-
Notifications
You must be signed in to change notification settings - Fork 15
/
config.go
106 lines (90 loc) · 3.17 KB
/
config.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
package k8s
import (
"bytes"
"time"
"github.com/cybozu-go/cke"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/serializer/json"
apiserverv1 "k8s.io/apiserver/pkg/apis/config/v1"
"k8s.io/client-go/tools/clientcmd/api"
kubeletv1beta1 "k8s.io/kubelet/config/v1beta1"
)
var (
resourceEncoder runtime.Encoder
scm = runtime.NewScheme()
)
func init() {
if err := apiserverv1.AddToScheme(scm); err != nil {
panic(err)
}
if err := kubeletv1beta1.AddToScheme(scm); err != nil {
panic(err)
}
resourceEncoder = json.NewSerializerWithOptions(json.DefaultMetaFactory, scm, scm, json.SerializerOptions{Yaml: true})
}
func encodeToYAML(obj runtime.Object) ([]byte, error) {
unst := &unstructured.Unstructured{}
if err := scm.Convert(obj, unst, nil); err != nil {
return nil, err
}
buf := &bytes.Buffer{}
if err := resourceEncoder.Encode(unst, buf); err != nil {
return nil, err
}
return buf.Bytes(), nil
}
func controllerManagerKubeconfig(cluster string, ca, clientCrt, clientKey string) *api.Config {
return cke.Kubeconfig(cluster, "system:kube-controller-manager", ca, clientCrt, clientKey)
}
func schedulerKubeconfig(cluster string, ca, clientCrt, clientKey string) *api.Config {
return cke.Kubeconfig(cluster, "system:kube-scheduler", ca, clientCrt, clientKey)
}
func proxyKubeconfig(cluster string, ca, clientCrt, clientKey string) *api.Config {
return cke.Kubeconfig(cluster, "system:kube-proxy", ca, clientCrt, clientKey)
}
func kubeletKubeconfig(cluster string, n *cke.Node, caPath, certPath, keyPath string) *api.Config {
cfg := api.NewConfig()
c := api.NewCluster()
c.Server = "https://localhost:16443"
c.CertificateAuthority = caPath
cfg.Clusters[cluster] = c
auth := api.NewAuthInfo()
auth.ClientCertificate = certPath
auth.ClientKey = keyPath
user := "system:node:" + n.Nodename()
cfg.AuthInfos[user] = auth
ctx := api.NewContext()
ctx.AuthInfo = user
ctx.Cluster = cluster
cfg.Contexts["default"] = ctx
cfg.CurrentContext = "default"
return cfg
}
func newKubeletConfiguration(cert, key, ca string, params cke.KubeletParams) kubeletv1beta1.KubeletConfiguration {
return kubeletv1beta1.KubeletConfiguration{
ReadOnlyPort: 0,
TLSCertFile: cert,
TLSPrivateKeyFile: key,
Authentication: kubeletv1beta1.KubeletAuthentication{
X509: kubeletv1beta1.KubeletX509Authentication{ClientCAFile: ca},
Webhook: kubeletv1beta1.KubeletWebhookAuthentication{Enabled: boolPointer(true)},
},
Authorization: kubeletv1beta1.KubeletAuthorization{Mode: kubeletv1beta1.KubeletAuthorizationModeWebhook},
HealthzBindAddress: "0.0.0.0",
OOMScoreAdj: int32Pointer(-1000),
ClusterDomain: params.Domain,
RuntimeRequestTimeout: metav1.Duration{Duration: 15 * time.Minute},
FailSwapOn: boolPointer(!params.AllowSwap),
CgroupDriver: params.CgroupDriver,
ContainerLogMaxSize: params.ContainerLogMaxSize,
ContainerLogMaxFiles: int32Pointer(params.ContainerLogMaxFiles),
}
}
func int32Pointer(input int32) *int32 {
return &input
}
func boolPointer(input bool) *bool {
return &input
}