// Run runs the specified SimulatorBuilder. This should never exit.
func (s *SimulatorBuilder) Init(_ []string) *SimulatorBuilder {
glog.V(3).Info("Try to get kubernetes client.")
if s.Kubeconfig == "" && s.Master == "" {
glog.Warningf("Neither --kubeconfig nor --master was specified. Using default API client. This might not work.")
}
if (s.EtcdConfigFile != "" && len(s.EtcdServerList) != 0) || (s.EtcdConfigFile == "" && len(s.EtcdServerList) == 0) {
glog.Fatalf("specify either --etcd-servers or --etcd-config")
}
// This creates a client, first loading any specified kubeconfig
// file, and then overriding the Master flag, if non-empty.
kubeconfig, err := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(
&clientcmd.ClientConfigLoadingRules{ExplicitPath: s.Kubeconfig},
&clientcmd.ConfigOverrides{ClusterInfo: clientcmdapi.Cluster{Server: s.Master}}).ClientConfig()
if err != nil {
return nil
}
kubeconfig.QPS = 20.0
kubeconfig.Burst = 30
kubeClient, err := client.New(kubeconfig)
if err != nil {
glog.Fatalf("Invalid API configuration: %v", err)
}
s.KubeClient = kubeClient
s.EtcdPathPrefix = master.DefaultEtcdPathPrefix
return s
}
// NewDefaultKubeConnectionArgs returns a new set of default connection
// arguments for Kubernetes
func NewDefaultKubeConnectionArgs() *KubeConnectionArgs {
config := &KubeConnectionArgs{}
config.KubernetesAddr = flagtypes.Addr{Value: "localhost:8443", DefaultScheme: "https", DefaultPort: 8443, AllowPrefix: true}.Default()
config.ClientConfig = clientcmd.NewNonInteractiveDeferredLoadingClientConfig(&config.ClientConfigLoadingRules, &clientcmd.ConfigOverrides{})
return config
}
// Run runs the specified SchedulerServer. This should never exit.
func (s *SchedulerServer) Run(_ []string) error {
if s.Kubeconfig == "" && s.Master == "" {
glog.Warningf("Neither --kubeconfig nor --master was specified. Using default API client. This might not work.")
}
// This creates a client, first loading any specified kubeconfig
// file, and then overriding the Master flag, if non-empty.
kubeconfig, err := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(
&clientcmd.ClientConfigLoadingRules{ExplicitPath: s.Kubeconfig},
&clientcmd.ConfigOverrides{ClusterInfo: clientcmdapi.Cluster{Server: s.Master}}).ClientConfig()
if err != nil {
return err
}
kubeconfig.QPS = 20.0
kubeconfig.Burst = 30
kubeClient, err := client.New(kubeconfig)
if err != nil {
glog.Fatalf("Invalid API configuration: %v", err)
}
go func() {
mux := http.NewServeMux()
healthz.InstallHandler(mux)
if s.EnableProfiling {
mux.HandleFunc("/debug/pprof/", pprof.Index)
mux.HandleFunc("/debug/pprof/profile", pprof.Profile)
mux.HandleFunc("/debug/pprof/symbol", pprof.Symbol)
}
mux.Handle("/metrics", prometheus.Handler())
server := &http.Server{
Addr: net.JoinHostPort(s.Address.String(), strconv.Itoa(s.Port)),
Handler: mux,
}
glog.Fatal(server.ListenAndServe())
}()
configFactory := factory.NewConfigFactory(kubeClient)
config, err := s.createConfig(configFactory)
if err != nil {
glog.Fatalf("Failed to create scheduler configuration: %v", err)
}
eventBroadcaster := record.NewBroadcaster()
config.Recorder = eventBroadcaster.NewRecorder(api.EventSource{Component: "scheduler"})
eventBroadcaster.StartLogging(glog.Infof)
eventBroadcaster.StartRecordingToSink(kubeClient.Events(""))
sched := scheduler.New(config)
sched.Run()
select {}
}
func makeErrorKubeconfig() (clientcmd.ClientConfigLoadingRules, clientcmd.ClientConfig) {
// Set a non-empty CommandLinePath to trigger loading
loadingRules := clientcmd.ClientConfigLoadingRules{}
loadingRules.ExplicitPath = "missing-file"
clientConfig := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(
&loadingRules,
&clientcmd.ConfigOverrides{},
)
return loadingRules, clientConfig
}
func makeEmptyKubeconfig() (clientcmd.ClientConfigLoadingRules, clientcmd.ClientConfig) {
// Set a non-empty CommandLinePath to trigger loading
loadingRules := clientcmd.ClientConfigLoadingRules{}
loadingRules.ExplicitPath = "specified"
clientConfig := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(
// Set empty loading rules to avoid missing file errors
&clientcmd.ClientConfigLoadingRules{},
&clientcmd.ConfigOverrides{},
)
return loadingRules, clientConfig
}
func defaultClientConfig(flags *pflag.FlagSet) clientcmd.ClientConfig {
loadingRules := &clientcmd.ClientConfigLoadingRules{ExplicitPath: ""}
flags.StringVar(&loadingRules.ExplicitPath, config.OpenShiftConfigFlagName, "", "Path to the config file to use for CLI requests.")
