kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

remove default insecure from openstack

This commit is contained in:
Jesse Haka 2019-09-06 10:56:33 +03:00
parent f9f80f0b26
commit daac327372
10 changed files with 55 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
docs/tutorial/openstack.md
View File

@ -149,3 +149,17 @@ kops create cluster \
``` ```
The biggest problem currently when installing without loadbalancer is that kubectl requests outside cluster is always going to first master. External loadbalancer is one option which can solve this issue. The biggest problem currently when installing without loadbalancer is that kubectl requests outside cluster is always going to first master. External loadbalancer is one option which can solve this issue.
# Using with self-signed certificates in OpenStack
Kops can be configured to use insecure mode towards OpenStack. However, this is **NOT** recommended as OpenStack cloudprovider in kubernetes does not support it.
If you use insecure flag in kops - it might be that the cluster does not work correctly.
```
spec:
...
cloudConfig:
openstack:
insecureSkipVerify: true
...
```

9
pkg/apis/kops/componentconfig.go
View File

@ -609,10 +609,11 @@ type OpenstackRouter struct {
// OpenstackConfiguration defines cloud config elements for the openstack cloud provider // OpenstackConfiguration defines cloud config elements for the openstack cloud provider
type OpenstackConfiguration struct { type OpenstackConfiguration struct {
Loadbalancer *OpenstackLoadbalancerConfig `json:"loadbalancer,omitempty"` Loadbalancer *OpenstackLoadbalancerConfig `json:"loadbalancer,omitempty"`
Monitor *OpenstackMonitor `json:"monitor,omitempty"` Monitor *OpenstackMonitor `json:"monitor,omitempty"`
Router *OpenstackRouter `json:"router,omitempty"` Router *OpenstackRouter `json:"router,omitempty"`
BlockStorage *OpenstackBlockStorageConfig `json:"blockStorage,omitempty"` BlockStorage *OpenstackBlockStorageConfig `json:"blockStorage,omitempty"`
InsecureSkipVerify *bool `json:"insecureSkipVerify,omitempty"`
} }
// CloudConfiguration defines the cloud provider configuration // CloudConfiguration defines the cloud provider configuration

9
pkg/apis/kops/v1alpha1/componentconfig.go
View File

@ -609,10 +609,11 @@ type OpenstackRouter struct {
// OpenstackConfiguration defines cloud config elements for the openstack cloud provider // OpenstackConfiguration defines cloud config elements for the openstack cloud provider
type OpenstackConfiguration struct { type OpenstackConfiguration struct {
Loadbalancer *OpenstackLoadbalancerConfig `json:"loadbalancer,omitempty"` Loadbalancer *OpenstackLoadbalancerConfig `json:"loadbalancer,omitempty"`
Monitor *OpenstackMonitor `json:"monitor,omitempty"` Monitor *OpenstackMonitor `json:"monitor,omitempty"`
Router *OpenstackRouter `json:"router,omitempty"` Router *OpenstackRouter `json:"router,omitempty"`
BlockStorage *OpenstackBlockStorageConfig `json:"blockStorage,omitempty"` BlockStorage *OpenstackBlockStorageConfig `json:"blockStorage,omitempty"`
InsecureSkipVerify *bool `json:"insecureSkipVerify,omitempty"`
} }
// CloudConfiguration defines the cloud provider configuration // CloudConfiguration defines the cloud provider configuration

2
pkg/apis/kops/v1alpha1/zz_generated.conversion.go
View File

@ -4135,6 +4135,7 @@ func autoConvert_v1alpha1_OpenstackConfiguration_To_kops_OpenstackConfiguration(
} else { } else {
out.BlockStorage = nil out.BlockStorage = nil
} }
out.InsecureSkipVerify = in.InsecureSkipVerify
return nil return nil
} }
@ -4180,6 +4181,7 @@ func autoConvert_kops_OpenstackConfiguration_To_v1alpha1_OpenstackConfiguration(
} else { } else {
out.BlockStorage = nil out.BlockStorage = nil
} }
out.InsecureSkipVerify = in.InsecureSkipVerify
return nil return nil
} }

5
pkg/apis/kops/v1alpha1/zz_generated.deepcopy.go
