Merge pull request #88769 from deads2k/SNI
Support TLS Server Name overrides in kubeconfig file Kubernetes-commit: bd6640a8e003059ee98f84e7378d97f8337c5e0b
This commit is contained in:
Kubernetes Publisher
commit
1610b19bfc
|
|
@ -576,11 +576,11 @@
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ImportPath": "k8s.io/cli-runtime",
|
"ImportPath": "k8s.io/cli-runtime",
|
||||||
"Rev": "6b557bc0e1c2"
|
"Rev": "f80ad1dc527b"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ImportPath": "k8s.io/client-go",
|
"ImportPath": "k8s.io/client-go",
|
||||||
"Rev": "83e04303df20"
|
"Rev": "03ea99686473"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ImportPath": "k8s.io/code-generator",
|
"ImportPath": "k8s.io/code-generator",
|
||||||
|
|
|
||||||
8
go.mod
8
go.mod
|
|
@ -38,8 +38,8 @@ require (
|
||||||
gotest.tools v2.2.0+incompatible // indirect
|
gotest.tools v2.2.0+incompatible // indirect
|
||||||
k8s.io/api v0.0.0-20200304042242-0b68d4126df6
|
k8s.io/api v0.0.0-20200304042242-0b68d4126df6
|
||||||
k8s.io/apimachinery v0.0.0-20200303201514-6584f51ae935
|
k8s.io/apimachinery v0.0.0-20200303201514-6584f51ae935
|
||||||
k8s.io/cli-runtime v0.0.0-20200304084508-6b557bc0e1c2
|
k8s.io/cli-runtime v0.0.0-20200304084510-f80ad1dc527b
|
||||||
k8s.io/client-go v0.0.0-20200304082524-83e04303df20
|
k8s.io/client-go v0.0.0-20200304082526-03ea99686473
|
||||||
k8s.io/component-base v0.0.0-20200304083046-fa4920973679
|
k8s.io/component-base v0.0.0-20200304083046-fa4920973679
|
||||||
k8s.io/klog v1.0.0
|
k8s.io/klog v1.0.0
|
||||||
k8s.io/kube-openapi v0.0.0-20200121204235-bf4fb3bd569c
|
k8s.io/kube-openapi v0.0.0-20200121204235-bf4fb3bd569c
|
||||||
|
|
@ -55,8 +55,8 @@ replace (
|
||||||
golang.org/x/tools => golang.org/x/tools v0.0.0-20190821162956-65e3620a7ae7 // pinned to release-branch.go1.13
|
golang.org/x/tools => golang.org/x/tools v0.0.0-20190821162956-65e3620a7ae7 // pinned to release-branch.go1.13
|
||||||
k8s.io/api => k8s.io/api v0.0.0-20200304042242-0b68d4126df6
|
k8s.io/api => k8s.io/api v0.0.0-20200304042242-0b68d4126df6
|
||||||
k8s.io/apimachinery => k8s.io/apimachinery v0.0.0-20200303201514-6584f51ae935
|
k8s.io/apimachinery => k8s.io/apimachinery v0.0.0-20200303201514-6584f51ae935
|
||||||
k8s.io/cli-runtime => k8s.io/cli-runtime v0.0.0-20200304084508-6b557bc0e1c2
|
k8s.io/cli-runtime => k8s.io/cli-runtime v0.0.0-20200304084510-f80ad1dc527b
|
||||||
k8s.io/client-go => k8s.io/client-go v0.0.0-20200304082524-83e04303df20
|
k8s.io/client-go => k8s.io/client-go v0.0.0-20200304082526-03ea99686473
|
||||||
k8s.io/code-generator => k8s.io/code-generator v0.0.0-20200214080538-dc8f3adce97c
|
k8s.io/code-generator => k8s.io/code-generator v0.0.0-20200214080538-dc8f3adce97c
|
||||||
k8s.io/component-base => k8s.io/component-base v0.0.0-20200304083046-fa4920973679
|
k8s.io/component-base => k8s.io/component-base v0.0.0-20200304083046-fa4920973679
|
||||||
k8s.io/metrics => k8s.io/metrics v0.0.0-20200304084343-4cf3f455bf52
|
k8s.io/metrics => k8s.io/metrics v0.0.0-20200304084343-4cf3f455bf52
|
||||||
|
|
|
||||||
4
go.sum
4
go.sum
|
|
@ -308,8 +308,8 @@ honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWh
|
||||||
honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
|
honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
|
||||||
k8s.io/api v0.0.0-20200304042242-0b68d4126df6/go.mod h1:EFuendCidCp9DUXAn3QXS0nWIaAgQYL8VaCqs8KTZBA=
|
k8s.io/api v0.0.0-20200304042242-0b68d4126df6/go.mod h1:EFuendCidCp9DUXAn3QXS0nWIaAgQYL8VaCqs8KTZBA=
|
||||||
k8s.io/apimachinery v0.0.0-20200303201514-6584f51ae935/go.mod h1:5X8oEhnd931nEg6/Nkumo00nT6ZsCLp2h7Xwd7Ym6P4=
|
k8s.io/apimachinery v0.0.0-20200303201514-6584f51ae935/go.mod h1:5X8oEhnd931nEg6/Nkumo00nT6ZsCLp2h7Xwd7Ym6P4=
|
||||||
k8s.io/cli-runtime v0.0.0-20200304084508-6b557bc0e1c2/go.mod h1:WGyyWNLEAgioMLmUv3HPhGISiCVeaFkutdos8TvJLhs=
|
k8s.io/cli-runtime v0.0.0-20200304084510-f80ad1dc527b/go.mod h1:F2dcOgOo+pLviMgeWIN2xb5YFmY6hcZrDe1T1hSLqKk=
|
||||||
k8s.io/client-go v0.0.0-20200304082524-83e04303df20/go.mod h1:B//05jO7DLV6Eqwq0+uKe5FnBLn4/BpJ3RG7TA7a5Po=
|
k8s.io/client-go v0.0.0-20200304082526-03ea99686473/go.mod h1:B//05jO7DLV6Eqwq0+uKe5FnBLn4/BpJ3RG7TA7a5Po=
|
||||||
k8s.io/code-generator v0.0.0-20200214080538-dc8f3adce97c/go.mod h1:+UHX5rSbxmR8kzS+FAv7um6dtYrZokQvjHpDSYRVkTc=
|
k8s.io/code-generator v0.0.0-20200214080538-dc8f3adce97c/go.mod h1:+UHX5rSbxmR8kzS+FAv7um6dtYrZokQvjHpDSYRVkTc=
|
||||||
k8s.io/component-base v0.0.0-20200304083046-fa4920973679/go.mod h1:lq0xL4uVP+juMbkkY6YH5AquFGmqvBg6FprvvwZcJak=
|
k8s.io/component-base v0.0.0-20200304083046-fa4920973679/go.mod h1:lq0xL4uVP+juMbkkY6YH5AquFGmqvBg6FprvvwZcJak=
|
||||||
k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
|
k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
|
||||||
|
|
|
||||||
|
|
@ -24,7 +24,6 @@ import (
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
|
|
||||||
"github.com/spf13/cobra"
|
"github.com/spf13/cobra"
|
||||||
|
|
||||||
"k8s.io/client-go/tools/clientcmd"
|
"k8s.io/client-go/tools/clientcmd"
|
||||||
clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
|
clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
|
||||||
cliflag "k8s.io/component-base/cli/flag"
|
cliflag "k8s.io/component-base/cli/flag"
|
||||||
|
|
@ -37,6 +36,7 @@ type createClusterOptions struct {
|
||||||
configAccess clientcmd.ConfigAccess
|
configAccess clientcmd.ConfigAccess
|
||||||
name string
|
name string
|
||||||
server cliflag.StringFlag
|
server cliflag.StringFlag
|
||||||
|
tlsServerName cliflag.StringFlag
|
||||||
insecureSkipTLSVerify cliflag.Tristate
|
insecureSkipTLSVerify cliflag.Tristate
|
||||||
certificateAuthority cliflag.StringFlag
|
certificateAuthority cliflag.StringFlag
|
||||||
embedCAData cliflag.Tristate
|
embedCAData cliflag.Tristate
|
||||||
|
|
@ -56,7 +56,10 @@ var (
|
||||||
kubectl config set-cluster e2e --certificate-authority=~/.kube/e2e/kubernetes.ca.crt
|
kubectl config set-cluster e2e --certificate-authority=~/.kube/e2e/kubernetes.ca.crt
|
||||||
|
|
||||||
# Disable cert checking for the dev cluster entry
|
# Disable cert checking for the dev cluster entry
|
||||||
kubectl config set-cluster e2e --insecure-skip-tls-verify=true`)
|
kubectl config set-cluster e2e --insecure-skip-tls-verify=true
|
