Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ubernetes-Lite: reuse existing configuration when reusing master #22594

Merged
merged 1 commit into from Mar 10, 2016
+58 −2
Merged

Ubernetes-Lite: reuse existing configuration when reusing master #22594

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
20 changes: 18 additions & 2 deletions cluster/aws/util.sh
View file
Open in desktop
Expand Up @@ -190,6 +190,16 @@ function detect-master() {
echo "Using master: $KUBE_MASTER (external IP: $KUBE_MASTER_IP)"
}

# Reads kube-env metadata from master
#
# Assumed vars:
# KUBE_MASTER_IP
# AWS_SSH_KEY
# SSH_USER
function get-master-env() {
ssh -oStrictHostKeyChecking=no -i "${AWS_SSH_KEY}" ${SSH_USER}@${KUBE_MASTER_IP} sudo cat /etc/kubernetes/kube_env.yaml
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: It's not clear to me why sudo would not prompt for an interactive password entry here. But it you've tested it, I guess it doesn't. Any idea why @justinsb ?

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Aah, re-reading the man page, I guess one of these applies?

Authentication and logging
       sudo requires that most users authenticate themselves by default.  A password is not required if the invoking user is root, if the target user is
       the same as the invoking user, or if the authentication has been disabled for the user or command in the sudoers file.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes - it's because all AWS images have a non-root account which you SSH in to, but that user is set up to allow passwordless sudo. (Because there's no way to communicate a password). At least all the images I've ever seen!

}


function query-running-minions () {
local query=$1
Expand Down Expand Up @@ -453,8 +463,14 @@ function authorize-security-group-ingress {
function find-master-pd {
local name=${MASTER_NAME}-pd
if [[ -z "${MASTER_DISK_ID}" ]]; then
local zone_filter="Name=availability-zone,Values=${ZONE}"
if [[ "${KUBE_USE_EXISTING_MASTER:-}" == "true" ]]; then
# If we're reusing an existing master, it is likely to be in another zone
# If running multizone, your cluster must be uniquely named across zones
zone_filter=""
fi
MASTER_DISK_ID=`$AWS_CMD describe-volumes \
--filters Name=availability-zone,Values=${ZONE} \
--filters ${zone_filter} \
Name=tag:Name,Values=${name} \
Name=tag:KubernetesCluster,Values=${CLUSTER_ID} \
--query Volumes[].VolumeId`
Expand Down Expand Up @@ -927,8 +943,8 @@ function kube-up {

# KUBE_USE_EXISTING_MASTER is used to add minions to an existing master
if [[ "${KUBE_USE_EXISTING_MASTER:-}" == "true" ]]; then
# Detect existing master
detect-master
parse-master-env

# Start minions
start-minions
Expand Down
26 changes: 26 additions & 0 deletions cluster/common.sh
View file
Open in desktop
Expand Up @@ -715,3 +715,29 @@ function create-certs {
KUBECFG_CERT_BASE64=$(cat "${CERT_DIR}/pki/issued/kubecfg.crt" | base64 | tr -d '\r\n')
KUBECFG_KEY_BASE64=$(cat "${CERT_DIR}/pki/private/kubecfg.key" | base64 | tr -d '\r\n')
}

#
# Using provided master env, extracts value from provided key.
#
# Args:
# $1 master env (kube-env of master; result of calling get-master-env)
# $2 env key to use
function get-env-val() {
local match=`(echo "${1}" | grep ${2}) || echo ""`
if [[ -z ${match} ]]; then
echo ""
fi
echo ${match} | cut -d : -f 2 | cut -d \' -f 2
}

# Load the master env by calling get-master-env, and extract important values
function parse-master-env() {
# Get required master env vars
local master_env=$(get-master-env)
KUBELET_TOKEN=$(get-env-val "${master_env}" "KUBELET_TOKEN")
KUBE_PROXY_TOKEN=$(get-env-val "${master_env}" "KUBE_PROXY_TOKEN")
CA_CERT_BASE64=$(get-env-val "${master_env}" "CA_CERT")
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: Is it worth being consistent about the "_BASE64" suffix here and below? Is there a good reason to append it to the local environment variable and not the master one?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"sins of the past" I believe. I agree that renaming it throughout our scripts would be a good idea.

EXTRA_DOCKER_OPTS=$(get-env-val "${master_env}" "EXTRA_DOCKER_OPTS")
KUBELET_CERT_BASE64=$(get-env-val "${master_env}" "KUBELET_CERT")
KUBELET_KEY_BASE64=$(get-env-val "${master_env}" "KUBELET_KEY")
}
14 changes: 14 additions & 0 deletions cluster/gce/util.sh
View file
Open in desktop
Expand Up @@ -325,6 +325,19 @@ function detect-master () {
echo "Using master: $KUBE_MASTER (external IP: $KUBE_MASTER_IP)"
}

# Reads kube-env metadata from master
#
# Assumed vars:
# KUBE_MASTER
# PROJECT
# ZONE
function get-master-env() {
# TODO(zmerlynn): Make this more reliable with retries.
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: How did zmerlynn's comment get in here? Is this code cut 'n pasted from somewhere else, not reflected in this PR? Just curious, mainly.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is "liberated" from the upgrade script yes. I hope that if we get this merged, then maybe we can even get the upgrade script working again in kube-up. Maybe :-) cc @zmerlynn

gcloud compute --project ${PROJECT} ssh --zone ${ZONE} ${KUBE_MASTER} --command \
"curl --fail --silent -H 'Metadata-Flavor: Google' \
'http://metadata/computeMetadata/v1/instance/attributes/kube-env'" 2>/dev/null
}

# Robustly try to create a static ip.
# $1: The name of the ip to create
# $2: The name of the region to create the ip in.
Expand Down Expand Up @@ -523,6 +536,7 @@ function kube-up {
set_num_migs

if [[ ${KUBE_USE_EXISTING_MASTER:-} == "true" ]]; then
parse-master-env
create-nodes
create-autoscaler
else
Expand Down