LICENSE-2.0 | ||
| Unless required by applicable law or agreed to in writing, software | ||
| distributed under the License is distributed on an "AS IS" BASIS, | ||
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| See the License for the specific language governing permissions and | ||
| limitations under the License. | ||
| */ | ||
|
|
||
| package phases | ||
|
|
||
| import ( | ||
| "testing" | ||
| ) | ||
|
|
||
| func TestValidateExactArgNumber(t *testing.T) { | ||
| var tests = []struct { | ||
| args, supportedArgs []string | ||
| expectedErr bool | ||
| }{ | ||
| { // one arg given and one arg expected | ||
| args: []string{"my-node-1234"}, | ||
| supportedArgs: []string{"node-name"}, | ||
| expectedErr: false, | ||
| }, | ||
| { // two args given and two args expected | ||
| args: []string{"my-node-1234", "foo"}, | ||
| supportedArgs: []string{"node-name", "second-toplevel-arg"}, | ||
| expectedErr: false, | ||
| }, | ||
| { // too few supplied args | ||
| args: []string{}, | ||
| supportedArgs: []string{"node-name"}, | ||
| expectedErr: true, | ||
| }, | ||
| { // too few non-empty args | ||
| args: []string{""}, | ||
| supportedArgs: []string{"node-name"}, | ||
| expectedErr: true, | ||
| }, | ||
| { // too many args | ||
| args: []string{"my-node-1234", "foo"}, | ||
| supportedArgs: []string{"node-name"}, | ||
| expectedErr: true, | ||
| }, | ||
| } | ||
| for _, rt := range tests { | ||
| actual := validateExactArgNumber(rt.args, rt.supportedArgs) | ||
| if (actual != nil) != rt.expectedErr { | ||
| t.Errorf( | ||
| "failed validateExactArgNumber:\n\texpected error: %t\n\t actual error: %t", | ||
| rt.expectedErr, | ||
| (actual != nil), | ||
| ) | ||
| } | ||
| } | ||
| } |
Oops, something went wrong.