View File

@ -2814,6 +2814,11 @@ func (in *OpenstackConfiguration) DeepCopyInto(out *OpenstackConfiguration) {
*out = new(OpenstackBlockStorageConfig) *out = new(OpenstackBlockStorageConfig)
(*in).DeepCopyInto(*out) (*in).DeepCopyInto(*out)
} }
if in.InsecureSkipVerify != nil {
in, out := &in.InsecureSkipVerify, &out.InsecureSkipVerify
*out = new(bool)
**out = **in
}
return return
} }

9
pkg/apis/kops/v1alpha2/componentconfig.go
View File

@ -609,10 +609,11 @@ type OpenstackRouter struct {
// OpenstackConfiguration defines cloud config elements for the openstack cloud provider // OpenstackConfiguration defines cloud config elements for the openstack cloud provider
type OpenstackConfiguration struct { type OpenstackConfiguration struct {
Loadbalancer *OpenstackLoadbalancerConfig `json:"loadbalancer,omitempty"` Loadbalancer *OpenstackLoadbalancerConfig `json:"loadbalancer,omitempty"`
Monitor *OpenstackMonitor `json:"monitor,omitempty"` Monitor *OpenstackMonitor `json:"monitor,omitempty"`
Router *OpenstackRouter `json:"router,omitempty"` Router *OpenstackRouter `json:"router,omitempty"`
BlockStorage *OpenstackBlockStorageConfig `json:"blockStorage,omitempty"` BlockStorage *OpenstackBlockStorageConfig `json:"blockStorage,omitempty"`
InsecureSkipVerify *bool `json:"insecureSkipVerify,omitempty"`
} }
// CloudConfiguration defines the cloud provider configuration // CloudConfiguration defines the cloud provider configuration

2
pkg/apis/kops/v1alpha2/zz_generated.conversion.go
View File

@ -4405,6 +4405,7 @@ func autoConvert_v1alpha2_OpenstackConfiguration_To_kops_OpenstackConfiguration(
} else { } else {
out.BlockStorage = nil out.BlockStorage = nil
} }
out.InsecureSkipVerify = in.InsecureSkipVerify
return nil return nil
} }
@ -4450,6 +4451,7 @@ func autoConvert_kops_OpenstackConfiguration_To_v1alpha2_OpenstackConfiguration(
} else { } else {
out.BlockStorage = nil out.BlockStorage = nil
} }
out.InsecureSkipVerify = in.InsecureSkipVerify
return nil return nil
} }

5
pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go
View File

@ -2885,6 +2885,11 @@ func (in *OpenstackConfiguration) DeepCopyInto(out *OpenstackConfiguration) {
*out = new(OpenstackBlockStorageConfig) *out = new(OpenstackBlockStorageConfig)
(*in).DeepCopyInto(*out) (*in).DeepCopyInto(*out)
} }
if in.InsecureSkipVerify != nil {
in, out := &in.InsecureSkipVerify, &out.InsecureSkipVerify
*out = new(bool)
**out = **in
}
return return
} }

5
pkg/apis/kops/zz_generated.deepcopy.go
View File

@ -3099,6 +3099,11 @@ func (in *OpenstackConfiguration) DeepCopyInto(out *OpenstackConfiguration) {
*out = new(OpenstackBlockStorageConfig) *out = new(OpenstackBlockStorageConfig)
(*in).DeepCopyInto(*out) (*in).DeepCopyInto(*out)
} }
if in.InsecureSkipVerify != nil {
in, out := &in.InsecureSkipVerify, &out.InsecureSkipVerify
*out = new(bool)
**out = **in
}
return return
} }

12
upup/pkg/fi/cloudup/openstack/cloud.go
View File

@ -323,11 +323,13 @@ func NewOpenstackCloud(tags map[string]string, spec *kops.ClusterSpec) (Openstac
return nil, fmt.Errorf("error finding openstack region: %v", err) return nil, fmt.Errorf("error finding openstack region: %v", err)
} }
tlsconfig := &tls.Config{} if spec != nil && spec.CloudConfig != nil && spec.CloudConfig.Openstack != nil && spec.CloudConfig.Openstack.InsecureSkipVerify != nil {
tlsconfig.InsecureSkipVerify = true tlsconfig := &tls.Config{}
transport := &http.Transport{TLSClientConfig: tlsconfig} tlsconfig.InsecureSkipVerify = fi.BoolValue(spec.CloudConfig.Openstack.InsecureSkipVerify)
provider.HTTPClient = http.Client{ transport := &http.Transport{TLSClientConfig: tlsconfig}
Transport: transport, provider.HTTPClient = http.Client{
Transport: transport,
}
} }
klog.V(2).Info("authenticating to keystone") klog.V(2).Info("authenticating to keystone")