kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5256 from justinsb/dont_autoload_key_on_gce 

Don't autoload SSH key on GCE
This commit is contained in:
k8s-ci-robot 2018-06-17 08:38:29 -07:00 committed by GitHub
parent f3dd8a9b5c 1549b6e961
commit 127e031948
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 33 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
cmd/kops/create_cluster.go
View File

@ -222,7 +222,7 @@ func NewCmdCreateCluster(f *util.Factory, out io.Writer) *cobra.Command {
options := &CreateClusterOptions{} options := &CreateClusterOptions{}
options.InitDefaults() options.InitDefaults()
sshPublicKey := "~/.ssh/id_rsa.pub" sshPublicKey := ""
associatePublicIP := false associatePublicIP := false
cmd := &cobra.Command{ cmd := &cobra.Command{
@ -243,9 +243,11 @@ func NewCmdCreateCluster(f *util.Factory, out io.Writer) *cobra.Command {
options.ClusterName = rootCommand.clusterName options.ClusterName = rootCommand.clusterName
options.SSHPublicKeys, err = loadSSHPublicKeys(sshPublicKey, cmd.Flag("ssh-public-key").Changed) if sshPublicKey != "" {
if err != nil { options.SSHPublicKeys, err = loadSSHPublicKeys(sshPublicKey)
exitWithError(err) if err != nil {
exitWithError(fmt.Errorf("error reading SSH key file %q: %v", sshPublicKey, err))
}
} }
err = RunCreateCluster(f, out, options) err = RunCreateCluster(f, out, options)
@ -272,7 +274,7 @@ func NewCmdCreateCluster(f *util.Factory, out io.Writer) *cobra.Command {
cmd.Flags().StringVar(&options.Project, "project", options.Project, "Project to use (must be set on GCE)") cmd.Flags().StringVar(&options.Project, "project", options.Project, "Project to use (must be set on GCE)")
cmd.Flags().StringVar(&options.KubernetesVersion, "kubernetes-version", options.KubernetesVersion, "Version of kubernetes to run (defaults to version in channel)") cmd.Flags().StringVar(&options.KubernetesVersion, "kubernetes-version", options.KubernetesVersion, "Version of kubernetes to run (defaults to version in channel)")
cmd.Flags().StringVar(&sshPublicKey, "ssh-public-key", sshPublicKey, "SSH public key to use") cmd.Flags().StringVar(&sshPublicKey, "ssh-public-key", sshPublicKey, "SSH public key to use (defaults to ~/.ssh/id_rsa.pub on AWS)")
cmd.Flags().StringVar(&options.NodeSize, "node-size", options.NodeSize, "Set instance size for nodes") cmd.Flags().StringVar(&options.NodeSize, "node-size", options.NodeSize, "Set instance size for nodes")
@ -1146,6 +1148,29 @@ func RunCreateCluster(f *util.Factory, out io.Writer, c *CreateClusterOptions) e
return fmt.Errorf("error writing completed cluster spec: %v", err) return fmt.Errorf("error writing completed cluster spec: %v", err)
} }
if len(c.SSHPublicKeys) == 0 {
autoloadSSHPublicKeys := true
switch c.Cloud {
case "gce":
// We don't normally use SSH keys on GCE
autoloadSSHPublicKeys = false
}
if autoloadSSHPublicKeys {
// Load from default location, if found
sshPublicKeyPath := "~/.ssh/id_rsa.pub"
c.SSHPublicKeys, err = loadSSHPublicKeys(sshPublicKeyPath)
if err != nil {
// Don't wrap file-not-found
if os.IsNotExist(err) {
glog.V(2).Infof("ssh key not found at %s", sshPublicKeyPath)
} else {
return fmt.Errorf("error reading SSH key file %q: %v", sshPublicKeyPath, err)
}
}
}
}
if len(c.SSHPublicKeys) != 0 { if len(c.SSHPublicKeys) != 0 {
sshCredentialStore, err := clientset.SSHCredentialStore(cluster) sshCredentialStore, err := clientset.SSHCredentialStore(cluster)
if err != nil { if err != nil {
@ -1305,18 +1330,13 @@ func getZoneToSubnetProviderID(VPCID string, region string, subnetIDs []string)
return res, nil return res, nil
} }
func loadSSHPublicKeys(sshPublicKey string, flagSpecified bool) (map[string][]byte, error) { func loadSSHPublicKeys(sshPublicKey string) (map[string][]byte, error) {
sshPublicKeys := make(map[string][]byte) sshPublicKeys := make(map[string][]byte)
if sshPublicKey != "" { if sshPublicKey != "" {
sshPublicKey = utils.ExpandPath(sshPublicKey) sshPublicKey = utils.ExpandPath(sshPublicKey)
authorized, err := ioutil.ReadFile(sshPublicKey) authorized, err := ioutil.ReadFile(sshPublicKey)
if err != nil { if err != nil {
// Ignore file-not-found unless the user actively specified the flag return nil, err
if !flagSpecified && os.IsNotExist(err) {
glog.V(2).Infof("SSH key file %q does not exist; ignoring", sshPublicKey)
} else {
return nil, fmt.Errorf("error reading SSH key file %q: %v", sshPublicKey, err)
}
} else { } else {
sshPublicKeys[fi.SecretNameSSHPrimary] = authorized sshPublicKeys[fi.SecretNameSSHPrimary] = authorized

2
docs/cli/kops_create_cluster.md
View File

@ -98,7 +98,7 @@ kops create cluster [flags]
-o, --output string Output format. One of json|yaml. Used with the --dry-run flag. -o, --output string Output format. One of json|yaml. Used with the --dry-run flag.
--project string Project to use (must be set on GCE) --project string Project to use (must be set on GCE)
--ssh-access strings Restrict SSH access to this CIDR. If not set, access will not be restricted by IP. (default [0.0.0.0/0]) --ssh-access strings Restrict SSH access to this CIDR. If not set, access will not be restricted by IP. (default [0.0.0.0/0])
--ssh-public-key string SSH public key to use (default "~/.ssh/id_rsa.pub") --ssh-public-key string SSH public key to use (defaults to ~/.ssh/id_rsa.pub on AWS)
--subnets strings Set to use shared subnets --subnets strings Set to use shared subnets
--target string Valid targets: direct, terraform, cloudformation. Set this flag to terraform if you want kops to generate terraform (default "direct") --target string Valid targets: direct, terraform, cloudformation. Set this flag to terraform if you want kops to generate terraform (default "direct")
-t, --topology string Controls network topology for the cluster. public|private. Default is 'public'. (default "public") -t, --topology string Controls network topology for the cluster. public|private. Default is 'public'. (default "public")