||||||
|
|
||||||
|
# Set custom TLS server name to use for validation for the e2e cluster entry
|
||||||
|
kubectl config set-cluster e2e --tls-server-name=my-cluster-name`)
|
||||||
)
|
)
|
||||||
|
|
||||||
// NewCmdConfigSetCluster returns a Command instance for 'config set-cluster' sub command
|
// NewCmdConfigSetCluster returns a Command instance for 'config set-cluster' sub command
|
||||||
|
|
@ -64,7 +67,7 @@ func NewCmdConfigSetCluster(out io.Writer, configAccess clientcmd.ConfigAccess)
|
||||||
options := &createClusterOptions{configAccess: configAccess}
|
options := &createClusterOptions{configAccess: configAccess}
|
||||||
|
|
||||||
cmd := &cobra.Command{
|
cmd := &cobra.Command{
|
||||||
Use: fmt.Sprintf("set-cluster NAME [--%v=server] [--%v=path/to/certificate/authority] [--%v=true]", clientcmd.FlagAPIServer, clientcmd.FlagCAFile, clientcmd.FlagInsecure),
|
Use: fmt.Sprintf("set-cluster NAME [--%v=server] [--%v=path/to/certificate/authority] [--%v=true] [--%v=example.com]", clientcmd.FlagAPIServer, clientcmd.FlagCAFile, clientcmd.FlagInsecure, clientcmd.FlagTLSServerName),
|
||||||
DisableFlagsInUseLine: true,
|
DisableFlagsInUseLine: true,
|
||||||
Short: i18n.T("Sets a cluster entry in kubeconfig"),
|
Short: i18n.T("Sets a cluster entry in kubeconfig"),
|
||||||
Long: createClusterLong,
|
Long: createClusterLong,
|
||||||
|
|
@ -79,6 +82,7 @@ func NewCmdConfigSetCluster(out io.Writer, configAccess clientcmd.ConfigAccess)
|
||||||
options.insecureSkipTLSVerify.Default(false)
|
options.insecureSkipTLSVerify.Default(false)
|
||||||
|
|
||||||
cmd.Flags().Var(&options.server, clientcmd.FlagAPIServer, clientcmd.FlagAPIServer+" for the cluster entry in kubeconfig")
|
cmd.Flags().Var(&options.server, clientcmd.FlagAPIServer, clientcmd.FlagAPIServer+" for the cluster entry in kubeconfig")
|
||||||
|
cmd.Flags().Var(&options.tlsServerName, clientcmd.FlagTLSServerName, clientcmd.FlagTLSServerName+" for the cluster entry in kubeconfig")
|
||||||
f := cmd.Flags().VarPF(&options.insecureSkipTLSVerify, clientcmd.FlagInsecure, "", clientcmd.FlagInsecure+" for the cluster entry in kubeconfig")
|
f := cmd.Flags().VarPF(&options.insecureSkipTLSVerify, clientcmd.FlagInsecure, "", clientcmd.FlagInsecure+" for the cluster entry in kubeconfig")
|
||||||
f.NoOptDefVal = "true"
|
f.NoOptDefVal = "true"
|
||||||
cmd.Flags().Var(&options.certificateAuthority, clientcmd.FlagCAFile, "Path to "+clientcmd.FlagCAFile+" file for the cluster entry in kubeconfig")
|
cmd.Flags().Var(&options.certificateAuthority, clientcmd.FlagCAFile, "Path to "+clientcmd.FlagCAFile+" file for the cluster entry in kubeconfig")
|
||||||
|
|
@ -120,6 +124,12 @@ func (o *createClusterOptions) modifyCluster(existingCluster clientcmdapi.Cluste
|
||||||
|
|
||||||
if o.server.Provided() {
|
if o.server.Provided() {
|
||||||
modifiedCluster.Server = o.server.Value()
|
modifiedCluster.Server = o.server.Value()
|
||||||
|
// specifying a --server on the command line, overrides the TLSServerName that was specified in the kubeconfig file.
|
||||||
|
// if both are specified, then the next if block will write the new TLSServerName.
