Skip to content
This repository has been archived by the owner on Sep 24, 2021. It is now read-only.

Commit

Permalink
Use secrets instead of file mounts
Browse files Browse the repository at this point in the history 
Signed-off-by: Chuck Ha <chuckh@vmware.com>
  • Loading branch information
@chuckha
chuckha committed Jun 11, 2019
1 parent 61954bd commit 527c034
Show file tree
Hide file tree
Showing 7 changed files with 122 additions and 33 deletions.
3 changes: 2 additions & 1 deletion Dockerfile.capk
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,8 @@ RUN go mod download
RUN curl -L https://dl.k8s.io/v1.14.3/kubernetes-client-linux-amd64.tar.gz | tar xvz
ADD cmd cmd
ADD capkactuators capkactuators
ADD pkg/kind pkg/kind
ADD kind kind
ADD execer execer

RUN go install -v ./cmd/capk-manager
RUN GO111MODULE="on" go get sigs.k8s.io/kind@v0.3.0
Expand Down
4 changes: 4 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,10 @@

A temporary home for CAPK

# Development

Please make an issue to discuss before large changes occur.

# Manager Container Image

A sample is built and hosted at `gcr.io/kubernetes1-226021/capk-manager:latest`
Expand Down
71 changes: 59 additions & 12 deletions capkactuators/actuators.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,11 +7,15 @@ import (
"context"
"encoding/json"
"fmt"
"io/ioutil"
"time"

"k8s.io/apimachinery/pkg/types"

"github.com/pkg/errors"
"gitlab.com/chuckh/cluster-api-provider-kind/kind/actions"
v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/types"
corev1 "k8s.io/client-go/kubernetes/typed/core/v1"
clusterv1 "sigs.k8s.io/cluster-api/pkg/apis/cluster/v1alpha1"
"sigs.k8s.io/cluster-api/pkg/client/clientset_generated/clientset/typed/cluster/v1alpha1"
capierror "sigs.k8s.io/cluster-api/pkg/controller/error"
Expand All @@ -22,14 +26,14 @@ import (
)

type Machine struct {
ClusterAPI v1alpha1.ClusterV1alpha1Interface
KubeconfigsDir string
Core corev1.CoreV1Interface
ClusterAPI v1alpha1.ClusterV1alpha1Interface
}

func NewMachineActuator(kubeconfigs string, clusterapi v1alpha1.ClusterV1alpha1Interface) *Machine {
func NewMachineActuator(clusterapi v1alpha1.ClusterV1alpha1Interface, core corev1.CoreV1Interface) *Machine {
return &Machine{
ClusterAPI: clusterapi,
KubeconfigsDir: kubeconfigs,
Core: core,
ClusterAPI: clusterapi,
}
}

Expand Down Expand Up @@ -75,7 +79,21 @@ func (m *Machine) Create(ctx context.Context, c *clusterv1.Cluster, machine *clu
return err
}
setKindName(machine, controlPlaneNode.Name())
return m.save(old, machine)
if err := m.save(old, machine); err != nil {
fmt.Printf("%+v", err)
return err
}
s, err := kubeconfigToSecret(c.Name, c.Namespace)
if err != nil {
fmt.Printf("%+v", err)
return err
}
// Save the secret to the management cluster
if _, err := m.Core.Secrets(machine.GetNamespace()).Create(s); err != nil {
fmt.Printf("%+v", err)
return err
}
return nil
}

// If there are no control plane then we should hold off on joining workers
Expand Down Expand Up @@ -103,14 +121,22 @@ func (m *Machine) Update(ctx context.Context, cluster *clusterv1.Cluster, machin
}

func (m *Machine) Exists(ctx context.Context, cluster *clusterv1.Cluster, machine *clusterv1.Machine) (bool, error) {
if getKindName(machine) == "" {
return false, nil
}
fmt.Println("Looking for a docker container named", getKindName(machine))
role := getRole(machine)
nodeList, err := nodes.List(fmt.Sprintf("label=%s=%s", constants.NodeRoleKey, role),
labels := []string{
fmt.Sprintf("label=%s=%s", constants.NodeRoleKey, role),
fmt.Sprintf("label=%s=%s", constants.ClusterLabelKey, cluster.Name),
fmt.Sprintf("name=%s", getKindName(machine)))
fmt.Sprintf("name=^%s$", getKindName(machine)),
}
fmt.Printf("using labels: %v\n", labels)
nodeList, err := nodes.List(labels...)
if err != nil {
return true, err
return false, err
}
fmt.Printf("found nodes: %v\n", nodeList)
return len(nodeList) >= 1, nil
}