overrides := &clientcmd.ConfigOverrides{}
overrideFlags := clientcmd.RecommendedConfigOverrideFlags("")
overrideFlags.ContextOverrideFlags.Namespace.ShortName = "n"
clientcmd.BindOverrideFlags(overrides, flags, overrideFlags)
clientConfig := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(loadingRules, overrides)
return clientConfig
}
func (o *PathOptions) GetStartingConfig() (*clientcmdapi.Config, error) {
// don't mutate the original
loadingRules := *o.LoadingRules
loadingRules.Precedence = o.GetLoadingPrecedence()
clientConfig := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(&loadingRules, &clientcmd.ConfigOverrides{})
rawConfig, err := clientConfig.RawConfig()
if os.IsNotExist(err) {
return clientcmdapi.NewConfig(), nil
}
if err != nil {
return nil, err
}
return &rawConfig, nil
}
func makeKubeconfig(server, user string) (clientcmd.ClientConfigLoadingRules, clientcmd.ClientConfig) {
// Set a non-empty CommandLinePath to trigger loading
loadingRules := clientcmd.ClientConfigLoadingRules{}
loadingRules.ExplicitPath = "specified"
clientConfig := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(
// Set empty loading rules to avoid missing file errors
&clientcmd.ClientConfigLoadingRules{},
// Override the server and user in client config to simulate loading from a file
&clientcmd.ConfigOverrides{
ClusterInfo: clientcmdapi.Cluster{Server: server},
AuthInfo: clientcmdapi.AuthInfo{Username: user},
},
)
return loadingRules, clientConfig
}
// TODO: evaluate using pkg/client/clientcmd
func newKubeClient() (*kclient.Client, error) {
var (
config *kclient.Config
err error
masterURL string
)
// If the user specified --kube_master_url, expand env vars and verify it.
if *argKubeMasterURL != "" {
masterURL, err = expandKubeMasterURL()
if err != nil {
return nil, err
}
}
if masterURL != "" && *argKubecfgFile == "" {
// Only --kube_master_url was provided.
config = &kclient.Config{
Host: masterURL,
Version: "v1",
}
} else {
// We either have:
// 1) --kube_master_url and --kubecfg_file
// 2) just --kubecfg_file
// 3) neither flag
// In any case, the logic is the same. If (3), this will automatically
// fall back on the service account token.
overrides := &kclientcmd.ConfigOverrides{}
overrides.ClusterInfo.Server = masterURL // might be "", but that is OK
rules := &kclientcmd.ClientConfigLoadingRules{ExplicitPath: *argKubecfgFile} // might be "", but that is OK
if config, err = kclientcmd.NewNonInteractiveDeferredLoadingClientConfig(rules, overrides).ClientConfig(); err != nil {
return nil, err
}
}
glog.Infof("Using %s for kubernetes master", config.Host)
glog.Infof("Using kubernetes API %s", config.Version)
return kclient.New(config)
}
// TODO: clients should be copied and instantiated from a common client config, tweaked, then
// given to individual controllers and other infrastructure components.
func GetOpenShiftClient(kubeConfigFile string) (*client.Client, *kclient.Config, error) {
loadingRules := &clientcmd.ClientConfigLoadingRules{}
loadingRules.ExplicitPath = kubeConfigFile
loader := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(loadingRules, &clientcmd.ConfigOverrides{})
kubeConfig, err := loader.ClientConfig()
if err != nil {
return nil, nil, err
}
// This is an internal client which is shared by most controllers, so boost default QPS
// TODO: this should be configured by the caller, not in this method.
