Skip to content

Commit

Permalink
Merge pull request kubernetes-retired#21 from jboyd01/v0.1.30-rebase-…
Browse files Browse the repository at this point in the history
…master

V0.1.30 rebase master
  • Loading branch information
openshift-merge-robot committed Aug 29, 2018
2 parents 4007468 + f65902b commit ed60ced
Show file tree
Hide file tree
Showing 47 changed files with 1,303 additions and 166 deletions.
4 changes: 3 additions & 1 deletion Gopkg.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 1 addition & 2 deletions Gopkg.toml
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,7 @@
# Force dep to vendor the code generators, which aren't imported just used at dev time.
# Picking a subpackage with Go code won't be necessary once https://github.com/golang/dep/pull/1545 is merged.
required = [
"github.com/jteeuwen/go-bindata/go-bindata",
"k8s.io/code-generator/cmd/defaulter-gen",
"github.com/jteeuwen/go-bindata/go-bindata","k8s.io/code-generator/cmd/defaulter-gen",
"k8s.io/code-generator/cmd/deepcopy-gen",
"k8s.io/code-generator/cmd/conversion-gen",
"k8s.io/code-generator/cmd/client-gen",
Expand Down
2 changes: 1 addition & 1 deletion UPSTREAM-VERSION
Original file line number Diff line number Diff line change
@@ -1 +1 @@
v0.1.29
v0.1.30
2 changes: 1 addition & 1 deletion charts/catalog/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
name: catalog
description: service-catalog API server and controller-manager helm chart
version: 0.1.29
version: 0.1.30
6 changes: 4 additions & 2 deletions charts/catalog/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ chart and their default values.

| Parameter | Description | Default |
|-----------|-------------|---------|
| `image` | apiserver image to use | `quay.io/kubernetes-service-catalog/service-catalog:v0.1.29` |
| `image` | apiserver image to use | `quay.io/kubernetes-service-catalog/service-catalog:v0.1.30` |
| `imagePullPolicy` | `imagePullPolicy` for the service catalog | `Always` |
| `apiserver.annotations` | Annotations for apiserver pods | `{}` |
| `apiserver.nodeSelector` | A nodeSelector value to apply to the apiserver pods. If not specified, no nodeSelector will be applied | |
Expand All @@ -53,6 +53,8 @@ chart and their default values.
| `apiserver.storage.type` | The storage backend to use; the only valid value is `etcd`, left for other storages support in future, e.g. `crd` | `etcd` |
| `apiserver.storage.etcd.useEmbedded` | If storage type is `etcd`: Whether to embed an etcd container in the apiserver pod; THIS IS INADEQUATE FOR PRODUCTION USE! | `true` |
| `apiserver.storage.etcd.servers` | If storage type is `etcd`: etcd URL(s); override this if NOT using embedded etcd. Only etcd v3 is supported. | `http://localhost:2379` |
| `apiserver.storage.etcd.image` | etcd image to use | `quay.io/coreos/etcd:latest` |
| `apiserver.storage.etcd.imagePullPolicy` | `imagePullPolicy` for etcd | `Always` |
| `apiserver.storage.etcd.persistence.enabled` | Enable persistence using PVC | `false` |
| `apiserver.storage.etcd.persistence.storageClass` | PVC Storage Class | `nil` (uses alpha storage class annotation) |
| `apiserver.storage.etcd.persistence.accessMode` | PVC Access Mode | `ReadWriteOnce` |
Expand Down Expand Up @@ -82,7 +84,7 @@ chart and their default values.
| `controllerManager.resources` | Resources allocation (Requests and Limits) | `{requests: {cpu: 100m, memory: 20Mi}, limits: {cpu: 100m, memory: 30Mi}}` |
| `useAggregator` | whether or not to set up the controller-manager to go through the main Kubernetes API server's API aggregator | `true` |
| `rbacEnable` | If true, create & use RBAC resources | `true` |
| `originatingIdentityEnabled` | Whether the OriginatingIdentity alpha feature should be enabled | `false` |
| `originatingIdentityEnabled` | Whether the OriginatingIdentity feature should be enabled | `true` |
| `asyncBindingOperationsEnabled` | Whether or not alpha support for async binding operations is enabled | `false` |
| `namespacedServiceBrokerDisabled` | Whether or not alpha support for namespace scoped brokers is disabled | `false` |

