-
Notifications
You must be signed in to change notification settings - Fork 38.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ubernetes-Lite: reuse existing configuration when reusing master #22594
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -715,3 +715,29 @@ function create-certs { | |
KUBECFG_CERT_BASE64=$(cat "${CERT_DIR}/pki/issued/kubecfg.crt" | base64 | tr -d '\r\n') | ||
KUBECFG_KEY_BASE64=$(cat "${CERT_DIR}/pki/private/kubecfg.key" | base64 | tr -d '\r\n') | ||
} | ||
|
||
# | ||
# Using provided master env, extracts value from provided key. | ||
# | ||
# Args: | ||
# $1 master env (kube-env of master; result of calling get-master-env) | ||
# $2 env key to use | ||
function get-env-val() { | ||
local match=`(echo "${1}" | grep ${2}) || echo ""` | ||
if [[ -z ${match} ]]; then | ||
echo "" | ||
fi | ||
echo ${match} | cut -d : -f 2 | cut -d \' -f 2 | ||
} | ||
|
||
# Load the master env by calling get-master-env, and extract important values | ||
function parse-master-env() { | ||
# Get required master env vars | ||
local master_env=$(get-master-env) | ||
KUBELET_TOKEN=$(get-env-val "${master_env}" "KUBELET_TOKEN") | ||
KUBE_PROXY_TOKEN=$(get-env-val "${master_env}" "KUBE_PROXY_TOKEN") | ||
CA_CERT_BASE64=$(get-env-val "${master_env}" "CA_CERT") | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. nit: Is it worth being consistent about the "_BASE64" suffix here and below? Is there a good reason to append it to the local environment variable and not the master one? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. "sins of the past" I believe. I agree that renaming it throughout our scripts would be a good idea. |
||
EXTRA_DOCKER_OPTS=$(get-env-val "${master_env}" "EXTRA_DOCKER_OPTS") | ||
KUBELET_CERT_BASE64=$(get-env-val "${master_env}" "KUBELET_CERT") | ||
KUBELET_KEY_BASE64=$(get-env-val "${master_env}" "KUBELET_KEY") | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -325,6 +325,19 @@ function detect-master () { | |
echo "Using master: $KUBE_MASTER (external IP: $KUBE_MASTER_IP)" | ||
} | ||
|
||
# Reads kube-env metadata from master | ||
# | ||
# Assumed vars: | ||
# KUBE_MASTER | ||
# PROJECT | ||
# ZONE | ||
function get-master-env() { | ||
# TODO(zmerlynn): Make this more reliable with retries. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. nit: How did zmerlynn's comment get in here? Is this code cut 'n pasted from somewhere else, not reflected in this PR? Just curious, mainly. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This is "liberated" from the upgrade script yes. I hope that if we get this merged, then maybe we can even get the upgrade script working again in kube-up. Maybe :-) cc @zmerlynn |
||
gcloud compute --project ${PROJECT} ssh --zone ${ZONE} ${KUBE_MASTER} --command \ | ||
"curl --fail --silent -H 'Metadata-Flavor: Google' \ | ||
'http://metadata/computeMetadata/v1/instance/attributes/kube-env'" 2>/dev/null | ||
} | ||
|
||
# Robustly try to create a static ip. | ||
# $1: The name of the ip to create | ||
# $2: The name of the region to create the ip in. | ||
|
@@ -523,6 +536,7 @@ function kube-up { | |
set_num_migs | ||
|
||
if [[ ${KUBE_USE_EXISTING_MASTER:-} == "true" ]]; then | ||
parse-master-env | ||
create-nodes | ||
create-autoscaler | ||
else | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: It's not clear to me why sudo would not prompt for an interactive password entry here. But it you've tested it, I guess it doesn't. Any idea why @justinsb ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Aah, re-reading the man page, I guess one of these applies?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes - it's because all AWS images have a non-root account which you SSH in to, but that user is set up to allow passwordless sudo. (Because there's no way to communicate a password). At least all the images I've ever seen!