kubeConfig.QPS = 150.0
kubeConfig.Burst = 300
kubeConfig.WrapTransport = DefaultClientTransport
openshiftClient, err := client.New(kubeConfig)
if err != nil {
return nil, nil, err
}
return openshiftClient, kubeConfig, nil
}
// NewEnviromentConfig sets up the initial config from environment variables
func NewEnviromentConfig() (*Config, error) {
config := NewDefaultConfig()
home := os.Getenv("GIT_HOME")
if len(home) == 0 {
return nil, fmt.Errorf("GIT_HOME is required")
}
abs, err := filepath.Abs(home)
if err != nil {
return nil, fmt.Errorf("can't make %q absolute: %v", home, err)
}
if stat, err := os.Stat(abs); err != nil || !stat.IsDir() {
return nil, fmt.Errorf("GIT_HOME must be an existing directory: %v", err)
}
config.Home = home
if publicURL := os.Getenv("PUBLIC_URL"); len(publicURL) > 0 {
valid, err := url.Parse(publicURL)
if err != nil {
return nil, fmt.Errorf("PUBLIC_URL must be a valid URL: %v", err)
}
config.URL = valid
}
gitpath := os.Getenv("GIT_PATH")
if len(gitpath) == 0 {
path, err := exec.LookPath("git")
if err != nil {
return nil, fmt.Errorf("could not find 'git' in PATH; specify GIT_PATH or set your PATH")
}
gitpath = path
}
config.GitBinary = gitpath
config.AllowPush = os.Getenv("ALLOW_GIT_PUSH") != "no"
config.AllowHooks = os.Getenv("ALLOW_GIT_HOOKS") != "no"
config.AllowLazyCreate = os.Getenv("ALLOW_LAZY_CREATE") != "no"
if hookpath := os.Getenv("HOOK_PATH"); len(hookpath) != 0 {
path, err := filepath.Abs(hookpath)
if err != nil {
return nil, fmt.Errorf("HOOK_PATH was set but cannot be made absolute: %v", err)
}
if stat, err := os.Stat(path); err != nil || !stat.IsDir() {
return nil, fmt.Errorf("HOOK_PATH must be an existing directory if set: %v", err)
}
config.HookDirectory = path
}
allowAnonymousGet := os.Getenv("ALLOW_ANON_GIT_PULL") == "yes"
serverAuth := os.Getenv("REQUIRE_SERVER_AUTH")
gitAuth := os.Getenv("REQUIRE_GIT_AUTH")
if len(serverAuth) > 0 && len(gitAuth) > 0 {
return nil, fmt.Errorf("only one of REQUIRE_SERVER_AUTH or REQUIRE_GIT_AUTH may be specified")
}
if len(serverAuth) > 0 {
namespace := os.Getenv("AUTH_NAMESPACE")
if len(namespace) == 0 {
return nil, fmt.Errorf("when REQUIRE_SERVER_AUTH is set, AUTH_NAMESPACE must also be specified")
}
if serverAuth == "-" {
serverAuth = ""
}
rules := clientcmd.NewDefaultClientConfigLoadingRules()
rules.ExplicitPath = serverAuth
kubeconfig := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(rules, &clientcmd.ConfigOverrides{})
cfg, err := kubeconfig.ClientConfig()
if err != nil {
return nil, fmt.Errorf("could not create a client for REQUIRE_SERVER_AUTH: %v", err)
}
osc, err := client.New(cfg)
if err != nil {
return nil, fmt.Errorf("could not create a client for REQUIRE_SERVER_AUTH: %v", err)
}
config.AuthMessage = fmt.Sprintf("Authenticating against %s allow-push=%t anon-pull=%t", cfg.Host, config.AllowPush, allowAnonymousGet)
config.AuthenticatorFn = auth.Authenticator(func(info auth.AuthInfo) (bool, error) {
if !info.Push && allowAnonymousGet {
return true, nil
}
req := &authapi.LocalSubjectAccessReview{
Action: authapi.AuthorizationAttributes{
Verb: "get",
Resource: "pods",
},
}
if info.Push {
if !config.AllowPush {
return false, nil
}
req.Action.Verb = "create"
}
res, err := osc.ImpersonateLocalSubjectAccessReviews(namespace, info.Password).Create(req)
if err != nil {
return false, err
}
//log.Printf("debug: server response allowed=%t message=%s", res.Allowed, res.Reason)
return res.Allowed, nil
})
}
if len(gitAuth) > 0 {
parts := strings.Split(gitAuth, ":")
if len(parts) != 2 {
return nil, fmt.Errorf("REQUIRE_GIT_AUTH must be a username and password separated by a ':'")
}
config.AuthMessage = fmt.Sprintf("Authenticating against username/password allow-push=%t", config.AllowPush)
username, password := parts[0], parts[1]
config.AuthenticatorFn = auth.Authenticator(func(info auth.AuthInfo) (bool, error) {
if info.Push {
if !config.AllowPush {
return false, nil
}
if allowAnonymousGet {
return true, nil
}
}
if info.Username != username || info.Password != password {
return false, nil
}
return true, nil
})
}
