Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make DNS not need its own token #10150

Merged
merged 5 commits into from
Jun 27, 2015
Merged

Make DNS not need its own token #10150

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
88ce0ad
Clean up Changelog
thockin Jun 20, 2015
2b4da35
Make kube2sky fall back on service accounts
thockin Jun 20, 2015
1ce7f1b
Stop using special tokens for DNS
thockin Jun 25, 2015
07e75c1
Use v1 API
thockin Jun 25, 2015
6757a1c
Use the svc.cluster.local name for DNS health checks
thockin Jun 26, 2015
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
2 changes: 1 addition & 1 deletion cluster/addons/dns/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,7 @@ Create a file named busybox.yaml with the
following contents:

```yaml
apiVersion: v1beta3
apiVersion: v1
kind: Pod
metadata:
name: busybox
Expand Down
20 changes: 14 additions & 6 deletions cluster/addons/dns/kube2sky/Changelog
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,20 @@
* Fri May 15 2015 Tim Hockin <thockin@google.com>
- First Changelog entry
- Current version is 1.4
## Version 1.10 (Jun 19 2015 Tim Hockin <thockin@google.com>)
- Fall back on service account tokens if no other auth is specified.


## Version 1.7 (May 25 2015 Vishnu Kannan <vishnuk@google.com>)
- Adding support for headless services. All pods backing a headless service is addressible via DNS RR.
## Version 1.9 (May 28 2015 Abhishek Shah <abshah@google.com>)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This version's PR was sent on June 1st and merged on June 5th.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I got the date that was missing from the commits or something. The exact
dates are not so important.

On Fri, Jun 19, 2015 at 9:24 PM, Robert Bailey notifications@github.com
wrote:

In cluster/addons/dns/kube2sky/Changelog
#10150 (comment)
:

-## Version 1.7 (May 25 2015 Vishnu Kannan vishnuk@google.com)
-- Adding support for headless services. All pods backing a headless service is addressible via DNS RR.
+## Version 1.9 (May 28 2015 Abhishek Shah abshah@google.com)

This version's PR was sent on June 1st and merged on June 5th.


Reply to this email directly or view it on GitHub
https://github.com/GoogleCloudPlatform/kubernetes/pull/10150/files#r32882045
.

- Add SRV support.


## Version 1.8 (May 18 2015 Vishnu Kannan <vishnuk@google.com>)
## Version 1.8 (May 28 2015 Vishnu Kannan <vishnuk@google.com>)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This version's PR was sent on may 22nd and merged on june 2nd.

- Avoid making connections to the master insecure by default
- Let users override the master URL in kubeconfig via a flag


## Version 1.7 (May 25 2015 Vishnu Kannan <vishnuk@google.com>)
- Adding support for headless services. All pods backing a headless service is
addressible via DNS RR.


## Version 1.4 (Fri May 15 2015 Tim Hockin <thockin@google.com>)
- First Changelog entry
2 changes: 1 addition & 1 deletion cluster/addons/dns/kube2sky/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@

.PHONY: all kube2sky container push clean test

TAG = 1.9
TAG = 1.10
PREFIX = gcr.io/google_containers

all: container
Expand Down
32 changes: 18 additions & 14 deletions cluster/addons/dns/kube2sky/kube2sky.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,10 +46,11 @@ import (
)

var (
// TODO: switch to pflag and make - and _ equivalent.
argDomain = flag.String("domain", "cluster.local", "domain under which to create names")
argEtcdMutationTimeout = flag.Duration("etcd_mutation_timeout", 10*time.Second, "crash after retrying etcd mutation for a specified duration")
argEtcdServer = flag.String("etcd-server", "http://127.0.0.1:4001", "URL to etcd server")
argKubecfgFile = flag.String("kubecfg_file", "", "Location of kubecfg file for access to kubernetes service")
argKubecfgFile = flag.String("kubecfg_file", "", "Location of kubecfg file for access to kubernetes master service; --kube_master_url overrides the URL part of this; if neither this nor --kube_master_url are provided, defaults to service account tokens")
