Merge pull request kubernetes-retired#21 from jboyd01/v0.1.30-rebase-…

…master

V0.1.30 rebase master

Gopkg.toml

@@ -13,8 +13,7 @@
 # Force dep to vendor the code generators, which aren't imported just used at dev time.
 # Picking a subpackage with Go code won't be necessary once https://github.com/golang/dep/pull/1545 is merged.
 required = [
-  "github.com/jteeuwen/go-bindata/go-bindata",
-  "k8s.io/code-generator/cmd/defaulter-gen",
+  "github.com/jteeuwen/go-bindata/go-bindata","k8s.io/code-generator/cmd/defaulter-gen",
   "k8s.io/code-generator/cmd/deepcopy-gen",
   "k8s.io/code-generator/cmd/conversion-gen",
   "k8s.io/code-generator/cmd/client-gen",

UPSTREAM-VERSION

@@ -1 +1 @@
-v0.1.29
+v0.1.30

charts/catalog/Chart.yaml

@@ -1,3 +1,3 @@
 name: catalog
 description: service-catalog API server and controller-manager helm chart
-version: 0.1.29
+version: 0.1.30

charts/catalog/README.md

@@ -40,7 +40,7 @@ chart and their default values.
 
 | Parameter | Description | Default |
 |-----------|-------------|---------|
-| `image` | apiserver image to use | `quay.io/kubernetes-service-catalog/service-catalog:v0.1.29` |
+| `image` | apiserver image to use | `quay.io/kubernetes-service-catalog/service-catalog:v0.1.30` |
 | `imagePullPolicy` | `imagePullPolicy` for the service catalog | `Always` |
 | `apiserver.annotations` | Annotations for apiserver pods | `{}` |
 | `apiserver.nodeSelector` | A nodeSelector value to apply to the apiserver pods. If not specified, no nodeSelector will be applied | |
@@ -53,6 +53,8 @@ chart and their default values.
 | `apiserver.storage.type` | The storage backend to use; the only valid value is `etcd`, left for other storages support in future, e.g. `crd` | `etcd` |
 | `apiserver.storage.etcd.useEmbedded` | If storage type is `etcd`: Whether to embed an etcd container in the apiserver pod; THIS IS INADEQUATE FOR PRODUCTION USE! | `true` |
 | `apiserver.storage.etcd.servers` | If storage type is `etcd`: etcd URL(s); override this if NOT using embedded etcd. Only etcd v3 is supported. | `http://localhost:2379` |
+| `apiserver.storage.etcd.image` | etcd image to use | `quay.io/coreos/etcd:latest` |
+| `apiserver.storage.etcd.imagePullPolicy` | `imagePullPolicy` for etcd | `Always` |
 | `apiserver.storage.etcd.persistence.enabled` | Enable persistence using PVC | `false` |
 | `apiserver.storage.etcd.persistence.storageClass` | PVC Storage Class | `nil` (uses alpha storage class annotation) |
 | `apiserver.storage.etcd.persistence.accessMode` | PVC Access Mode | `ReadWriteOnce` |
@@ -82,7 +84,7 @@ chart and their default values.
 | `controllerManager.resources` | Resources allocation (Requests and Limits) | `{requests: {cpu: 100m, memory: 20Mi}, limits: {cpu: 100m, memory: 30Mi}}` |
 | `useAggregator` | whether or not to set up the controller-manager to go through the main Kubernetes API server's API aggregator | `true` |
 | `rbacEnable` | If true, create & use RBAC resources | `true` |
-| `originatingIdentityEnabled` | Whether the OriginatingIdentity alpha feature should be enabled | `false` |
+| `originatingIdentityEnabled` | Whether the OriginatingIdentity feature should be enabled | `true` |
 | `asyncBindingOperationsEnabled` | Whether or not alpha support for async binding operations is enabled | `false` |
 | `namespacedServiceBrokerDisabled` | Whether or not alpha support for namespace scoped brokers is disabled | `false` |
 