if value := os.Getenv("GIT_LISTEN"); len(value) > 0 {
config.Listen = value
}
config.CleanBeforeClone = os.Getenv("GIT_FORCE_CLEAN") == "yes"
clones := make(map[string]Clone)
for _, env := range os.Environ() {
if !strings.HasPrefix(env, initialClonePrefix) {
continue
}
parts := strings.SplitN(env, "=", 2)
if len(parts) != 2 {
continue
}
key, value := parts[0], parts[1]
part := key[len(initialClonePrefix):]
if len(part) == 0 {
continue
}
if len(value) == 0 {
return nil, fmt.Errorf("%s must not have an empty value", key)
}
defaultName := strings.Replace(strings.ToLower(part), "_", "-", -1)
values := strings.Split(value, ";")
var uri, name string
switch len(values) {
case 1:
uri, name = values[0], ""
case 2:
uri, name = values[0], values[1]
if len(name) == 0 {
return nil, fmt.Errorf("%s name may not be empty", key)
}
default:
return nil, fmt.Errorf("%s may only have two segments (<url> or <url>;<name>)", key)
}
url, err := git.ParseRepository(uri)
if err != nil {
return nil, fmt.Errorf("%s is not a valid repository URI: %v", key, err)
}
switch url.Scheme {
case "http", "https", "git", "ssh":
default:
return nil, fmt.Errorf("%s %q must be a http, https, git, or ssh URL", key, uri)
}
if len(name) == 0 {
if n, ok := git.NameFromRepositoryURL(url); ok {
name = n + ".git"
}
}
if len(name) == 0 {
name = defaultName + ".git"
}
if invalidCloneNameChars.MatchString(name) {
return nil, fmt.Errorf("%s name %q must be only letters, numbers, dashes, or underscores", key, name)
}
if _, ok := reservedNames[name]; ok {
return nil, fmt.Errorf("%s name %q is reserved (%v)", key, name, reservedNames)
}
clones[name] = Clone{
URL: *url,
}
}
config.InitialClones = clones
return config, nil
}
// Run runs the CMServer. This should never exit.
func (s *CMServer) Run(_ []string) error {
if s.Kubeconfig == "" && s.Master == "" {
glog.Warningf("Neither --kubeconfig nor --master was specified. Using default API client. This might not work.")
}
// This creates a client, first loading any specified kubeconfig
// file, and then overriding the Master flag, if non-empty.
kubeconfig, err := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(
&clientcmd.ClientConfigLoadingRules{ExplicitPath: s.Kubeconfig},
&clientcmd.ConfigOverrides{ClusterInfo: clientcmdapi.Cluster{Server: s.Master}}).ClientConfig()
if err != nil {
return err
}
kubeconfig.QPS = 20.0
kubeconfig.Burst = 30
kubeClient, err := client.New(kubeconfig)
if err != nil {
glog.Fatalf("Invalid API configuration: %v", err)
}
go func() {
mux := http.NewServeMux()
healthz.InstallHandler(mux)
if s.EnableProfiling {
mux.HandleFunc("/debug/pprof/", pprof.Index)
mux.HandleFunc("/debug/pprof/profile", pprof.Profile)
mux.HandleFunc("/debug/pprof/symbol", pprof.Symbol)
}
mux.Handle("/metrics", prometheus.Handler())
server := &http.Server{
Addr: net.JoinHostPort(s.Address.String(), strconv.Itoa(s.Port)),
Handler: mux,
}
glog.Fatal(server.ListenAndServe())
}()
endpoints := endpointcontroller.NewEndpointController(kubeClient)
go endpoints.Run(s.ConcurrentEndpointSyncs, util.NeverStop)
controllerManager := replicationControllerPkg.NewReplicationManager(kubeClient, replicationControllerPkg.BurstReplicas)
go controllerManager.Run(s.ConcurrentRCSyncs, util.NeverStop)
cloud, err := cloudprovider.InitCloudProvider(s.CloudProvider, s.CloudConfigFile)
if err != nil {
glog.Fatalf("Cloud provider could not be initialized: %v", err)
}
nodeController := nodecontroller.NewNodeController(cloud, kubeClient,
s.PodEvictionTimeout, nodecontroller.NewPodEvictor(util.NewTokenBucketRateLimiter(s.DeletingPodsQps, s.DeletingPodsBurst)),
s.NodeMonitorGracePeriod, s.NodeStartupGracePeriod, s.NodeMonitorPeriod, &s.ClusterCIDR, s.AllocateNodeCIDRs)
nodeController.Run(s.NodeSyncPeriod)
serviceController := servicecontroller.New(cloud, kubeClient, s.ClusterName)
if err := serviceController.Run(s.ServiceSyncPeriod, s.NodeSyncPeriod); err != nil {
glog.Errorf("Failed to start service controller: %v", err)
}
if s.AllocateNodeCIDRs {
if cloud == nil {
glog.Warning("allocate-node-cidrs is set, but no cloud provider specified. Will not manage routes.")
