// TODO: evaluate using pkg/client/clientcmd func newKubeClient() (*kclient.Client, error) { var ( config *kclient.Config err error masterURL string ) if *argKubeMasterURL != "" { masterURL, err = getKubeMasterURL() if err != nil { return nil, err } } if *argKubecfgFile == "" { if masterURL == "" { return nil, fmt.Errorf("--kube_master_url must be set when --kubecfg_file is not set") } config = &kclient.Config{ Host: masterURL, Version: "v1", } } else { overrides := &kclientcmd.ConfigOverrides{} if masterURL != "" { overrides.ClusterInfo.Server = masterURL } if config, err = kclientcmd.NewNonInteractiveDeferredLoadingClientConfig( &kclientcmd.ClientConfigLoadingRules{ExplicitPath: *argKubecfgFile}, overrides).ClientConfig(); err != nil { return nil, err } } glog.Infof("Using %s for kubernetes master", config.Host) glog.Infof("Using kubernetes API %s", config.Version) return kclient.New(config) }
// Run runs the specified SchedulerServer. This should never exit. func (s *SchedulerServer) Run(_ []string) error { if s.Kubeconfig == "" && s.Master == "" { glog.Warningf("Neither --kubeconfig nor --master was specified. Using default API client. This might not work.") } // This creates a client, first loading any specified kubeconfig // file, and then overriding the Master flag, if non-empty. kubeconfig, err := clientcmd.NewNonInteractiveDeferredLoadingClientConfig( &clientcmd.ClientConfigLoadingRules{ExplicitPath: s.Kubeconfig}, &clientcmd.ConfigOverrides{ClusterInfo: clientcmdapi.Cluster{Server: s.Master}}).ClientConfig() if err != nil { return err } kubeconfig.QPS = 20.0 kubeconfig.Burst = 30 kubeClient, err := client.New(kubeconfig) if err != nil { glog.Fatalf("Invalid API configuration: %v", err) } go func() { mux := http.NewServeMux() healthz.InstallHandler(mux) if s.EnableProfiling { mux.HandleFunc("/debug/pprof/", pprof.Index) mux.HandleFunc("/debug/pprof/profile", pprof.Profile) mux.HandleFunc("/debug/pprof/symbol", pprof.Symbol) } mux.Handle("/metrics", prometheus.Handler()) server := &http.Server{ Addr: net.JoinHostPort(s.Address.String(), strconv.Itoa(s.Port)), Handler: mux, } glog.Fatal(server.ListenAndServe()) }() configFactory := factory.NewConfigFactory(kubeClient) config, err := s.createConfig(configFactory) if err != nil { glog.Fatalf("Failed to create scheduler configuration: %v", err) } config.Cloud, err = cloudprovider.InitCloudProvider(s.CloudProvider, s.CloudConfigFile) if err != nil { glog.Fatalf("Cloud provider could not be initialized: %v", err) } eventBroadcaster := record.NewBroadcaster() config.Recorder = eventBroadcaster.NewRecorder(api.EventSource{Component: "scheduler"}) eventBroadcaster.StartLogging(glog.Infof) eventBroadcaster.StartRecordingToSink(kubeClient.Events("")) sched := scheduler.New(config) sched.Run() select {} }
// NewDefaultKubeConnectionArgs returns a new set of default connection // arguments for Kubernetes func NewDefaultKubeConnectionArgs() *KubeConnectionArgs { config := &KubeConnectionArgs{} config.KubernetesAddr = flagtypes.Addr{Value: "localhost:8443", DefaultScheme: "https", DefaultPort: 8443, AllowPrefix: true}.Default() config.ClientConfig = clientcmd.NewNonInteractiveDeferredLoadingClientConfig(&config.ClientConfigLoadingRules, &clientcmd.ConfigOverrides{}) return config }
func makeErrorKubeconfig() (clientcmd.ClientConfigLoadingRules, clientcmd.ClientConfig) { // Set a non-empty CommandLinePath to trigger loading loadingRules := clientcmd.ClientConfigLoadingRules{} loadingRules.ExplicitPath = "missing-file" clientConfig := clientcmd.NewNonInteractiveDeferredLoadingClientConfig( &loadingRules, &clientcmd.ConfigOverrides{}, ) return loadingRules, clientConfig }
func makeEmptyKubeconfig() (clientcmd.ClientConfigLoadingRules, clientcmd.ClientConfig) { // Set a non-empty CommandLinePath to trigger loading loadingRules := clientcmd.ClientConfigLoadingRules{} loadingRules.ExplicitPath = "specified" clientConfig := clientcmd.NewNonInteractiveDeferredLoadingClientConfig( // Set empty loading rules to avoid missing file errors &clientcmd.ClientConfigLoadingRules{}, &clientcmd.ConfigOverrides{}, ) return loadingRules, clientConfig }