Expand Down
23 changes: 18 additions & 5 deletions charts/catalog/templates/apiserver-deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -56,23 +56,31 @@ spec:
{{- if not .Values.apiserver.auth.enabled }}
- --disable-auth
{{- end }}
{{- if .Values.originatingIdentityEnabled }}
- --feature-gates
- OriginatingIdentity=true
{{- end }}
- OriginatingIdentity={{.Values.originatingIdentityEnabled}}
{{- if .Values.namespacedServiceBrokerDisabled }}
- --feature-gates
- NamespacedServiceBroker=false
{{- end }}
{{- if .Values.apiserver.serveOpenAPISpec }}
- --serve-openapi-spec
{{- end }}
{{- if .Values.apiserver.storage.etcd.tls.enabled }}
- --etcd-cafile=/var/run/etcd-client/etcd-client-ca.crt
- --etcd-certfile=/var/run/etcd-client/etcd-client.crt
- --etcd-keyfile=/var/run/etcd-client/etcd-client.key
{{- end }}
ports:
- containerPort: 8443
volumeMounts:
- name: apiserver-cert
mountPath: /var/run/kubernetes-service-catalog
readOnly: true
{{- if .Values.apiserver.storage.etcd.tls.enabled }}
- name: etcd-client-cert
mountPath: /var/run/etcd-client
readOnly: true
{{- end }}
{{- if .Values.apiserver.healthcheck.enabled }}
readinessProbe:
httpGet:
Expand All @@ -97,8 +105,8 @@ spec:
{{- end }}
{{- if and (eq .Values.apiserver.storage.type "etcd") .Values.apiserver.storage.etcd.useEmbedded }}
- name: etcd
image: quay.io/coreos/etcd:latest
imagePullPolicy: Always
image: {{ .Values.apiserver.storage.etcd.image }}
imagePullPolicy: {{ .Values.apiserver.storage.etcd.imagePullPolicy }}
resources:
{{ toYaml .Values.apiserver.storage.etcd.resources | indent 10 }}
env:
Expand Down Expand Up @@ -160,3 +168,8 @@ spec:
emptyDir: {}
{{- end }}
{{- end }}
{{- if .Values.apiserver.storage.etcd.tls.enabled }}
- name: etcd-client-cert
secret:
secretName: {{ .Values.apiserver.storage.etcd.tls.clientCertSecretName }}
{{- end }}
4 changes: 1 addition & 3 deletions charts/catalog/templates/controller-manager-deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -69,10 +69,8 @@ spec:
- --broker-relist-interval
- {{ .Values.controllerManager.brokerRelistInterval }}
{{- end }}
{{- if .Values.originatingIdentityEnabled }}
- --feature-gates
- OriginatingIdentity=true
{{- end }}
- OriginatingIdentity={{.Values.originatingIdentityEnabled}}
{{- if .Values.asyncBindingOperationsEnabled }}
- --feature-gates
- AsyncBindingOperations=true
Expand Down
19 changes: 16 additions & 3 deletions charts/catalog/values.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Default values for Service Catalog
# service-catalog image to use
image: quay.io/kubernetes-service-catalog/service-catalog:v0.1.29
image: quay.io/kubernetes-service-catalog/service-catalog:v0.1.30
# imagePullPolicy for the service-catalog; valid values are "IfNotPresent",
# "Never", and "Always"
imagePullPolicy: Always
Expand Down Expand Up @@ -58,11 +58,24 @@ apiserver:
type: etcd
# Further configuration for the etcd-based backend
etcd:
# Whether to enable TLS communitation with etcd
tls:
enabled: false
## If etcd tls is enabled you need to provide name of secret which stores 3 keys:
## etcd-client-ca.crt - SSL Certificate Authority file used to secure etcd communication
## etcd-client.crt - SSL certification file used to secure etcd communication.
## etcd-client.key - SSL key file used to secure etcd communication.
clientCertSecretName:
# Whether to embed an etcd container in the apiserver pod
# THIS IS INADEQUATE FOR PRODUCTION USE!
useEmbedded: true
# etcd URL(s); override this if NOT using embedded etcd
servers: http://localhost:2379
# etcd image to use
image: quay.io/coreos/etcd:latest
# imagePullPolicy for the etcd; valid values are "IfNotPresent",
# "Never", and "Always"
imagePullPolicy: Always
# etcd persistence options IF using embedded etcd
persistence:
enabled: false
Expand Down Expand Up @@ -148,8 +161,8 @@ controllerManager:
limits:
cpu: 100m
memory: 30Mi
# Whether the OriginatingIdentity alpha feature should be enabled
originatingIdentityEnabled: false
# Whether the OriginatingIdentity feature should be enabled
originatingIdentityEnabled: true
# Whether the AsyncBindingOperations alpha feature should be enabled
asyncBindingOperationsEnabled: false
# Whether the NamespacedServiceBroker alpha feature should be disabled
Expand Down
88 changes: 77 additions & 11 deletions cmd/svcat/broker/register_cmd.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,23 +18,43 @@ package broker

import (
"fmt"
"os"
"strings"
"time"

"github.com/kubernetes-incubator/service-catalog/cmd/svcat/command"
"github.com/kubernetes-incubator/service-catalog/cmd/svcat/output"
"github.com/kubernetes-incubator/service-catalog/pkg/apis/servicecatalog/v1beta1"
servicecatalog "github.com/kubernetes-incubator/service-catalog/pkg/svcat/service-catalog"
"github.com/spf13/cobra"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)

