forked from openshift/origin
-
Notifications
You must be signed in to change notification settings - Fork 1
/
node_config.go
140 lines (120 loc) · 4.69 KB
/
node_config.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
package node
import (
"crypto/tls"
"github.com/golang/glog"
"k8s.io/apimachinery/pkg/types"
clientgoclientset "k8s.io/client-go/kubernetes"
kv1core "k8s.io/client-go/kubernetes/typed/core/v1"
"k8s.io/client-go/util/cert"
kubeletapp "k8s.io/kubernetes/cmd/kubelet/app"
kubeletoptions "k8s.io/kubernetes/cmd/kubelet/app/options"
"k8s.io/kubernetes/pkg/apis/componentconfig/v1alpha1"
"k8s.io/kubernetes/pkg/cloudprovider"
"k8s.io/kubernetes/pkg/kubelet"
dockertools "k8s.io/kubernetes/pkg/kubelet/dockershim/libdocker"
kubeletserver "k8s.io/kubernetes/pkg/kubelet/server"
configapi "github.com/openshift/origin/pkg/cmd/server/api"
"github.com/openshift/origin/pkg/cmd/server/crypto"
cmdutil "github.com/openshift/origin/pkg/cmd/util"
)
// NodeConfig represents the required parameters to start the OpenShift node
// through Kubernetes. All fields are required.
type NodeConfig struct {
// BindAddress is the address to bind to
BindAddress string
// VolumeDir is the directory that volumes will be stored under
VolumeDir string
// AllowDisabledDocker if true, will make the Kubelet ignore errors from Docker
AllowDisabledDocker bool
// Containerized is true if we are expected to be running inside of a container
Containerized bool
// DockerClient is a client to connect to Docker
DockerClient dockertools.Interface
// KubeletServer contains the KubeletServer configuration
KubeletServer *kubeletoptions.KubeletServer
// KubeletDeps are the injected code dependencies for the kubelet, fully initialized
KubeletDeps *kubelet.KubeletDeps
}
func New(options configapi.NodeConfig, server *kubeletoptions.KubeletServer) (*NodeConfig, error) {
if options.NodeName == "localhost" {
glog.Warningf(`Using "localhost" as node name will not resolve from all locations`)
}
clientCAs, err := cert.NewPool(options.ServingInfo.ClientCA)
if err != nil {
return nil, err
}
externalKubeClient, kubeConfig, err := configapi.GetExternalKubeClient(options.MasterKubeConfig, options.MasterClientConnectionOverrides)
if err != nil {
return nil, err
}
// Make a separate client for event reporting, to avoid event QPS blocking node calls
eventClient, _, err := configapi.GetExternalKubeClient(options.MasterKubeConfig, options.MasterClientConnectionOverrides)
if err != nil {
return nil, err
}
kubeClient, err := clientgoclientset.NewForConfig(kubeConfig)
if err != nil {
return nil, err
}
deps, err := kubeletapp.UnsecuredKubeletDeps(server)
if err != nil {
return nil, err
}
// Initialize cloud provider
cloud, err := buildCloudProvider(server)
if err != nil {
return nil, err
}
deps.Cloud = cloud
// provide any config overrides
//deps.NodeName = options.NodeName
deps.KubeClient = externalKubeClient
deps.EventClient = kv1core.New(eventClient.CoreV1().RESTClient())
deps.Auth, err = kubeletapp.BuildAuth(types.NodeName(options.NodeName), kubeClient, server.KubeletConfiguration)
if err != nil {
return nil, err
}
// TODO: could be cleaner
extraCerts, err := configapi.GetNamedCertificateMap(options.ServingInfo.NamedCertificates)
if err != nil {
return nil, err
}
deps.TLSOptions = &kubeletserver.TLSOptions{
Config: crypto.SecureTLSConfig(&tls.Config{
// RequestClientCert lets us request certs, but allow requests without client certs
// Verification is done by the authn layer
ClientAuth: tls.RequestClientCert,
ClientCAs: clientCAs,
// Set SNI certificate func
// Do not use NameToCertificate, since that requires certificates be included in the server's tlsConfig.Certificates list,
// which we do not control when running with http.Server#ListenAndServeTLS
GetCertificate: cmdutil.GetCertificateFunc(extraCerts),
MinVersion: crypto.TLSVersionOrDie(options.ServingInfo.MinTLSVersion),
CipherSuites: crypto.CipherSuitesOrDie(options.ServingInfo.CipherSuites),
}),
CertFile: options.ServingInfo.ServerCert.CertFile,
KeyFile: options.ServingInfo.ServerCert.KeyFile,
}
config := &NodeConfig{
BindAddress: options.ServingInfo.BindAddress,
AllowDisabledDocker: options.AllowDisabledDocker,
Containerized: server.Containerized,
VolumeDir: options.VolumeDirectory,
KubeletServer: server,
KubeletDeps: deps,
}
return config, nil
}
func buildCloudProvider(server *kubeletoptions.KubeletServer) (cloudprovider.Interface, error) {
if len(server.CloudProvider) == 0 || server.CloudProvider == v1alpha1.AutoDetectCloudProvider {
return nil, nil
}
cloud, err := cloudprovider.InitCloudProvider(server.CloudProvider, server.CloudConfigFile)
if err != nil {
return nil, err
}
if cloud != nil {
glog.V(2).Infof("Successfully initialized cloud provider: %q from the config file: %q", server.CloudProvider, server.CloudConfigFile)
}
return cloud, nil
}