charts/catalog/templates/apiserver-deployment.yaml

@@ -56,23 +56,31 @@ spec:
         {{- if not .Values.apiserver.auth.enabled }}
         - --disable-auth
         {{- end }}
-        {{- if .Values.originatingIdentityEnabled }}
         - --feature-gates
-        - OriginatingIdentity=true
-        {{- end }}
+        - OriginatingIdentity={{.Values.originatingIdentityEnabled}}
         {{- if .Values.namespacedServiceBrokerDisabled }}
         - --feature-gates
         - NamespacedServiceBroker=false
         {{- end }}
         {{- if .Values.apiserver.serveOpenAPISpec }}
         - --serve-openapi-spec
         {{- end }}
+        {{- if .Values.apiserver.storage.etcd.tls.enabled }}
+        - --etcd-cafile=/var/run/etcd-client/etcd-client-ca.crt
+        - --etcd-certfile=/var/run/etcd-client/etcd-client.crt
+        - --etcd-keyfile=/var/run/etcd-client/etcd-client.key
+        {{- end }}
         ports:
         - containerPort: 8443
         volumeMounts:
         - name: apiserver-cert
           mountPath: /var/run/kubernetes-service-catalog
           readOnly: true
+        {{- if .Values.apiserver.storage.etcd.tls.enabled }}
+        - name: etcd-client-cert
+          mountPath: /var/run/etcd-client
+          readOnly: true
+        {{- end }}
         {{- if .Values.apiserver.healthcheck.enabled }}
         readinessProbe:
           httpGet:
@@ -97,8 +105,8 @@ spec:
         {{- end }}
       {{- if and (eq .Values.apiserver.storage.type "etcd") .Values.apiserver.storage.etcd.useEmbedded }}
       - name: etcd
-        image: quay.io/coreos/etcd:latest
-        imagePullPolicy: Always
+        image: {{ .Values.apiserver.storage.etcd.image }}
+        imagePullPolicy: {{ .Values.apiserver.storage.etcd.imagePullPolicy }}
         resources:
 {{ toYaml .Values.apiserver.storage.etcd.resources | indent 10 }}
         env:
@@ -160,3 +168,8 @@ spec:
         emptyDir: {}
       {{- end }}
       {{- end }}
+      {{- if .Values.apiserver.storage.etcd.tls.enabled }}
+      - name: etcd-client-cert
+        secret:
+          secretName: {{ .Values.apiserver.storage.etcd.tls.clientCertSecretName }}
+      {{- end }}

charts/catalog/templates/controller-manager-deployment.yaml

@@ -69,10 +69,8 @@ spec:
         - --broker-relist-interval
         - {{ .Values.controllerManager.brokerRelistInterval }}
         {{- end }}
-        {{- if .Values.originatingIdentityEnabled }}
         - --feature-gates
-        - OriginatingIdentity=true
-        {{- end }}
+        - OriginatingIdentity={{.Values.originatingIdentityEnabled}}
         {{- if .Values.asyncBindingOperationsEnabled }}
         - --feature-gates
         - AsyncBindingOperations=true

charts/catalog/values.yaml

@@ -1,6 +1,6 @@
 # Default values for Service Catalog
 # service-catalog image to use
-image: quay.io/kubernetes-service-catalog/service-catalog:v0.1.29
+image: quay.io/kubernetes-service-catalog/service-catalog:v0.1.30
 # imagePullPolicy for the service-catalog; valid values are "IfNotPresent",
 # "Never", and "Always"
 imagePullPolicy: Always
@@ -58,11 +58,24 @@ apiserver:
     type: etcd
     # Further configuration for the etcd-based backend
     etcd:
+      # Whether to enable TLS communitation with etcd
+      tls:
+        enabled: false
+        ## If etcd tls is enabled you need to provide name of secret which stores 3 keys:
+        ## etcd-client-ca.crt - SSL Certificate Authority file used to secure etcd communication
+        ## etcd-client.crt - SSL certification file used to secure etcd communication.
+        ## etcd-client.key - SSL key file used to secure etcd communication.
+        clientCertSecretName: 
       # Whether to embed an etcd container in the apiserver pod
       # THIS IS INADEQUATE FOR PRODUCTION USE!
       useEmbedded: true
       # etcd URL(s); override this if NOT using embedded etcd
       servers: http://localhost:2379
+      # etcd image to use
+      image: quay.io/coreos/etcd:latest
+      # imagePullPolicy for the etcd; valid values are "IfNotPresent",
+      # "Never", and "Always"
+      imagePullPolicy: Always
       # etcd persistence options IF using embedded etcd
       persistence:
         enabled: false
@@ -148,8 +161,8 @@ controllerManager:
     limits:
       cpu: 100m
       memory: 30Mi
-# Whether the OriginatingIdentity alpha feature should be enabled
-originatingIdentityEnabled: false
+# Whether the OriginatingIdentity feature should be enabled
+originatingIdentityEnabled: true
 # Whether the AsyncBindingOperations alpha feature should be enabled
 asyncBindingOperationsEnabled: false
 # Whether the NamespacedServiceBroker alpha feature should be disabled

cmd/svcat/broker/register_cmd.go

@@ -18,23 +18,43 @@ package broker
 
 import (
 	"fmt"
+	"os"
+	"strings"
+	"time"
 
 	"github.com/kubernetes-incubator/service-catalog/cmd/svcat/command"
 	"github.com/kubernetes-incubator/service-catalog/cmd/svcat/output"
+	"github.com/kubernetes-incubator/service-catalog/pkg/apis/servicecatalog/v1beta1"
+	servicecatalog "github.com/kubernetes-incubator/service-catalog/pkg/svcat/service-catalog"
 	"github.com/spf13/cobra"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
 // RegisterCmd contains the information needed to register a broker
 type RegisterCmd struct {
-	BrokerName string
-	Context    *command.Context
-	URL        string
+	*command.Namespaced
+	*command.Waitable
+
+	Context *command.Context
+
+	BasicSecret       string
+	BearerSecret      string
+	BrokerName        string
+	CAFile            string
+	ClassRestrictions []string
+	PlanRestrictions  []string
+	SkipTLS           bool
+	RelistBehavior    string
+	RelistDuration    time.Duration
+	URL               string
 }
 