argKubeMasterURL = flag.String("kube_master_url", "", "URL to reach kubernetes master. Env variables in this flag will be expanded.")
)

Expand Down Expand Up @@ -405,7 +406,7 @@ func newEtcdClient(etcdServer string) (*etcd.Client, error) {
return client, nil
}

func getKubeMasterURL() (string, error) {
func expandKubeMasterURL() (string, error) {
parsedURL, err := url.Parse(os.ExpandEnv(*argKubeMasterURL))
if err != nil {
return "", fmt.Errorf("failed to parse --kube_master_url %s - %v", *argKubeMasterURL, err)
Expand All @@ -423,31 +424,34 @@ func newKubeClient() (*kclient.Client, error) {
err error
masterURL string
)
// If the user specified --kube_master_url, expand env vars and verify it.
if *argKubeMasterURL != "" {
masterURL, err = getKubeMasterURL()
masterURL, err = expandKubeMasterURL()
if err != nil {
return nil, err
}
}
if *argKubecfgFile == "" {
if masterURL == "" {
return nil, fmt.Errorf("--kube_master_url must be set when --kubecfg_file is not set")
}
if masterURL != "" && *argKubecfgFile == "" {
// Only --kube_master_url was provided.
config = &kclient.Config{
Host: masterURL,
Version: "v1beta3",
Version: "v1",
}
} else {
// We either have:
// 1) --kube_master_url and --kubecfg_file
// 2) just --kubecfg_file
// 3) neither flag
// In any case, the logic is the same. If (3), this will automatically
// fall back on the service account token.
overrides := &kclientcmd.ConfigOverrides{}
if masterURL != "" {
overrides.ClusterInfo.Server = masterURL
}
if config, err = kclientcmd.NewNonInteractiveDeferredLoadingClientConfig(
&kclientcmd.ClientConfigLoadingRules{ExplicitPath: *argKubecfgFile},
overrides).ClientConfig(); err != nil {
overrides.ClusterInfo.Server = masterURL // might be "", but that is OK
rules := &kclientcmd.ClientConfigLoadingRules{ExplicitPath: *argKubecfgFile} // might be "", but that is OK
if config, err = kclientcmd.NewNonInteractiveDeferredLoadingClientConfig(rules, overrides).ClientConfig(); err != nil {
return nil, err
}
}

glog.Infof("Using %s for kubernetes master", config.Host)
glog.Infof("Using kubernetes API %s", config.Version)
return kclient.New(config)
Expand Down
24 changes: 8 additions & 16 deletions cluster/addons/dns/skydns-rc.yaml.in
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,21 +1,22 @@
apiVersion: v1beta3
apiVersion: v1
kind: ReplicationController
metadata:
name: kube-dns-v3
name: kube-dns-v4
namespace: default
labels:
k8s-app: kube-dns-v3
k8s-app: kube-dns
version: v4
kubernetes.io/cluster-service: "true"
spec:
replicas: {{ pillar['dns_replicas'] }}
selector:
k8s-app: kube-dns
version: v3
version: v4
template:
metadata:
labels:
k8s-app: kube-dns
version: v3
version: v4
kubernetes.io/cluster-service: "true"
spec:
containers:
Expand All @@ -30,15 +31,10 @@ spec:
- -initial-cluster-token
- skydns-etcd
- name: kube2sky
image: gcr.io/google_containers/kube2sky:1.9
image: gcr.io/google_containers/kube2sky:1.10
args:
# command = "/kube2sky"
- -domain={{ pillar['dns_domain'] }}
- -kubecfg_file=/etc/dns_token/kubeconfig
volumeMounts:
- mountPath: /etc/dns_token
name: dns-token
readOnly: true
- name: skydns
image: gcr.io/google_containers/skydns:2015-03-11-001
args:
Expand All @@ -58,11 +54,7 @@ spec:
command:
- /bin/sh
- -c
- nslookup kubernetes.default.{{ pillar['dns_domain'] }} localhost >/dev/null
- nslookup kubernetes.default.svc.{{ pillar['dns_domain'] }} localhost >/dev/null
initialDelaySeconds: 30
timeoutSeconds: 5
dnsPolicy: Default # Don't use cluster DNS.
volumes:
- name: dns-token
secret:
secretName: token-system-dns
4 changes: 2 additions & 2 deletions cluster/addons/dns/skydns-svc.yaml.in
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
apiVersion: v1beta3
apiVersion: v1
kind: Service
metadata:
name: kube-dns
Expand All @@ -10,7 +10,7 @@ metadata:
spec:
selector:
k8s-app: kube-dns
portalIP: {{ pillar['dns_server'] }}
clusterIP: {{ pillar['dns_server'] }}
ports:
- name: dns
port: 53
Expand Down