} else if routes, ok := cloud.Routes(); !ok {
glog.Warning("allocate-node-cidrs is set, but cloud provider does not support routes. Will not manage routes.")
} else {
routeController := routecontroller.New(routes, kubeClient, s.ClusterName, &s.ClusterCIDR)
routeController.Run(s.NodeSyncPeriod)
}
}
resourceQuotaController := resourcequotacontroller.NewResourceQuotaController(kubeClient)
resourceQuotaController.Run(s.ResourceQuotaSyncPeriod)
namespaceController := namespacecontroller.NewNamespaceController(kubeClient, s.NamespaceSyncPeriod)
namespaceController.Run()
pvclaimBinder := volumeclaimbinder.NewPersistentVolumeClaimBinder(kubeClient, s.PVClaimBinderSyncPeriod)
pvclaimBinder.Run()
volumeConfig := volume.NewVolumeConfig()
volumeConfig.PersistentVolumeRecyclerMinTimeoutHostPath = int64(s.PersistentVolumeRecyclerMinTimeoutHostPath)
volumeConfig.PersistentVolumeRecyclerTimeoutIncrementHostPath = int64(s.PersistentVolumeRecyclerTimeoutIncrementHostPath)
volumeConfig.PersistentVolumeRecyclerMinTimeoutNfs = int64(s.PersistentVolumeRecyclerMinTimeoutNfs)
volumeConfig.PersistentVolumeRecyclerTimeoutIncrementNfs = int64(s.PersistentVolumeRecyclerTimeoutIncrementNfs)
if s.PersistentVolumeRecyclerDefaultScrubPod != "" {
scrubPod, err := volume.InitScrubPod(s.PersistentVolumeRecyclerDefaultScrubPod)
if err != nil {
glog.Fatalf("Override of default PersistentVolume scrub pod failed: %+v", err)
}
volumeConfig.PersistentVolumeRecyclerDefaultScrubPod = scrubPod
}
pvRecycler, err := volumeclaimbinder.NewPersistentVolumeRecycler(kubeClient, s.PVClaimBinderSyncPeriod, ProbeRecyclableVolumePlugins(volumeConfig))
if err != nil {
glog.Fatalf("Failed to start persistent volume recycler: %+v", err)
}
pvRecycler.Run()
var rootCA []byte
if s.RootCAFile != "" {
rootCA, err = ioutil.ReadFile(s.RootCAFile)
if err != nil {
return fmt.Errorf("error reading root-ca-file at %s: %v", s.RootCAFile, err)
}
if _, err := util.CertsFromPEM(rootCA); err != nil {
return fmt.Errorf("error parsing root-ca-file at %s: %v", s.RootCAFile, err)
}
} else {
rootCA = kubeconfig.CAData
}
if len(s.ServiceAccountKeyFile) > 0 {
privateKey, err := serviceaccount.ReadPrivateKey(s.ServiceAccountKeyFile)
if err != nil {
glog.Errorf("Error reading key for service account token controller: %v", err)
} else {
serviceaccount.NewTokensController(
kubeClient,
serviceaccount.TokensControllerOptions{
TokenGenerator: serviceaccount.JWTTokenGenerator(privateKey),
RootCA: rootCA,
},
).Run()
}
}
serviceaccount.NewServiceAccountsController(
kubeClient,
serviceaccount.DefaultServiceAccountsControllerOptions(),
).Run()
select {}
return nil
}
// Run runs the specified ProxyServer. This should never exit.
func (s *ProxyServer) Run(_ []string) error {
// TODO(vmarmol): Use container config for this.
oomAdjuster := oom.NewOomAdjuster()
if err := oomAdjuster.ApplyOomScoreAdj(0, s.OOMScoreAdj); err != nil {
glog.V(2).Info(err)
}
// Run in its own container.
if err := util.RunInResourceContainer(s.ResourceContainer); err != nil {
glog.Warningf("Failed to start in resource-only container %q: %v", s.ResourceContainer, err)
} else {
glog.V(2).Infof("Running in resource-only container %q", s.ResourceContainer)
}
// define api config source
if s.Kubeconfig == "" && s.Master == "" {
glog.Warningf("Neither --kubeconfig nor --master was specified. Using default API client. This might not work.")