func defaultClientConfig(flags *pflag.FlagSet) clientcmd.ClientConfig { loadingRules := &clientcmd.ClientConfigLoadingRules{ExplicitPath: ""} flags.StringVar(&loadingRules.ExplicitPath, config.OpenShiftConfigFlagName, "", "Path to the config file to use for CLI requests.") overrides := &clientcmd.ConfigOverrides{} overrideFlags := clientcmd.RecommendedConfigOverrideFlags("") overrideFlags.ContextOverrideFlags.Namespace.ShortName = "n" clientcmd.BindOverrideFlags(overrides, flags, overrideFlags) clientConfig := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(loadingRules, overrides) return clientConfig }
func (o *PathOptions) GetStartingConfig() (*clientcmdapi.Config, error) { // don't mutate the original loadingRules := *o.LoadingRules loadingRules.Precedence = o.GetLoadingPrecedence() clientConfig := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(&loadingRules, &clientcmd.ConfigOverrides{}) rawConfig, err := clientConfig.RawConfig() if os.IsNotExist(err) { return clientcmdapi.NewConfig(), nil } if err != nil { return nil, err } return &rawConfig, nil }
func makeKubeconfig(server, user string) (clientcmd.ClientConfigLoadingRules, clientcmd.ClientConfig) { // Set a non-empty CommandLinePath to trigger loading loadingRules := clientcmd.ClientConfigLoadingRules{} loadingRules.ExplicitPath = "specified" clientConfig := clientcmd.NewNonInteractiveDeferredLoadingClientConfig( // Set empty loading rules to avoid missing file errors &clientcmd.ClientConfigLoadingRules{}, // Override the server and user in client config to simulate loading from a file &clientcmd.ConfigOverrides{ ClusterInfo: clientcmdapi.Cluster{Server: server}, AuthInfo: clientcmdapi.AuthInfo{Username: user}, }, ) return loadingRules, clientConfig }
// getStartingConfig returns the Config object built from the sources specified by the options, the filename read (only if it was a single file), and an error if something goes wrong func (o *viewOptions) getStartingConfig() (*clientcmdapi.Config, string, error) { switch { case o.merge.Value(): loadingRules := clientcmd.NewDefaultClientConfigLoadingRules() loadingRules.ExplicitPath = o.pathOptions.specifiedFile overrides := &clientcmd.ConfigOverrides{} clientConfig := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(loadingRules, overrides) config, err := clientConfig.RawConfig() if err != nil { return nil, "", fmt.Errorf("Error getting config: %v", err) } return &config, "", nil default: return o.pathOptions.getStartingConfig() } }
// TODO: evaluate using pkg/client/clientcmd func newKubeClient() (*kclient.Client, error) { var ( config *kclient.Config err error masterURL string ) // If the user specified --kube_master_url, expand env vars and verify it. if *argKubeMasterURL != "" { masterURL, err = expandKubeMasterURL() if err != nil { return nil, err } } if masterURL != "" && *argKubecfgFile == "" { // Only --kube_master_url was provided. config = &kclient.Config{ Host: masterURL, Version: "v1", } } else { // We either have: // 1) --kube_master_url and --kubecfg_file // 2) just --kubecfg_file // 3) neither flag // In any case, the logic is the same. If (3), this will automatically // fall back on the service account token. overrides := &kclientcmd.ConfigOverrides{} overrides.ClusterInfo.Server = masterURL // might be "", but that is OK rules := &kclientcmd.ClientConfigLoadingRules{ExplicitPath: *argKubecfgFile} // might be "", but that is OK if config, err = kclientcmd.NewNonInteractiveDeferredLoadingClientConfig(rules, overrides).ClientConfig(); err != nil { return nil, err } } glog.Infof("Using %s for kubernetes master", config.Host) glog.Infof("Using kubernetes API %s", config.Version) return kclient.New(config) }
