Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

federation: Creating kubeconfig files to be used for creating secrets for clusters on aws and gke #27332

Merged
merged 3 commits into from
Jun 21, 2016
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions cluster/aws/util.sh
Original file line number Diff line number Diff line change
Expand Up @@ -1304,7 +1304,11 @@ function build-config() {
export CONTEXT="aws_${INSTANCE_PREFIX}"
(
umask 077

# Update the user's kubeconfig to include credentials for this apiserver.
create-kubeconfig

create-kubeconfig-for-federation
)
}

Expand Down
13 changes: 13 additions & 0 deletions cluster/common.sh
Original file line number Diff line number Diff line change
Expand Up @@ -152,6 +152,19 @@ function clear-kubeconfig() {
echo "Cleared config for ${CONTEXT} from ${KUBECONFIG}"
}

# Creates a kubeconfig file with the credentials for only the current-context
# cluster. This is used by federation to create secrets in test setup.
function create-kubeconfig-for-federation() {
if [[ "${FEDERATION:-}" == "true" ]]; then
echo "creating kubeconfig for federation secret"
local kubectl="${KUBE_ROOT}/cluster/kubectl.sh"
local cc=$("${kubectl}" config view -o jsonpath='{.current-context}')
KUBECONFIG_DIR=$(dirname ${KUBECONFIG:-$DEFAULT_KUBECONFIG})
KUBECONFIG_PATH="${KUBECONFIG_DIR}/federation/kubernetes-apiserver/${cc}"
mkdir -p "${KUBECONFIG_PATH}"
"${kubectl}" config view --minify --flatten > "${KUBECONFIG_PATH}/kubeconfig"
fi
}

function tear_down_alive_resources() {
local kubectl="${KUBE_ROOT}/cluster/kubectl.sh"
Expand Down
9 changes: 1 addition & 8 deletions cluster/gce/util.sh
Original file line number Diff line number Diff line change
Expand Up @@ -920,14 +920,7 @@ function check-cluster() {
# Update the user's kubeconfig to include credentials for this apiserver.
create-kubeconfig

if [[ "${FEDERATION:-}" == "true" ]]; then
# Create a kubeconfig with credentials for this apiserver. We will later use
# this kubeconfig to create a secret which the federation control plane can
# use to talk to this apiserver.
KUBECONFIG_DIR=$(dirname ${KUBECONFIG:-$DEFAULT_KUBECONFIG})
KUBECONFIG="${KUBECONFIG_DIR}/federation/kubernetes-apiserver/${CONTEXT}/kubeconfig" \
create-kubeconfig
fi
create-kubeconfig-for-federation
)

# ensures KUBECONFIG is set
Expand Down
3 changes: 3 additions & 0 deletions cluster/gke/util.sh
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ KUBE_PROMPT_FOR_UPDATE=y
KUBE_SKIP_UPDATE=${KUBE_SKIP_UPDATE-"n"}
KUBE_ROOT=$(dirname "${BASH_SOURCE}")/../..
source "${KUBE_ROOT}/cluster/gke/${KUBE_CONFIG_FILE:-config-default.sh}"
source "${KUBE_ROOT}/cluster/common.sh"
source "${KUBE_ROOT}/cluster/lib/util.sh"

# Perform preparations required to run e2e tests
Expand Down Expand Up @@ -193,6 +194,8 @@ function kube-up() {
# Bring up the cluster.
"${GCLOUD}" ${CMD_GROUP:-} container clusters create "${CLUSTER_NAME}" "${create_args[@]}"

create-kubeconfig-for-federation

if [[ ! -z "${HEAPSTER_MACHINE_TYPE:-}" ]]; then
"${GCLOUD}" ${CMD_GROUP:-} container node-pools create "heapster-pool" --cluster "${CLUSTER_NAME}" --num-nodes=1 --machine-type="${HEAPSTER_MACHINE_TYPE}" "${shared_args[@]}"
fi
Expand Down
3 changes: 3 additions & 0 deletions cluster/vagrant/util.sh
Original file line number Diff line number Diff line change
Expand Up @@ -295,7 +295,10 @@ function kube-up {
vagrant ssh master -- sudo cat /srv/kubernetes/kubecfg.key >"${KUBE_KEY}" 2>/dev/null
vagrant ssh master -- sudo cat /srv/kubernetes/ca.crt >"${CA_CERT}" 2>/dev/null