}
// This creates a client, first loading any specified kubeconfig
// file, and then overriding the Master flag, if non-empty.
kubeconfig, err := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(
&clientcmd.ClientConfigLoadingRules{ExplicitPath: s.Kubeconfig},
&clientcmd.ConfigOverrides{ClusterInfo: clientcmdapi.Cluster{Server: s.Master}}).ClientConfig()
if err != nil {
return err
}
client, err := client.New(kubeconfig)
if err != nil {
glog.Fatalf("Invalid API configuration: %v", err)
}
// Add event recorder
Hostname := nodeutil.GetHostname(s.HostnameOverride)
eventBroadcaster := record.NewBroadcaster()
s.Recorder = eventBroadcaster.NewRecorder(api.EventSource{Component: "kube-proxy", Host: Hostname})
eventBroadcaster.StartRecordingToSink(client.Events(""))
s.nodeRef = &api.ObjectReference{
Kind: "Node",
Name: Hostname,
UID: types.UID(Hostname),
Namespace: "",
}
// Birth Cry
s.birthCry()
serviceConfig := config.NewServiceConfig()
endpointsConfig := config.NewEndpointsConfig()
protocol := utiliptables.ProtocolIpv4
if s.BindAddress.To4() == nil {
protocol = utiliptables.ProtocolIpv6
}
var proxier proxy.ProxyProvider
var endpointsHandler config.EndpointsConfigHandler
// guaranteed false on error, error only necessary for debugging
shouldUseIptables, err := iptables.ShouldUseIptablesProxier()
if err != nil {
glog.Errorf("Can't determine whether to use iptables or userspace, using userspace proxier: %v", err)
}
if !s.ForceUserspaceProxy && shouldUseIptables {
glog.V(2).Info("Using iptables Proxier.")
proxierIptables, err := iptables.NewProxier(utiliptables.New(exec.New(), protocol))
if err != nil {
glog.Fatalf("Unable to create proxier: %v", err)
}
proxier = proxierIptables
endpointsHandler = proxierIptables
} else {
glog.V(2).Info("Using userspace Proxier.")
// This is a proxy.LoadBalancer which NewProxier needs but has methods we don't need for
// our config.EndpointsConfigHandler.
loadBalancer := userspace.NewLoadBalancerRR()
// set EndpointsConfigHandler to our loadBalancer
endpointsHandler = loadBalancer
proxierUserspace, err := userspace.NewProxier(loadBalancer, s.BindAddress, utiliptables.New(exec.New(), protocol), s.PortRange)
if err != nil {
glog.Fatalf("Unable to create proxer: %v", err)
}
proxier = proxierUserspace
}
// Wire proxier to handle changes to services
serviceConfig.RegisterHandler(proxier)
// And wire endpointsHandler to handle changes to endpoints to services
endpointsConfig.RegisterHandler(endpointsHandler)
// Note: RegisterHandler() calls need to happen before creation of Sources because sources
// only notify on changes, and the initial update (on process start) may be lost if no handlers
// are registered yet.
config.NewSourceAPI(
client,
30*time.Second,
serviceConfig.Channel("api"),
endpointsConfig.Channel("api"),
)
if s.HealthzPort > 0 {
go util.Forever(func() {
err := http.ListenAndServe(s.HealthzBindAddress.String()+":"+strconv.Itoa(s.HealthzPort), nil)
if err != nil {
glog.Errorf("Starting health server failed: %v", err)
}
}, 5*time.Second)
}
// Just loop forever for now...
proxier.SyncLoop()
return nil
}
// Run runs the specified VMTServer. This should never exit.
func (s *VMTServer) Run(_ []string) error {
if s.Kubeconfig == "" && s.Master == "" {
glog.Warningf("Neither --kubeconfig nor --master was specified. Using default API client. This might not work.")