// TODO: evaluate using pkg/client/clientcmd func newKubeClient() (*kclient.Client, error) { var config *kclient.Config masterUrl, err := getKubeMasterUrl() if err != nil { return nil, err } if *argKubecfgFile == "" { config = &kclient.Config{ Host: masterUrl, Version: "v1", } } else { var err error if config, err = kclientcmd.NewNonInteractiveDeferredLoadingClientConfig( &kclientcmd.ClientConfigLoadingRules{ExplicitPath: *argKubecfgFile}, &kclientcmd.ConfigOverrides{ClusterInfo: kclientcmdapi.Cluster{Server: masterUrl, InsecureSkipTLSVerify: true}}).ClientConfig(); err != nil { return nil, err } } glog.Infof("Using %s for kubernetes master", config.Host) glog.Infof("Using kubernetes API %s", config.Version) return kclient.New(config) }
// TODO: clients should be copied and instantiated from a common client config, tweaked, then // given to individual controllers and other infrastructure components. func GetOpenShiftClient(kubeConfigFile string) (*client.Client, *kclient.Config, error) { loadingRules := &clientcmd.ClientConfigLoadingRules{} loadingRules.ExplicitPath = kubeConfigFile loader := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(loadingRules, &clientcmd.ConfigOverrides{}) kubeConfig, err := loader.ClientConfig() if err != nil { return nil, nil, err } // This is an internal client which is shared by most controllers, so boost default QPS // TODO: this should be configured by the caller, not in this method. kubeConfig.QPS = 150.0 kubeConfig.Burst = 300 kubeConfig.WrapTransport = DefaultClientTransport openshiftClient, err := client.New(kubeConfig) if err != nil { return nil, nil, err } return openshiftClient, kubeConfig, nil }
// TODO: evaluate using pkg/client/clientcmd func newKubeClient() (*kclient.Client, error) { var config *kclient.Config if *kubecfg_file == "" { // No kubecfg file provided. Use kubernetes_ro service. masterHost := os.Getenv("KUBERNETES_RO_SERVICE_HOST") if masterHost == "" { log.Fatalf("KUBERNETES_RO_SERVICE_HOST is not defined") } masterPort := os.Getenv("KUBERNETES_RO_SERVICE_PORT") if masterPort == "" { log.Fatalf("KUBERNETES_RO_SERVICE_PORT is not defined") } config = &kclient.Config{ Host: fmt.Sprintf("http://%s:%s", masterHost, masterPort), Version: "v1beta1", } } else { masterHost := os.Getenv("KUBERNETES_SERVICE_HOST") if masterHost == "" { log.Fatalf("KUBERNETES_SERVICE_HOST is not defined") } masterPort := os.Getenv("KUBERNETES_SERVICE_PORT") if masterPort == "" { log.Fatalf("KUBERNETES_SERVICE_PORT is not defined") } master := fmt.Sprintf("https://%s:%s", masterHost, masterPort) var err error if config, err = kclientcmd.NewNonInteractiveDeferredLoadingClientConfig( &kclientcmd.ClientConfigLoadingRules{ExplicitPath: *kubecfg_file}, &kclientcmd.ConfigOverrides{ClusterInfo: kclientcmdapi.Cluster{Server: master}}).ClientConfig(); err != nil { return nil, err } } log.Printf("Using %s for kubernetes master", config.Host) log.Printf("Using kubernetes API %s", config.Version) return kclient.New(config) }
func (s *KubeletServer) kubeconfigClientConfig() (*client.Config, error) { return clientcmd.NewNonInteractiveDeferredLoadingClientConfig( &clientcmd.ClientConfigLoadingRules{ExplicitPath: s.KubeConfig.Value()}, &clientcmd.ConfigOverrides{ClusterInfo: clientcmdapi.Cluster{Server: s.APIServerList[0]}}).ClientConfig() }
func (s *CMServer) Run(_ []string) error { if s.Kubeconfig == "" && s.Master == "" { glog.Warningf("Neither --kubeconfig nor --master was specified. Using default API client. This might not work.") } // This creates a client, first loading any specified kubeconfig // file, and then overriding the Master flag, if non-empty. kubeconfig, err := clientcmd.NewNonInteractiveDeferredLoadingClientConfig( &clientcmd.ClientConfigLoadingRules{ExplicitPath: s.Kubeconfig}, &clientcmd.ConfigOverrides{ClusterInfo: clientcmdapi.Cluster{Server: s.Master}}).ClientConfig() if err != nil { return err } kubeconfig.QPS = 20.0 kubeconfig.Burst = 30 kubeClient, err := client.New(kubeconfig) if err != nil { glog.Fatalf("Invalid API configuration: %v", err) } go func() { mux := http.NewServeMux() healthz.InstallHandler(mux) if s.EnableProfiling { profile.InstallHandler(mux) } mux.Handle("/metrics", prometheus.Handler()) server := &http.Server{ Addr: net.JoinHostPort(s.Address.String(), strconv.Itoa(s.Port)), Handler: mux, } glog.Fatal(server.ListenAndServe()) }() endpoints := s.createEndpointController(kubeClient) go endpoints.Run(s.ConcurrentEndpointSyncs, util.NeverStop) controllerManager := controller.NewReplicationManager(kubeClient, controller.BurstReplicas) go controllerManager.Run(s.ConcurrentRCSyncs, util.NeverStop) //TODO(jdef) should eventually support more cloud providers here if s.CloudProvider != mesos.ProviderName { glog.Fatalf("Only provider %v is supported, you specified %v", mesos.ProviderName, s.CloudProvider) } cloud := cloudprovider.InitCloudProvider(s.CloudProvider, s.CloudConfigFile) nodeController := nodecontroller.NewNodeController(cloud, kubeClient, s.RegisterRetryCount, s.PodEvictionTimeout, nodecontroller.NewPodEvictor(util.NewTokenBucketRateLimiter(s.DeletingPodsQps, s.DeletingPodsBurst)), s.NodeMonitorGracePeriod, s.NodeStartupGracePeriod, s.NodeMonitorPeriod, (*net.IPNet)(&s.ClusterCIDR), s.AllocateNodeCIDRs) nodeController.Run(s.NodeSyncPeriod) serviceController := servicecontroller.New(cloud, kubeClient, s.ClusterName) if err := serviceController.Run(s.NodeSyncPeriod); err != nil { glog.Errorf("Failed to start service controller: %v", err) } if s.AllocateNodeCIDRs { routes, ok := cloud.Routes() if !ok { glog.Fatal("Cloud provider must support routes if allocate-node-cidrs is set") } routeController := routecontroller.New(routes, kubeClient, s.ClusterName, (*net.IPNet)(&s.ClusterCIDR)) routeController.Run(s.NodeSyncPeriod) } resourceQuotaManager := resourcequota.NewResourceQuotaManager(kubeClient) resourceQuotaManager.Run(s.ResourceQuotaSyncPeriod) namespaceManager := namespace.NewNamespaceManager(kubeClient, s.NamespaceSyncPeriod) namespaceManager.Run() pvclaimBinder := volumeclaimbinder.NewPersistentVolumeClaimBinder(kubeClient, s.PVClaimBinderSyncPeriod) pvclaimBinder.Run() pvRecycler, err := volumeclaimbinder.NewPersistentVolumeRecycler(kubeClient, s.PVClaimBinderSyncPeriod, app.ProbeRecyclableVolumePlugins()) if err != nil { glog.Fatalf("Failed to start persistent volume recycler: %+v", err) } pvRecycler.Run() if len(s.ServiceAccountKeyFile) > 0 { privateKey, err := serviceaccount.ReadPrivateKey(s.ServiceAccountKeyFile) if err != nil { glog.Errorf("Error reading key for service account token controller: %v", err) } else { serviceaccount.NewTokensController( kubeClient, serviceaccount.DefaultTokenControllerOptions( serviceaccount.JWTTokenGenerator(privateKey), ), ).Run() } } serviceaccount.NewServiceAccountsController( kubeClient, serviceaccount.DefaultServiceAccountsControllerOptions(), ).Run() select {} }
func CreateKubeSources(uri *url.URL, c cache.Cache) ([]api.Source, error) { var ( kubeConfig *kube_client.Config err error ) opts := uri.Query() configOverrides, err := getConfigOverrides(uri) if err != nil { return nil, err } inClusterConfig := defaultInClusterConfig if len(opts["inClusterConfig"]) > 0 { inClusterConfig, err = strconv.ParseBool(opts["inClusterConfig"][0]) if err != nil { return nil, err } } if inClusterConfig { kubeConfig, err = kube_client.InClusterConfig() if err != nil { return nil, err } if configOverrides.ClusterInfo.Server != "" { kubeConfig.Host = configOverrides.ClusterInfo.Server } kubeConfig.Version = configOverrides.ClusterInfo.APIVersion } else { authFile := "" if len(opts["auth"]) > 0 { authFile = opts["auth"][0] } if authFile != "" { if kubeConfig, err = kubeClientCmd.NewNonInteractiveDeferredLoadingClientConfig( &kubeClientCmd.ClientConfigLoadingRules{ExplicitPath: authFile}, configOverrides).ClientConfig(); err != nil { return nil, err } } else { kubeConfig = &kube_client.Config{ Host: configOverrides.ClusterInfo.Server, Version: configOverrides.ClusterInfo.APIVersion, Insecure: configOverrides.ClusterInfo.InsecureSkipTLSVerify, } } } if len(kubeConfig.Host) == 0 { return nil, fmt.Errorf("invalid kubernetes master url specified") } if len(kubeConfig.Version) == 0 { return nil, fmt.Errorf("invalid kubernetes API version specified") } useServiceAccount := defaultUseServiceAccount if len(opts["useServiceAccount"]) >= 1 { useServiceAccount, err = strconv.ParseBool(opts["useServiceAccount"][0]) if err != nil { return nil, err } } if useServiceAccount { // If a readable service account token exists, then use it if contents, err := ioutil.ReadFile(defaultServiceAccountFile); err == nil { kubeConfig.BearerToken = string(contents) } } kubeClient := kube_client.NewOrDie(kubeConfig) nodesApi, err := nodes.NewKubeNodes(kubeClient) if err != nil { return nil, err } kubeletPort := defaultKubeletPort if len(opts["kubeletPort"]) >= 1 { kubeletPort, err = strconv.Atoi(opts["kubeletPort"][0]) if err != nil { return nil, err } } kubeletHttps := defaultKubeletHttps if len(opts["kubeletHttps"]) >= 1 { kubeletHttps, err = strconv.ParseBool(opts["kubeletHttps"][0]) if err != nil { return nil, err } } glog.Infof("Using Kubernetes client with master %q and version %q\n", kubeConfig.Host, kubeConfig.Version) glog.Infof("Using kubelet port %d", kubeletPort) kubeletConfig := &kube_client.KubeletConfig{ Port: uint(kubeletPort), EnableHttps: kubeletHttps, TLSClientConfig: kubeConfig.TLSClientConfig, } kubeletApi, err := datasource.NewKubelet(kubeletConfig) if err != nil { return nil, err } kubePodsSource := NewKubePodMetrics(kubeletPort, kubeletApi, nodesApi, newPodsApi(kubeClient)) kubeNodeSource := NewKubeNodeMetrics(kubeletPort, kubeletApi, nodesApi) kubeEventsSource := NewKubeEvents(kubeClient, c) return []api.Source{kubePodsSource, kubeNodeSource, kubeEventsSource}, nil }
// Run runs the specified ProxyServer. This should never exit. func (s *ProxyServer) Run(_ []string) error { // TODO(vmarmol): Use container config for this. if err := util.ApplyOomScoreAdj(0, s.OOMScoreAdj); err != nil { glog.Info(err) } // Run in its own container. if err := util.RunInResourceContainer(s.ResourceContainer); err != nil { glog.Warningf("Failed to start in resource-only container %q: %v", s.ResourceContainer, err) } else { glog.Infof("Running in resource-only container %q", s.ResourceContainer) } serviceConfig := config.NewServiceConfig() endpointsConfig := config.NewEndpointsConfig() protocol := iptables.ProtocolIpv4 if net.IP(s.BindAddress).To4() == nil { protocol = iptables.ProtocolIpv6 } loadBalancer := proxy.NewLoadBalancerRR() proxier := proxy.NewProxier(loadBalancer, net.IP(s.BindAddress), iptables.New(exec.New(), protocol)) if proxier == nil { glog.Fatalf("failed to create proxier, aborting") } // Wire proxier to handle changes to services serviceConfig.RegisterHandler(proxier) // And wire loadBalancer to handle changes to endpoints to services endpointsConfig.RegisterHandler(loadBalancer) // Note: RegisterHandler() calls need to happen before creation of Sources because sources // only notify on changes, and the initial update (on process start) may be lost if no handlers // are registered yet. // define api config source if s.Kubeconfig == "" && s.Master == "" { glog.Warningf("Neither --kubeconfig nor --master was specified. Using default API client. This might not work.") } // This creates a client, first loading any specified kubeconfig // file, and then overriding the Master flag, if non-empty. kubeconfig, err := clientcmd.NewNonInteractiveDeferredLoadingClientConfig( &clientcmd.ClientConfigLoadingRules{ExplicitPath: s.Kubeconfig}, &clientcmd.ConfigOverrides{ClusterInfo: clientcmdapi.Cluster{Server: s.Master}}).ClientConfig() if err != nil { return err } client, err := client.New(kubeconfig) if err != nil { glog.Fatalf("Invalid API configuration: %v", err) } config.NewSourceAPI( client.Services(api.NamespaceAll), client.Endpoints(api.NamespaceAll), 30*time.Second, serviceConfig.Channel("api"), endpointsConfig.Channel("api"), ) if s.HealthzPort > 0 { go util.Forever(func() { err := http.ListenAndServe(s.HealthzBindAddress.String()+":"+strconv.Itoa(s.HealthzPort), nil) if err != nil { glog.Errorf("Starting health server failed: %v", err) } }, 5*time.Second) } // Just loop forever for now... proxier.SyncLoop() return nil }