# Update the user's kubeconfig to include credentials for this apiserver.
create-kubeconfig

create-kubeconfig-for-federation
)

verify-cluster
Expand Down
10 changes: 9 additions & 1 deletion federation/cluster/common.sh
Original file line number Diff line number Diff line change
Expand Up @@ -159,10 +159,18 @@ function create-federation-api-objects {
$host_kubectl create secret generic federation-apiserver-secret --from-file="${KUBECONFIG_DIR}/federation/federation-apiserver/kubeconfig" --namespace="${FEDERATION_NAMESPACE}"

# Create secrets with all the kubernetes-apiserver's kubeconfigs.
# Note: This is used only by the test setup (where kubernetes clusters are
# brought up with FEDERATION=true). Users are expected to create this secret
# themselves.
for dir in ${KUBECONFIG_DIR}/federation/kubernetes-apiserver/*; do
# We create a secret with the same name as the directory name (which is
# same as cluster name in kubeconfig)
# same as cluster name in kubeconfig).
# Massage the name so that it is valid (should not contain "_" and max 253
# chars)
name=$(basename $dir)
name=$(echo "$name" | sed -e "s/_/-/g") # Replace "_" by "-"
name=${name:0:252}
echo "Creating secret with name: $name"
$host_kubectl create secret generic ${name} --from-file="${dir}/kubeconfig" --namespace="${FEDERATION_NAMESPACE}"
done

Expand Down
42 changes: 42 additions & 0 deletions test/e2e/framework/federation_util.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
/*
Copyright 2016 The Kubernetes Authors All rights reserved.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package framework

import (
"fmt"
"regexp"

"k8s.io/kubernetes/pkg/api/validation"
validation_util "k8s.io/kubernetes/pkg/util/validation"
)

// GetValidDNSSubdomainName massages the given name to be a valid dns subdomain name.
// Most resources (such as secrets, clusters) require the names to be valid dns subdomain.
// This is a generic function (not specific to federation). Should be moved to a more generic location if others want to use it.
func GetValidDNSSubdomainName(name string) (string, error) {
// "_" are not allowed. Replace them by "-".
name = regexp.MustCompile("_").ReplaceAllLiteralString(name, "-")
maxLength := validation_util.DNS1123SubdomainMaxLength
if len(name) > maxLength {
name = name[0 : maxLength-1]
}
// Verify that name now passes the validation.
if errors := validation.NameIsDNSSubdomain(name, false); len(errors) != 0 {
return "", fmt.Errorf("errors in converting name to a valid DNS subdomain %s", errors)
}
return name, nil
}
10 changes: 9 additions & 1 deletion test/e2e/framework/framework.go
Original file line number Diff line number Diff line change
Expand Up @@ -585,6 +585,9 @@ func (kc *KubeConfig) findCluster(name string) *KubeCluster {
}

type E2EContext struct {
// Raw context name,
RawName string `yaml:"rawName"`
// A valid dns subdomain which can be used as the name of kubernetes resources.
Name string `yaml:"name"`
Cluster *KubeCluster `yaml:"cluster"`
User *KubeUser `yaml:"user"`
Expand Down Expand Up @@ -615,8 +618,13 @@ func (f *Framework) GetUnderlyingFederatedContexts() []E2EContext {
Failf("Could not find cluster for context %+v", context)
}

dnsSubdomainName, err := GetValidDNSSubdomainName(context.Name)
if err != nil {
Failf("Could not convert context name %s to a valid dns subdomain name, error: %s", context.Name, err)
}
e2eContexts = append(e2eContexts, E2EContext{
Name: context.Name,
RawName: context.Name,
Name: dnsSubdomainName,
Cluster: cluster,
User: user,
})
Expand Down