}
glog.V(3).Infof("Master is %s", s.Master)
if s.MetaConfigPath == "" {
glog.Fatalf("The path to the VMT config file is not provided.Exiting...")
os.Exit(1)
}
if (s.EtcdConfigFile != "" && len(s.EtcdServerList) != 0) || (s.EtcdConfigFile == "" && len(s.EtcdServerList) == 0) {
glog.Fatalf("specify either --etcd-servers or --etcd-config")
}
// This creates a client, first loading any specified kubeconfig
// file, and then overriding the Master flag, if non-empty.
kubeconfig, err := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(
&clientcmd.ClientConfigLoadingRules{ExplicitPath: s.Kubeconfig},
&clientcmd.ConfigOverrides{ClusterInfo: clientcmdapi.Cluster{Server: s.Master}}).ClientConfig()
if err != nil {
glog.Errorf("Error getting kubeconfig: %s", err)
return err
}
// This specifies the number and the max number of query per second to the api server.
kubeconfig.QPS = 20.0
kubeconfig.Burst = 30
kubeClient, err := client.New(kubeconfig)
if err != nil {
glog.Fatalf("Invalid API configuration: %v", err)
}
// TODO not clear
// go func() {
// mux := http.NewServeMux()
// healthz.InstallHandler(mux)
// if s.EnableProfiling {
// mux.HandleFunc("/debug/pprof/", pprof.Index)
// mux.HandleFunc("/debug/pprof/profile", pprof.Profile)
// mux.HandleFunc("/debug/pprof/symbol", pprof.Symbol)
// }
// mux.Handle("/metrics", prometheus.Handler())
// server := &http.Server{
// Addr: net.JoinHostPort(s.Address.String(), strconv.Itoa(s.Port)),
// Handler: mux,
// }
// glog.Fatal(server.ListenAndServe())
// }()
// serverAddr, targetType, nameOrAddress, targetIdentifier, password
vmtMeta, err := metadata.NewVMTMeta(s.MetaConfigPath)
if err != nil {
glog.Errorf("Get error when loading configurations: %s", err)
os.Exit(1)
}
glog.V(3).Infof("Finished loading configuration from %s", s.MetaConfigPath)
etcdclientBuilder := etcdhelper.NewEtcdClientBuilder().ServerList(s.EtcdServerList).SetTransport(s.EtcdCA, s.EtcdClientCertificate, s.EtcdClientKey)
etcdClient, err := etcdclientBuilder.CreateAndTest()
if err != nil {
glog.Errorf("Error creating etcd client instance for vmt service: %s", err)
return err
}
s.EtcdPathPrefix = master.DefaultEtcdPathPrefix
etcdStorage, err := newEtcd(etcdClient, latest.InterfacesFor, latest.Version, "", s.EtcdPathPrefix)
if err != nil {
glog.Warningf("Error creating etcd storage instance for vmt service: %s", err)
return err
}
vmtConfig := vmturbo.NewVMTConfig(kubeClient, etcdStorage, vmtMeta)
vmtService := vmturbo.NewVMTurboService(vmtConfig)
vmtService.Run()
select {}
}
// Run runs the specified ProxyServer. This should never exit.
func (s *ProxyServer) Run(_ []string) error {
// TODO(vmarmol): Use container config for this.
oomAdjuster := oom.NewOomAdjuster()
if err := oomAdjuster.ApplyOomScoreAdj(0, s.OOMScoreAdj); err != nil {
glog.V(2).Info(err)
}
// Run in its own container.
if err := util.RunInResourceContainer(s.ResourceContainer); err != nil {
glog.Warningf("Failed to start in resource-only container %q: %v", s.ResourceContainer, err)
} else {
glog.V(2).Infof("Running in resource-only container %q", s.ResourceContainer)
}
serviceConfig := config.NewServiceConfig()
endpointsConfig := config.NewEndpointsConfig()
protocol := iptables.ProtocolIpv4
if s.BindAddress.To4() == nil {
protocol = iptables.ProtocolIpv6
}
loadBalancer := userspace.NewLoadBalancerRR()
proxier, err := userspace.NewProxier(loadBalancer, s.BindAddress, iptables.New(exec.New(), protocol), s.PortRange)
if err != nil {
glog.Fatalf("Unable to create proxer: %v", err)
}
// Wire proxier to handle changes to services
serviceConfig.RegisterHandler(proxier)
// And wire loadBalancer to handle changes to endpoints to services
endpointsConfig.RegisterHandler(loadBalancer)
// Note: RegisterHandler() calls need to happen before creation of Sources because sources
// only notify on changes, and the initial update (on process start) may be lost if no handlers
// are registered yet.
// define api config source
if s.Kubeconfig == "" && s.Master == "" {
glog.Warningf("Neither --kubeconfig nor --master was specified. Using default API client. This might not work.")