// RegisterCmd contains the information needed to register a broker
type RegisterCmd struct {
BrokerName string
Context *command.Context
URL string
*command.Namespaced
*command.Waitable

Context *command.Context

BasicSecret string
BearerSecret string
BrokerName string
CAFile string
ClassRestrictions []string
PlanRestrictions []string
SkipTLS bool
RelistBehavior string
RelistDuration time.Duration
URL string
}

// NewRegisterCmd builds a "svcat register" command
func NewRegisterCmd(cxt *command.Context) *cobra.Command {
registerCmd := &RegisterCmd{
Context: cxt,
Context: cxt,
Namespaced: command.NewNamespaced(cxt),
Waitable: command.NewWaitable(),
}
cmd := &cobra.Command{
Use: "register NAME --url URL",
Expand All @@ -48,27 +68,73 @@ func NewRegisterCmd(cxt *command.Context) *cobra.Command {
cmd.Flags().StringVar(&registerCmd.URL, "url", "",
"The broker URL (Required)")
cmd.MarkFlagRequired("url")
cmd.Flags().StringVar(&registerCmd.BasicSecret, "basic-secret", "",
"A secret containing basic auth (username/password) information to connect to the broker")
cmd.Flags().StringVar(&registerCmd.BearerSecret, "bearer-secret", "",
"A secret containing a bearer token to connect to the broker")
cmd.Flags().StringVar(&registerCmd.CAFile, "ca", "",
"A file containing the CA certificate to connect to the broker")
cmd.Flags().StringSliceVar(&registerCmd.ClassRestrictions, "class-restrictions", []string{},
"A list of restrictions to apply to the classes allowed from the broker")
cmd.Flags().StringSliceVar(&registerCmd.PlanRestrictions, "plan-restrictions", []string{},
"A list of restrictions to apply to the plans allowed from the broker")
cmd.Flags().StringVar(&registerCmd.RelistBehavior, "relist-behavior", "",
"Behavior for relisting the broker's catalog. Valid options are manual or duration. Defaults to duration with an interval of 15m.")
cmd.Flags().DurationVar(&registerCmd.RelistDuration, "relist-duration", 0*time.Second,
"Interval to refetch broker catalog when relist-behavior is set to duration, specified in human readable format: 30s, 1m, 1h")
cmd.Flags().BoolVar(&registerCmd.SkipTLS, "skip-tls", false,
"Disables TLS certificate verification when communicating with this broker. This is strongly discouraged. You should use --ca instead.")
registerCmd.AddNamespaceFlags(cmd.Flags(), false)
registerCmd.AddWaitFlags(cmd)

return cmd
}

// Validate checks that the required arguements have been provided
func (c *RegisterCmd) Validate(args []string) error {
if len(args) == 0 {
if len(args) < 1 {
return fmt.Errorf("a broker name is required")
}
c.BrokerName = args[0]

if c.BasicSecret != "" && c.BearerSecret != "" {
return fmt.Errorf("cannot use both basic auth and bearer auth")
}

if c.CAFile != "" {
_, err := os.Stat(c.CAFile)
if err != nil {
return fmt.Errorf("error finding CA file: %v", err.Error())
}
}
if c.RelistBehavior != "" {
c.RelistBehavior = strings.ToLower(c.RelistBehavior)
if c.RelistBehavior != "duration" && c.RelistBehavior != "manual" {
return fmt.Errorf("invalid --relist-duration value, allowed values are: duration, manual")
}
}
return nil
}

// Run runs the command
// Run creates the broker and then displays the broker details
func (c *RegisterCmd) Run() error {
return c.Register()
}
opts := &servicecatalog.RegisterOptions{
BasicSecret: c.BasicSecret,
BearerSecret: c.BearerSecret,
CAFile: c.CAFile,
ClassRestrictions: c.ClassRestrictions,
Namespace: c.Namespace,
PlanRestrictions: c.PlanRestrictions,
SkipTLS: c.SkipTLS,
}
if c.RelistBehavior == "duration" {
opts.RelistBehavior = v1beta1.ServiceBrokerRelistBehaviorDuration
opts.RelistDuration = &metav1.Duration{Duration: c.RelistDuration}
} else if c.RelistBehavior == "manual" {
opts.RelistBehavior = v1beta1.ServiceBrokerRelistBehaviorManual
}

// Register calls out to the pkg lib to create the broker and displays the output
func (c *RegisterCmd) Register() error {
broker, err := c.Context.App.Register(c.BrokerName, c.URL)
broker, err := c.Context.App.Register(c.BrokerName, c.URL, opts)
if err != nil {
return err
}
Expand Down
Loading

0 comments on commit ed60ced

Please sign in to comment.