// Run runs the CMServer. This should never exit. func (s *CMServer) Run(_ []string) error { s.verifyMinionFlags() if s.Kubeconfig == "" && s.Master == "" { glog.Warningf("Neither --kubeconfig nor --master was specified. Using default API client. This might not work.") } // This creates a client, first loading any specified kubeconfig // file, and then overriding the Master flag, if non-empty. kubeconfig, err := clientcmd.NewNonInteractiveDeferredLoadingClientConfig( &clientcmd.ClientConfigLoadingRules{ExplicitPath: s.Kubeconfig}, &clientcmd.ConfigOverrides{ClusterInfo: clientcmdapi.Cluster{Server: s.Master}}).ClientConfig() if err != nil { return err } kubeconfig.QPS = 20.0 kubeconfig.Burst = 30 kubeClient, err := client.New(kubeconfig) if err != nil { glog.Fatalf("Invalid API configuration: %v", err) } go func() { mux := http.NewServeMux() healthz.InstallHandler(mux) if s.EnableProfiling { mux.HandleFunc("/debug/pprof/", pprof.Index) mux.HandleFunc("/debug/pprof/profile", pprof.Profile) mux.HandleFunc("/debug/pprof/symbol", pprof.Symbol) } mux.Handle("/metrics", prometheus.Handler()) server := &http.Server{ Addr: net.JoinHostPort(s.Address.String(), strconv.Itoa(s.Port)), Handler: mux, } glog.Fatal(server.ListenAndServe()) }() endpoints := service.NewEndpointController(kubeClient) go endpoints.Run(s.ConcurrentEndpointSyncs, util.NeverStop) controllerManager := replicationControllerPkg.NewReplicationManager(kubeClient) controllerManager.Run(replicationControllerPkg.DefaultSyncPeriod) cloud := cloudprovider.InitCloudProvider(s.CloudProvider, s.CloudConfigFile) nodeResources := &api.NodeResources{ Capacity: api.ResourceList{ api.ResourceCPU: *resource.NewMilliQuantity(s.NodeMilliCPU, resource.DecimalSI), api.ResourceMemory: s.NodeMemory, }, } if s.SyncNodeStatus { glog.Warning("DEPRECATION NOTICE: sync_node_status flag is being deprecated. It has no effect now and it will be removed in a future version.") } nodeController := nodecontroller.NewNodeController(cloud, s.MinionRegexp, s.MachineList, nodeResources, kubeClient, s.RegisterRetryCount, s.PodEvictionTimeout, util.NewTokenBucketRateLimiter(s.DeletingPodsQps, s.DeletingPodsBurst), s.NodeMonitorGracePeriod, s.NodeStartupGracePeriod, s.NodeMonitorPeriod, s.ClusterName) nodeController.Run(s.NodeSyncPeriod, s.SyncNodeList) serviceController := servicecontroller.New(cloud, kubeClient, s.ClusterName) if err := serviceController.Run(); err != nil { glog.Errorf("Failed to start service controller: %v", err) } resourceQuotaManager := resourcequota.NewResourceQuotaManager(kubeClient) resourceQuotaManager.Run(s.ResourceQuotaSyncPeriod) namespaceManager := namespace.NewNamespaceManager(kubeClient, s.NamespaceSyncPeriod) namespaceManager.Run() select {} return nil }
// NewEnviromentConfig sets up the initial config from environment variables func NewEnviromentConfig() (*Config, error) { config := NewDefaultConfig() home := os.Getenv("GIT_HOME") if len(home) == 0 { return nil, fmt.Errorf("GIT_HOME is required") } abs, err := filepath.Abs(home) if err != nil { return nil, fmt.Errorf("can't make %q absolute: %v", home, err) } if stat, err := os.Stat(abs); err != nil || !stat.IsDir() { return nil, fmt.Errorf("GIT_HOME must be an existing directory: %v", err) } config.Home = home if publicURL := os.Getenv("PUBLIC_URL"); len(publicURL) > 0 { valid, err := url.Parse(publicURL) if err != nil { return nil, fmt.Errorf("PUBLIC_URL must be a valid URL: %v", err) } config.URL = valid } gitpath := os.Getenv("GIT_PATH") if len(gitpath) == 0 { path, err := exec.LookPath("git") if err != nil { return nil, fmt.Errorf("could not find 'git' in PATH; specify GIT_PATH or set your PATH") } gitpath = path } config.GitBinary = gitpath config.AllowPush = os.Getenv("ALLOW_GIT_PUSH") != "no" config.AllowHooks = os.Getenv("ALLOW_GIT_HOOKS") != "no" config.AllowLazyCreate = os.Getenv("ALLOW_LAZY_CREATE") != "no" if hookpath := os.Getenv("HOOK_PATH"); len(hookpath) != 0 { path, err := filepath.Abs(hookpath) if err != nil { return nil, fmt.Errorf("HOOK_PATH was set but cannot be made absolute: %v", err) } if stat, err := os.Stat(path); err != nil || !stat.IsDir() { return nil, fmt.Errorf("HOOK_PATH must be an existing directory if set: %v", err) } config.HookDirectory = path } allowAnonymousGet := os.Getenv("ALLOW_ANON_GIT_PULL") == "yes" serverAuth := os.Getenv("REQUIRE_SERVER_AUTH") gitAuth := os.Getenv("REQUIRE_GIT_AUTH") if len(serverAuth) > 0 && len(gitAuth) > 0 { return nil, fmt.Errorf("only one of REQUIRE_SERVER_AUTH or REQUIRE_GIT_AUTH may be specified") } if len(serverAuth) > 0 { namespace := os.Getenv("AUTH_NAMESPACE") if len(namespace) == 0 { return nil, fmt.Errorf("when REQUIRE_SERVER_AUTH is set, AUTH_NAMESPACE must also be specified") } if serverAuth == "-" { serverAuth = "" } rules := clientcmd.NewDefaultClientConfigLoadingRules() rules.ExplicitPath = serverAuth kubeconfig := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(rules, &clientcmd.ConfigOverrides{}) cfg, err := kubeconfig.ClientConfig() if err != nil { return nil, fmt.Errorf("could not create a client for REQUIRE_SERVER_AUTH: %v", err) } osc, err := client.New(cfg) if err != nil { return nil, fmt.Errorf("could not create a client for REQUIRE_SERVER_AUTH: %v", err) } config.AuthMessage = fmt.Sprintf("Authenticating against %s allow-push=%t anon-pull=%t", cfg.Host, config.AllowPush, allowAnonymousGet) config.AuthenticatorFn = auth.Authenticator(func(info auth.AuthInfo) (bool, error) { if !info.Push && allowAnonymousGet { return true, nil } req := &authapi.SubjectAccessReview{ Verb: "get", Resource: "pods", } if info.Push { if !config.AllowPush { return false, nil } req.Verb = "create" } res, err := osc.ImpersonateSubjectAccessReviews(namespace, info.Password).Create(req) if err != nil { return false, err } //log.Printf("debug: server response allowed=%t message=%s", res.Allowed, res.Reason) return res.Allowed, nil }) } if len(gitAuth) > 0 { parts := strings.Split(gitAuth, ":") if len(parts) != 2 { return nil, fmt.Errorf("REQUIRE_GIT_AUTH must be a username and password separated by a ':'") } config.AuthMessage = fmt.Sprintf("Authenticating against username/password allow-push=%t", config.AllowPush) username, password := parts[0], parts[1] config.AuthenticatorFn = auth.Authenticator(func(info auth.AuthInfo) (bool, error) { if info.Push { if !config.AllowPush { return false, nil } if allowAnonymousGet { return true, nil } } if info.Username != username || info.Password != password { return false, nil } return true, nil }) } if value := os.Getenv("GIT_LISTEN"); len(value) > 0 { config.Listen = value } config.CleanBeforeClone = os.Getenv("GIT_FORCE_CLEAN") == "yes" clones := make(map[string]Clone) for _, env := range os.Environ() { if !strings.HasPrefix(env, initialClonePrefix) { continue } parts := strings.SplitN(env, "=", 2) if len(parts) != 2 { continue } key, value := parts[0], parts[1] part := key[len(initialClonePrefix):] if len(part) == 0 { continue } if len(value) == 0 { return nil, fmt.Errorf("%s must not have an empty value", key) } defaultName := strings.Replace(strings.ToLower(part), "_", "-", -1) values := strings.Split(value, ";") var uri, name string switch len(values) { case 1: uri, name = values[0], "" case 2: uri, name = values[0], values[1] if len(name) == 0 { return nil, fmt.Errorf("%s name may not be empty", key) } default: return nil, fmt.Errorf("%s may only have two segments (<url> or <url>;<name>)", key) } url, err := git.ParseRepository(uri) if err != nil { return nil, fmt.Errorf("%s is not a valid repository URI: %v", key, err) } switch url.Scheme { case "http", "https", "git", "ssh": default: return nil, fmt.Errorf("%s %q must be a http, https, git, or ssh URL", key, uri) } if len(name) == 0 { if n, ok := git.NameFromRepositoryURL(url); ok { name = n + ".git" } } if len(name) == 0 { name = defaultName + ".git" } if invalidCloneNameChars.MatchString(name) { return nil, fmt.Errorf("%s name %q must be only letters, numbers, dashes, or underscores", key, name) } if _, ok := reservedNames[name]; ok { return nil, fmt.Errorf("%s name %q is reserved (%v)", key, name, reservedNames) } clones[name] = Clone{ URL: *url, } } config.InitialClones = clones return config, nil }