|
||||||
|
modifiedCluster.TLSServerName = ""
|
||||||
|
}
|
||||||
|
if o.tlsServerName.Provided() {
|
||||||
|
modifiedCluster.TLSServerName = o.tlsServerName.Value()
|
||||||
}
|
}
|
||||||
if o.insecureSkipTLSVerify.Provided() {
|
if o.insecureSkipTLSVerify.Provided() {
|
||||||
modifiedCluster.InsecureSkipTLSVerify = o.insecureSkipTLSVerify.Value()
|
modifiedCluster.InsecureSkipTLSVerify = o.insecureSkipTLSVerify.Value()
|
||||||
|
|
|
||||||
|
|
@ -43,11 +43,12 @@ func TestCreateCluster(t *testing.T) {
|
||||||
args: []string{"my-cluster"},
|
args: []string{"my-cluster"},
|
||||||
flags: []string{
|
flags: []string{
|
||||||
"--server=http://192.168.0.1",
|
"--server=http://192.168.0.1",
|
||||||
|
"--tls-server-name=my-cluster-name",
|
||||||
},
|
},
|
||||||
expected: `Cluster "my-cluster" set.` + "\n",
|
expected: `Cluster "my-cluster" set.` + "\n",
|
||||||
expectedConfig: clientcmdapi.Config{
|
expectedConfig: clientcmdapi.Config{
|
||||||
Clusters: map[string]*clientcmdapi.Cluster{
|
Clusters: map[string]*clientcmdapi.Cluster{
|
||||||
"my-cluster": {Server: "http://192.168.0.1"},
|
"my-cluster": {Server: "http://192.168.0.1", TLSServerName: "my-cluster-name"},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
@ -57,7 +58,7 @@ func TestCreateCluster(t *testing.T) {
|
||||||
func TestModifyCluster(t *testing.T) {
|
func TestModifyCluster(t *testing.T) {
|
||||||
conf := clientcmdapi.Config{
|
conf := clientcmdapi.Config{
|
||||||
Clusters: map[string]*clientcmdapi.Cluster{
|
Clusters: map[string]*clientcmdapi.Cluster{
|
||||||
"my-cluster": {Server: "https://192.168.0.1"},
|
"my-cluster": {Server: "https://192.168.0.1", TLSServerName: "to-be-cleared"},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
test := createClusterTest{
|
test := createClusterTest{
|
||||||
|
|
@ -77,6 +78,30 @@ func TestModifyCluster(t *testing.T) {
|
||||||
test.run(t)
|
test.run(t)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestModifyClusterServerAndTLS(t *testing.T) {
|
||||||
|
conf := clientcmdapi.Config{
|
||||||
|
Clusters: map[string]*clientcmdapi.Cluster{
|
||||||
|
"my-cluster": {Server: "https://192.168.0.1"},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
test := createClusterTest{
|
||||||
|
description: "Testing 'kubectl config set-cluster' with an existing cluster",
|
||||||
|
config: conf,
|
||||||
|
args: []string{"my-cluster"},
|
||||||
|
flags: []string{
|
||||||
|
"--server=https://192.168.0.99",
|
||||||
|
"--tls-server-name=my-cluster-name",
|
||||||
|
},
|
||||||
|
expected: `Cluster "my-cluster" set.` + "\n",
|
||||||
|
expectedConfig: clientcmdapi.Config{
|
||||||
|
Clusters: map[string]*clientcmdapi.Cluster{
|
||||||
|
"my-cluster": {Server: "https://192.168.0.99", TLSServerName: "my-cluster-name"},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
test.run(t)
|
||||||
|
}
|
||||||
|
|
||||||
func (test createClusterTest) run(t *testing.T) {
|
func (test createClusterTest) run(t *testing.T) {
|
||||||
fakeKubeFile, err := ioutil.TempFile(os.TempDir(), "")
|
fakeKubeFile, err := ioutil.TempFile(os.TempDir(), "")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
@ -115,5 +140,8 @@ func (test createClusterTest) run(t *testing.T) {
|
||||||
if cluster.Server != test.expectedConfig.Clusters[test.args[0]].Server {
|
if cluster.Server != test.expectedConfig.Clusters[test.args[0]].Server {
|
||||||
t.Errorf("Fail in %q\n expected cluster server %v\n but got %v\n ", test.description, test.expectedConfig.Clusters[test.args[0]].Server, cluster.Server)
|
t.Errorf("Fail in %q\n expected cluster server %v\n but got %v\n ", test.description, test.expectedConfig.Clusters[test.args[0]].Server, cluster.Server)
|
||||||
}
|
}
|
||||||
|
if cluster.TLSServerName != test.expectedConfig.Clusters[test.args[0]].TLSServerName {
|
||||||
|
t.Errorf("Fail in %q\n expected cluster TLS server name %q\n but got %q\n ", test.description, test.expectedConfig.Clusters[test.args[0]].TLSServerName, cluster.TLSServerName)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue