kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Nodeup Code Refresh 

- removing the duplicated methods and fixing up to use the context methods
This commit is contained in:
Rohith 2018-06-19 23:45:38 +01:00
parent 122d705143
commit ecf1278bfe
2 changed files with 20 additions and 177 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
nodeup/pkg/model/kube_controller_manager.go
View File

@ -50,26 +50,9 @@ func (b *KubeControllerManagerBuilder) Build(c *fi.ModelBuilderContext) error {
// If we're using the CertificateSigner, include the CA Key // If we're using the CertificateSigner, include the CA Key
// @TODO: use a per-machine key? use KMS? // @TODO: use a per-machine key? use KMS?
if b.useCertificateSigner() { if b.useCertificateSigner() {
ca, err := b.KeyStore.FindPrivateKey(fi.CertificateId_CA) if err := b.BuildPrivateKeyTask(c, fi.CertificateId_CA, "ca.key"); err != nil {
if err != nil {
return err return err
} }
if ca == nil {
return fmt.Errorf("CA private key %q not found", fi.CertificateId_CA)
}
serialized, err := ca.AsString()
if err != nil {
return err
}
c.AddTask(&nodetasks.File{
Path: filepath.Join(b.PathSrvKubernetes(), "ca.key"),
Contents: fi.NewStringResource(serialized),
Mode: fi.String("600"),
Type: nodetasks.FileType_File,
})
} }
{ {