Expand Down Expand Up @@ -138,7 +164,9 @@ func (m *Machine) save(old, new *clusterv1.Machine) error {
}

func setKindName(machine *clusterv1.Machine, name string) {
machine.SetAnnotations(map[string]string{"name": name})
a := machine.GetAnnotations()
a["name"] = name
machine.SetAnnotations(a)
}

func getKindName(machine *clusterv1.Machine) string {
Expand Down Expand Up @@ -185,3 +213,22 @@ func (c *Cluster) Delete(cluster *clusterv1.Cluster) error {
fmt.Println("Cluster delete is not implemented.")
return nil
}

func kubeconfigToSecret(clusterName, namespace string) (*v1.Secret, error) {
// open kubeconfig file
data, err := ioutil.ReadFile(actions.KubeConfigPath(clusterName))
if err != nil {
return nil, errors.WithStack(err)
}

// write it to a secret
return &v1.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: fmt.Sprintf("kubeconfig-%s", clusterName),
Namespace: namespace,
},
Data: map[string][]byte{
"kubeconfig": data,
},
}, nil
}
10 changes: 7 additions & 3 deletions cmd/capk-manager/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ import (
"time"

"gitlab.com/chuckh/cluster-api-provider-kind/capkactuators"
"k8s.io/klog"
"k8s.io/client-go/kubernetes"
"sigs.k8s.io/cluster-api/pkg/apis"
"sigs.k8s.io/cluster-api/pkg/apis/cluster/common"
"sigs.k8s.io/cluster-api/pkg/client/clientset_generated/clientset"
Expand All @@ -35,13 +35,17 @@ func main() {
if err != nil {
panic(err)
}
k8sclientset, err := kubernetes.NewForConfig(cfg)
if err != nil {
panic(err)
}
cs, err := clientset.NewForConfig(cfg)
if err != nil {
klog.Fatalf("Failed to create client from configuration: %v", err)
panic(err)
}

clusterActuator := capkactuators.NewClusterActuator()
machineActuator := capkactuators.NewMachineActuator("/kubeconfigs", cs.ClusterV1alpha1())
machineActuator := capkactuators.NewMachineActuator(cs.ClusterV1alpha1(), k8sclientset.CoreV1())

// Register our cluster deployer (the interface is in clusterctl and we define the Deployer interface on the actuator)
common.RegisterClusterProvisioner("aws", clusterActuator)
Expand Down
53 changes: 45 additions & 8 deletions cmd/capkctl/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,15 +19,57 @@ func main() {
printCRDs()
case "capk":
printClusterAPIPlane()
case "control-plane":
fmt.Fprintf(os.Stdout, machineYAML(os.Args[2], os.Args[3], os.Args[4], "control-plane"))
case "worker":
fmt.Fprintf(os.Stdout, machineYAML(os.Args[2], os.Args[3], os.Args[4], "worker"))
case "cluster":
fmt.Fprintf(os.Stdout, clusterYAML(os.Args[2], os.Args[3]))
default:
fmt.Fprint(os.Stderr, "unknown command", os.Args[1])
os.Exit(2)
}
}

func clusterYAML(name, namespace string) string {
return fmt.Sprintf(`apiVersion: "cluster.k8s.io/v1alpha1"
kind: Cluster
metadata:
name: %s
namespace: %s
spec:
clusterNetwork:
services:
cidrBlocks: ["10.96.0.0/12"]
pods:
cidrBlocks: ["192.168.0.0/16"]
serviceDomain: "cluster.local"
providerSpec: {}`, name, namespace)
}