 // NewRegisterCmd builds a "svcat register" command
 func NewRegisterCmd(cxt *command.Context) *cobra.Command {
 	registerCmd := &RegisterCmd{
-		Context: cxt,
+		Context:    cxt,
+		Namespaced: command.NewNamespaced(cxt),
+		Waitable:   command.NewWaitable(),
 	}
 	cmd := &cobra.Command{
 		Use:   "register NAME --url URL",
@@ -48,27 +68,73 @@ func NewRegisterCmd(cxt *command.Context) *cobra.Command {
 	cmd.Flags().StringVar(&registerCmd.URL, "url", "",
 		"The broker URL (Required)")
 	cmd.MarkFlagRequired("url")
+	cmd.Flags().StringVar(&registerCmd.BasicSecret, "basic-secret", "",
+		"A secret containing basic auth (username/password) information to connect to the broker")
+	cmd.Flags().StringVar(&registerCmd.BearerSecret, "bearer-secret", "",
+		"A secret containing a bearer token to connect to the broker")
+	cmd.Flags().StringVar(&registerCmd.CAFile, "ca", "",
+		"A file containing the CA certificate to connect to the broker")
+	cmd.Flags().StringSliceVar(&registerCmd.ClassRestrictions, "class-restrictions", []string{},
+		"A list of restrictions to apply to the classes allowed from the broker")
+	cmd.Flags().StringSliceVar(&registerCmd.PlanRestrictions, "plan-restrictions", []string{},
+		"A list of restrictions to apply to the plans allowed from the broker")
+	cmd.Flags().StringVar(&registerCmd.RelistBehavior, "relist-behavior", "",
+		"Behavior for relisting the broker's catalog. Valid options are manual or duration. Defaults to duration with an interval of 15m.")
+	cmd.Flags().DurationVar(&registerCmd.RelistDuration, "relist-duration", 0*time.Second,
+		"Interval to refetch broker catalog when relist-behavior is set to duration, specified in human readable format: 30s, 1m, 1h")
+	cmd.Flags().BoolVar(&registerCmd.SkipTLS, "skip-tls", false,
+		"Disables TLS certificate verification when communicating with this broker. This is strongly discouraged. You should use --ca instead.")
+	registerCmd.AddNamespaceFlags(cmd.Flags(), false)
+	registerCmd.AddWaitFlags(cmd)
+
 	return cmd
 }
 
 // Validate checks that the required arguements have been provided
 func (c *RegisterCmd) Validate(args []string) error {
-	if len(args) == 0 {
+	if len(args) < 1 {
 		return fmt.Errorf("a broker name is required")
 	}
 	c.BrokerName = args[0]
 
+	if c.BasicSecret != "" && c.BearerSecret != "" {
+		return fmt.Errorf("cannot use both basic auth and bearer auth")
+	}
+
+	if c.CAFile != "" {
+		_, err := os.Stat(c.CAFile)
+		if err != nil {
+			return fmt.Errorf("error finding CA file: %v", err.Error())
+		}
+	}
+	if c.RelistBehavior != "" {
+		c.RelistBehavior = strings.ToLower(c.RelistBehavior)
+		if c.RelistBehavior != "duration" && c.RelistBehavior != "manual" {
+			return fmt.Errorf("invalid --relist-duration value, allowed values are: duration, manual")
+		}
+	}
 	return nil
 }
 
-// Run runs the command
+// Run creates the broker and then displays the broker details
 func (c *RegisterCmd) Run() error {
-	return c.Register()
-}
+	opts := &servicecatalog.RegisterOptions{
+		BasicSecret:       c.BasicSecret,
+		BearerSecret:      c.BearerSecret,
+		CAFile:            c.CAFile,
+		ClassRestrictions: c.ClassRestrictions,
+		Namespace:         c.Namespace,
+		PlanRestrictions:  c.PlanRestrictions,
+		SkipTLS:           c.SkipTLS,
+	}
+	if c.RelistBehavior == "duration" {
+		opts.RelistBehavior = v1beta1.ServiceBrokerRelistBehaviorDuration
+		opts.RelistDuration = &metav1.Duration{Duration: c.RelistDuration}
+	} else if c.RelistBehavior == "manual" {
+		opts.RelistBehavior = v1beta1.ServiceBrokerRelistBehaviorManual
+	}
 
-// Register calls out to the pkg lib to create the broker and displays the output
-func (c *RegisterCmd) Register() error {
-	broker, err := c.Context.App.Register(c.BrokerName, c.URL)
+	broker, err := c.Context.App.Register(c.BrokerName, c.URL, opts)
 	if err != nil {
 		return err
 	}