178
nodeup/pkg/model/secrets.go
View File

@ -45,27 +45,9 @@ func (b *SecretBuilder) Build(c *fi.ModelBuilderContext) error {
return fmt.Errorf("KeyStore not set") return fmt.Errorf("KeyStore not set")
} }
// retrieve the platform ca // @step: retrieve the platform ca
{ if err := b.BuildCertificateTask(c, fi.CertificateId_CA, "ca.crt"); err != nil {
ca, err := b.KeyStore.FindCertificatePool(fi.CertificateId_CA) return err
if err != nil {
return err
}
if ca == nil {
return fmt.Errorf("certificate %q not found", fi.CertificateId_CA)
}
serialized, err := ca.Primary.AsString()
if err != nil {
return err
}
t := &nodetasks.File{
Path: filepath.Join(b.PathSrvKubernetes(), "ca.crt"),
Contents: fi.NewStringResource(serialized),
Type: nodetasks.FileType_File,
}
c.AddTask(t)
} }
if b.SecretStore != nil { if b.SecretStore != nil {
@ -89,105 +71,36 @@ func (b *SecretBuilder) Build(c *fi.ModelBuilderContext) error {
} }
{ {
cert, err := b.KeyStore.FindCert("master") name := "master"
if err != nil { if err := b.BuildCertificateTask(c, name, "server.cert"); err != nil {
return err return err
} }
if cert == nil { if err := b.BuildPrivateKeyTask(c, name, "server.key"); err != nil {
return fmt.Errorf("certificate %q not found", "master")
}
serialized, err := cert.AsString()
if err != nil {
return err return err
} }
t := &nodetasks.File{
Path: filepath.Join(b.PathSrvKubernetes(), "server.cert"),
Contents: fi.NewStringResource(serialized),
Type: nodetasks.FileType_File,
}
c.AddTask(t)
}
{
k, err := b.KeyStore.FindPrivateKey("master")
if err != nil {
return err
}
if k == nil {
return fmt.Errorf("private key %q not found", "master")
}
serialized, err := k.AsString()
if err != nil {
return err
}
t := &nodetasks.File{
Path: filepath.Join(b.PathSrvKubernetes(), "server.key"),
Contents: fi.NewStringResource(serialized),
Type: nodetasks.FileType_File,
Mode: s("0600"),
}
c.AddTask(t)
} }
if b.IsKubernetesGTE("1.7") { if b.IsKubernetesGTE("1.7") {
// TODO: Remove - we use the apiserver-aggregator keypair instead (which is signed by a different CA) // TODO: Remove - we use the apiserver-aggregator keypair instead (which is signed by a different CA)
cert, err := b.KeyStore.FindCert("apiserver-proxy-client") if err := b.BuildCertificateTask(c, "apiserver-proxy-client", "proxy-client.cert"); err != nil {
if err != nil {
return fmt.Errorf("apiserver proxy client cert lookup failed: %v", err.Error())
}
if cert == nil {
return fmt.Errorf("certificate %q not found", "apiserver-proxy-client")
}
serialized, err := cert.AsString()
if err != nil {
return err return err
} }
if err := b.BuildPrivateKeyTask(c, "apiserver-proxy-client", "proxy-client.key"); err != nil {
t := &nodetasks.File{
Path: filepath.Join(b.PathSrvKubernetes(), "proxy-client.cert"),
Contents: fi.NewStringResource(serialized),
Type: nodetasks.FileType_File,
}
c.AddTask(t)
key, err := b.KeyStore.FindPrivateKey("apiserver-proxy-client")
if err != nil {
return fmt.Errorf("apiserver proxy client private key lookup failed: %v", err.Error())
}
if key == nil {
return fmt.Errorf("private key %q not found", "apiserver-proxy-client")
}
serialized, err = key.AsString()
if err != nil {
return err
}
t = &nodetasks.File{
Path: filepath.Join(b.PathSrvKubernetes(), "proxy-client.key"),
Contents: fi.NewStringResource(serialized),
Type: nodetasks.FileType_File,
Mode: s("0600"),
}
c.AddTask(t)
}
if b.IsKubernetesGTE("1.7") {
if err := b.writeCertificate(c, "apiserver-aggregator"); err != nil {
return err
}
if err := b.writePrivateKey(c, "apiserver-aggregator"); err != nil {
return err return err
} }
} }
if b.IsKubernetesGTE("1.7") { if b.IsKubernetesGTE("1.7") {
if err := b.writeCertificate(c, "apiserver-aggregator-ca"); err != nil { if err := b.BuildCertificateTask(c, "apiserver-aggregator", "apiserver-aggregator.cert"); err != nil {
return err
}
if err := b.BuildPrivateKeyTask(c, "apiserver-aggregator", "apiserver-aggregator.key"); err != nil {
return err
}
}
if b.IsKubernetesGTE("1.7") {
if err := b.BuildCertificateTask(c, "apiserver-aggregator-ca", "apiserver-aggregator-ca.cert"); err != nil {
return err return err
} }
} }
@ -233,60 +146,7 @@ func (b *SecretBuilder) Build(c *fi.ModelBuilderContext) error {
Contents: fi.NewStringResource(csv), Contents: fi.NewStringResource(csv),
Type: nodetasks.FileType_File, Type: nodetasks.FileType_File,
Mode: s("0600"), Mode: s("0600"),
} })
c.AddTask(t)
}
return nil
}
// writeCertificate writes the specified certificate to the local filesystem, under PathSrvKubernetes()
func (b *SecretBuilder) writeCertificate(c *fi.ModelBuilderContext, id string) error {
cert, err := b.KeyStore.FindCert(id)
if err != nil {
return fmt.Errorf("cert lookup failed for %q: %v", id, err)
}
if cert != nil {
serialized, err := cert.AsString()
if err != nil {
return err
}
t := &nodetasks.File{
Path: filepath.Join(b.PathSrvKubernetes(), id+".cert"),
Contents: fi.NewStringResource(serialized),
Type: nodetasks.FileType_File,
}
c.AddTask(t)
} else {
// TODO: Make this an error?
glog.Warningf("certificate %q not found", id)
}
return nil
}
// writePrivateKey writes the specified private key to the local filesystem, under PathSrvKubernetes()
func (b *SecretBuilder) writePrivateKey(c *fi.ModelBuilderContext, id string) error {
key, err := b.KeyStore.FindPrivateKey(id)
if err != nil {
return fmt.Errorf("private key lookup failed for %q: %v", id, err)
}
if key == nil {
return fmt.Errorf("private key %q not found", id)
}
serialized, err := key.AsString()
if err != nil {
return err
}
t := &nodetasks.File{
Path: filepath.Join(b.PathSrvKubernetes(), id+".key"),
Contents: fi.NewStringResource(serialized),
Type: nodetasks.FileType_File,
Mode: s("0600"),
} }
c.AddTask(t) c.AddTask(t)