forked from openshift/installer
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Azure: Restrict all clients on bootstrap host to localhost for k8s AP…
…I access This code generates a kubeconfig that uses localhost for API access. This avoids clients getting black-holed by hitting the load balancer which is only in front of the bootstrap node during bootstrapping.
- Loading branch information
Showing
3 changed files
with
62 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
package kubeconfig | ||
|
||
import ( | ||
"path/filepath" | ||
|
||
"github.com/openshift/installer/pkg/asset" | ||
"github.com/openshift/installer/pkg/asset/installconfig" | ||
"github.com/openshift/installer/pkg/asset/tls" | ||
) | ||
|
||
var ( | ||
kubeconfigLoopbackPath = filepath.Join("auth", "kubeconfig-loopback") | ||
) | ||
|
||
// LoopbackClient is the asset for the admin kubeconfig. | ||
type LoopbackClient struct { | ||
kubeconfig | ||
} | ||
|
||
var _ asset.WritableAsset = (*LoopbackClient)(nil) | ||
|
||
// Dependencies returns the dependency of the kubeconfig. | ||
func (k *LoopbackClient) Dependencies() []asset.Asset { | ||
return []asset.Asset{ | ||
&tls.AdminKubeConfigClientCertKey{}, | ||
&tls.KubeAPIServerLocalhostCABundle{}, | ||
&installconfig.InstallConfig{}, | ||
} | ||
} | ||
|
||
// Generate generates the kubeconfig. | ||
func (k *LoopbackClient) Generate(parents asset.Parents) error { | ||
ca := &tls.KubeAPIServerLocalhostCABundle{} | ||
clientCertKey := &tls.AdminKubeConfigClientCertKey{} | ||
installConfig := &installconfig.InstallConfig{} | ||
parents.Get(ca, clientCertKey, installConfig) | ||
|
||
return k.kubeconfig.generate( | ||
ca, | ||
clientCertKey, | ||
getLoopbackAPIServerURL(installConfig.Config), | ||
installConfig.Config.GetName(), | ||
"loopback", | ||
kubeconfigLoopbackPath, | ||
) | ||
} | ||
|
||
// Name returns the human-friendly name of the asset. | ||
func (k *LoopbackClient) Name() string { | ||
return "Kubeconfig Admin Client (Loopback)" | ||
} | ||
|
||
// Load returns the kubeconfig from disk. | ||
func (k *LoopbackClient) Load(f asset.FileFetcher) (found bool, err error) { | ||
return k.load(f, kubeconfigLoopbackPath) | ||
} |