func machineYAML(name, namespace, cluster, set string) string {
return fmt.Sprintf(`apiVersion: "cluster.k8s.io/v1alpha1"
kind: MachineList
items:
- apiVersion: "cluster.k8s.io/v1alpha1"
kind: Machine
metadata:
name: %s
namespace: %s
labels:
cluster.k8s.io/cluster-name: %s
annotations:
set: %s
spec:
versions:
kubelet: v1.13.6
controlPlane: v1.13.6
providerSpec: {}`, name, namespace, cluster, set)
}

func makeManagementCluster() {
// start kind with docker mount
kind := execer.NewClient("kind")
// start kind with docker mount
kindConfig, err := kindConfigFile()
if err != nil {
panic(err)
Expand All @@ -45,8 +87,7 @@ nodes:
extraMounts:
- containerPath: /var/run/docker.sock
hostPath: /var/run/docker.sock
- containerPath: /kubeconfigs
hostPath: /kubeconfigs`
`

f, err := ioutil.TempFile("", "*-kind-config.yaml")
if err != nil {
Expand Down Expand Up @@ -109,8 +150,6 @@ spec:
name: dockersock
- mountPath: /var/lib/docker
name: dockerlib
- mountPath: /kubeconfigs
name: kubeconfigs
securityContext:
privileged: true
volumes:
Expand All @@ -121,9 +160,6 @@ spec:
- name: dockerlib
hostPath:
path: /var/lib/docker
- name: kubeconfigs
hostPath:
path: /kubeconfigs
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
Expand Down Expand Up @@ -1116,6 +1152,7 @@ rules:
resources:
- nodes
- events
- secrets
verbs:
- get
- list
Expand Down
2 changes: 2 additions & 0 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,10 @@ require (
go.uber.org/zap v1.10.0 // indirect
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 // indirect
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4 // indirect
k8s.io/api v0.0.0-20181213150558-05914d821849
k8s.io/apiextensions-apiserver v0.0.0-20181213153335-0fe22c71c476 // indirect
k8s.io/apimachinery v0.0.0-20181127025237-2b1284ed4c93
k8s.io/client-go v10.0.0+incompatible
k8s.io/klog v0.3.2
sigs.k8s.io/cluster-api v0.0.0-20190607141803-aacb0c613ffb
sigs.k8s.io/controller-runtime v0.1.10
Expand Down
12 changes: 3 additions & 9 deletions kind/actions/kind.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,15 +13,14 @@ import (
"regexp"
"strings"

"sigs.k8s.io/kind/pkg/container/cri"

"github.com/pkg/errors"
"gitlab.com/chuckh/cluster-api-provider-kind/kind/kubeadm"
"gitlab.com/chuckh/cluster-api-provider-kind/kind/loadbalancer"
"sigs.k8s.io/kind/pkg/cluster/config"
"sigs.k8s.io/kind/pkg/cluster/config/defaults"
"sigs.k8s.io/kind/pkg/cluster/constants"
"sigs.k8s.io/kind/pkg/cluster/nodes"
"sigs.k8s.io/kind/pkg/container/cri"
"sigs.k8s.io/kind/pkg/exec"
"sigs.k8s.io/kind/pkg/kustomize"
)
Expand All @@ -31,7 +30,7 @@ import (
// KubeConfigPath returns the path to the kubeconfig file for the given cluster name.
func KubeConfigPath(clusterName string) string {
// configDir matches the standard directory expected by kubectl etc
configDir := "/kubeconfigs"
configDir := filepath.Join(os.Getenv("HOME"), ".kube")
// note that the file name however does not, we do not want to overwrite
// the standard config, though in the future we may (?) merge them
fileName := fmt.Sprintf("kind-config-%s", clusterName)
Expand Down Expand Up @@ -90,12 +89,7 @@ func CreateControlPlane(clusterName string) (*nodes.Node, error) {
clusterLabel,
"127.0.0.1",
0,
[]cri.Mount{
{
ContainerPath: "/root/.kube",
HostPath: "/kubeconfigs",
},
},
[]cri.Mount{},
)
if err != nil {
return nil, err
Expand Down

0 comments on commit 527c034

Please sign in to comment.