Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

federation: Updating federation-controller-manager to use secret to get federation-apiserver's kubeconfig #26819

Merged
merged 1 commit into from
Jun 4, 2016
Merged

federation: Updating federation-controller-manager to use secret to get federation-apiserver's kubeconfig #26819

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 8 additions & 1 deletion federation/cmd/federation-controller-manager/app/controllermanager.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,11 @@ import (
"github.com/spf13/pflag"
)

const (
// "federation-apiserver-secret" is a reserved secret name which stores the kubeconfig for federation-apiserver.
FederationAPIServerSecretName = "federation-apiserver-secret"
)

// NewControllerManagerCommand creates a *cobra.Command object with default parameters
func NewControllerManagerCommand() *cobra.Command {
s := options.NewCMServer()
Expand Down Expand Up @@ -71,7 +76,9 @@ func Run(s *options.CMServer) error {
} else {
glog.Errorf("unable to register configz: %s", err)
}
restClientCfg, err := clientcmd.BuildConfigFromFlags(s.Master, s.Kubeconfig)
// Create the config to talk to federation-apiserver.
kubeconfigGetter := clustercontroller.KubeconfigGetterForSecret(FederationAPIServerSecretName)
restClientCfg, err := clientcmd.BuildConfigFromKubeconfigGetter(s.Master, kubeconfigGetter)
if err != nil {
return err
}
Expand Down
19 changes: 15 additions & 4 deletions federation/pkg/federation-controller/cluster/cluster_client.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,19 @@ const (
// This is to inject a different kubeconfigGetter in tests.
// We dont use the standard one which calls NewInCluster in tests to avoid having to setup service accounts and mount files with secret tokens.
var KubeconfigGetterForCluster = func(c *federation_v1alpha1.Cluster) clientcmd.KubeconfigGetter {
return func() (*clientcmdapi.Config, error) {
secretRefName := ""
if c.Spec.SecretRef != nil {
secretRefName = c.Spec.SecretRef.Name
} else {
glog.Infof("didnt find secretRef for cluster %s. Trying insecure access", c.Name)
}
return KubeconfigGetterForSecret(secretRefName)()
}
}

// KubeconfigGettterForSecret is used to get the kubeconfig from the given secret.
var KubeconfigGetterForSecret = func(secretName string) clientcmd.KubeconfigGetter {
return func() (*clientcmdapi.Config, error) {
// Get the namespace this is running in from the env variable.
namespace := os.Getenv("POD_NAMESPACE")
Expand All @@ -59,8 +72,8 @@ var KubeconfigGetterForCluster = func(c *federation_v1alpha1.Cluster) clientcmd.
return nil, fmt.Errorf("error in creating in-cluster client: %s", err)
}
data := []byte{}
if c.Spec.SecretRef != nil {
secret, err := client.Secrets(namespace).Get(c.Spec.SecretRef.Name)
if secretName != "" {
secret, err := client.Secrets(namespace).Get(secretName)
if err != nil {
return nil, fmt.Errorf("error in fetching secret: %s", err)
}
Expand All @@ -69,8 +82,6 @@ var KubeconfigGetterForCluster = func(c *federation_v1alpha1.Cluster) clientcmd.
if !ok {
return nil, fmt.Errorf("secret does not have data with key: %s", KubeconfigSecretDataKey)
}
} else {
glog.Infof("didnt find secretRef for cluster %s. Trying insecure access", c.Name)
}
return clientcmd.Load(data)
}
Expand Down