// Run runs the CMServer. This should never exit. func (s *CMServer) Run(_ []string) error { if s.Kubeconfig == "" && s.Master == "" { glog.Warningf("Neither --kubeconfig nor --master was specified. Using default API client. This might not work.") } // This creates a client, first loading any specified kubeconfig // file, and then overriding the Master flag, if non-empty. kubeconfig, err := clientcmd.NewNonInteractiveDeferredLoadingClientConfig( &clientcmd.ClientConfigLoadingRules{ExplicitPath: s.Kubeconfig}, &clientcmd.ConfigOverrides{ClusterInfo: clientcmdapi.Cluster{Server: s.Master}}).ClientConfig() if err != nil { return err } kubeconfig.QPS = 20.0 kubeconfig.Burst = 30 kubeClient, err := client.New(kubeconfig) if err != nil { glog.Fatalf("Invalid API configuration: %v", err) } go func() { mux := http.NewServeMux() healthz.InstallHandler(mux) if s.EnableProfiling { mux.HandleFunc("/debug/pprof/", pprof.Index) mux.HandleFunc("/debug/pprof/profile", pprof.Profile) mux.HandleFunc("/debug/pprof/symbol", pprof.Symbol) } mux.Handle("/metrics", prometheus.Handler()) server := &http.Server{ Addr: net.JoinHostPort(s.Address.String(), strconv.Itoa(s.Port)), Handler: mux, } glog.Fatal(server.ListenAndServe()) }() endpoints := service.NewEndpointController(kubeClient) go endpoints.Run(s.ConcurrentEndpointSyncs, util.NeverStop) controllerManager := replicationControllerPkg.NewReplicationManager(kubeClient, replicationControllerPkg.BurstReplicas) go controllerManager.Run(s.ConcurrentRCSyncs, util.NeverStop) cloud, err := cloudprovider.InitCloudProvider(s.CloudProvider, s.CloudConfigFile) if err != nil { glog.Fatalf("Cloud provider could not be initialized: %v", err) } nodeController := nodecontroller.NewNodeController(cloud, kubeClient, s.RegisterRetryCount, s.PodEvictionTimeout, nodecontroller.NewPodEvictor(util.NewTokenBucketRateLimiter(s.DeletingPodsQps, s.DeletingPodsBurst)), s.NodeMonitorGracePeriod, s.NodeStartupGracePeriod, s.NodeMonitorPeriod, (*net.IPNet)(&s.ClusterCIDR), s.AllocateNodeCIDRs) nodeController.Run(s.NodeSyncPeriod) serviceController := servicecontroller.New(cloud, kubeClient, s.ClusterName) if err := serviceController.Run(s.ServiceSyncPeriod, s.NodeSyncPeriod); err != nil { glog.Errorf("Failed to start service controller: %v", err) } if s.AllocateNodeCIDRs { if cloud == nil { glog.Warning("allocate-node-cidrs is set, but no cloud provider specified. Will not manage routes.") } else if routes, ok := cloud.Routes(); !ok { glog.Warning("allocate-node-cidrs is set, but cloud provider does not support routes. Will not manage routes.") } else { routeController := routecontroller.New(routes, kubeClient, s.ClusterName, (*net.IPNet)(&s.ClusterCIDR)) routeController.Run(s.NodeSyncPeriod) } } resourceQuotaManager := resourcequota.NewResourceQuotaManager(kubeClient) resourceQuotaManager.Run(s.ResourceQuotaSyncPeriod) namespaceManager := namespace.NewNamespaceManager(kubeClient, s.NamespaceSyncPeriod) namespaceManager.Run() pvclaimBinder := volumeclaimbinder.NewPersistentVolumeClaimBinder(kubeClient, s.PVClaimBinderSyncPeriod) pvclaimBinder.Run() pvRecycler, err := volumeclaimbinder.NewPersistentVolumeRecycler(kubeClient, s.PVClaimBinderSyncPeriod, ProbeRecyclableVolumePlugins()) if err != nil { glog.Fatalf("Failed to start persistent volume recycler: %+v", err) } pvRecycler.Run() var rootCA []byte if s.RootCAFile != "" { rootCA, err = ioutil.ReadFile(s.RootCAFile) if err != nil { return fmt.Errorf("error reading root-ca-file at %s: %v", s.RootCAFile, err) } if _, err := util.CertsFromPEM(rootCA); err != nil { return fmt.Errorf("error parsing root-ca-file at %s: %v", s.RootCAFile, err) } } else { rootCA = kubeconfig.CAData } if len(s.ServiceAccountKeyFile) > 0 { privateKey, err := serviceaccount.ReadPrivateKey(s.ServiceAccountKeyFile) if err != nil { glog.Errorf("Error reading key for service account token controller: %v", err) } else { serviceaccount.NewTokensController( kubeClient, serviceaccount.TokensControllerOptions{ TokenGenerator: serviceaccount.JWTTokenGenerator(privateKey), RootCA: rootCA, }, ).Run() } } serviceaccount.NewServiceAccountsController( kubeClient, serviceaccount.DefaultServiceAccountsControllerOptions(), ).Run() select {} return nil }