}
// This creates a client, first loading any specified kubeconfig
// file, and then overriding the Master flag, if non-empty.
kubeconfig, err := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(
&clientcmd.ClientConfigLoadingRules{ExplicitPath: s.Kubeconfig},
&clientcmd.ConfigOverrides{ClusterInfo: clientcmdapi.Cluster{Server: s.Master}}).ClientConfig()
if err != nil {
return err
}
client, err := client.New(kubeconfig)
if err != nil {
glog.Fatalf("Invalid API configuration: %v", err)
}
config.NewSourceAPI(
client,
30*time.Second,
serviceConfig.Channel("api"),
endpointsConfig.Channel("api"),
)
if s.HealthzPort > 0 {
go util.Forever(func() {
err := http.ListenAndServe(s.HealthzBindAddress.String()+":"+strconv.Itoa(s.HealthzPort), nil)
if err != nil {
glog.Errorf("Starting health server failed: %v", err)
}
}, 5*time.Second)
}
// Just loop forever for now...
proxier.SyncLoop()
return nil
}
func CreateKubeSources(uri *url.URL, c cache.Cache) ([]api.Source, error) {
var (
kubeConfig *kube_client.Config
err error
)
opts := uri.Query()
configOverrides, err := getConfigOverrides(uri)
if err != nil {
return nil, err
}
inClusterConfig := defaultInClusterConfig
if len(opts["inClusterConfig"]) > 0 {
inClusterConfig, err = strconv.ParseBool(opts["inClusterConfig"][0])
if err != nil {
return nil, err
}
}
if inClusterConfig {
kubeConfig, err = kube_client.InClusterConfig()
if err != nil {
return nil, err
}
if configOverrides.ClusterInfo.Server != "" {
kubeConfig.Host = configOverrides.ClusterInfo.Server
}
kubeConfig.Version = configOverrides.ClusterInfo.APIVersion
} else {
authFile := ""
if len(opts["auth"]) > 0 {
authFile = opts["auth"][0]
}
if authFile != "" {
if kubeConfig, err = kubeClientCmd.NewNonInteractiveDeferredLoadingClientConfig(
&kubeClientCmd.ClientConfigLoadingRules{ExplicitPath: authFile},
configOverrides).ClientConfig(); err != nil {
return nil, err
}
} else {
kubeConfig = &kube_client.Config{
Host: configOverrides.ClusterInfo.Server,
Version: configOverrides.ClusterInfo.APIVersion,
Insecure: configOverrides.ClusterInfo.InsecureSkipTLSVerify,
}
}
}
if len(kubeConfig.Host) == 0 {
return nil, fmt.Errorf("invalid kubernetes master url specified")
}
if len(kubeConfig.Version) == 0 {
return nil, fmt.Errorf("invalid kubernetes API version specified")
}
useServiceAccount := defaultUseServiceAccount
if len(opts["useServiceAccount"]) >= 1 {
useServiceAccount, err = strconv.ParseBool(opts["useServiceAccount"][0])
if err != nil {
return nil, err
}
}
if useServiceAccount {
// If a readable service account token exists, then use it
if contents, err := ioutil.ReadFile(defaultServiceAccountFile); err == nil {
kubeConfig.BearerToken = string(contents)
}
}
kubeClient := kube_client.NewOrDie(kubeConfig)
nodesApi, err := nodes.NewKubeNodes(kubeClient)
if err != nil {
return nil, err
}
kubeletPort := defaultKubeletPort
if len(opts["kubeletPort"]) >= 1 {
kubeletPort, err = strconv.Atoi(opts["kubeletPort"][0])
if err != nil {
return nil, err
}
}
kubeletHttps := defaultKubeletHttps
if len(opts["kubeletHttps"]) >= 1 {
kubeletHttps, err = strconv.ParseBool(opts["kubeletHttps"][0])
if err != nil {
return nil, err
}
}
glog.Infof("Using Kubernetes client with master %q and version %q\n", kubeConfig.Host, kubeConfig.Version)
glog.Infof("Using kubelet port %d", kubeletPort)
kubeletConfig := &kube_client.KubeletConfig{
Port: uint(kubeletPort),
EnableHttps: kubeletHttps,
TLSClientConfig: kubeConfig.TLSClientConfig,
}
kubeletApi, err := datasource.NewKubelet(kubeletConfig)
if err != nil {
return nil, err
}
kubePodsSource := NewKubePodMetrics(kubeletPort, kubeletApi, nodesApi, newPodsApi(kubeClient))
kubeNodeSource := NewKubeNodeMetrics(kubeletPort, kubeletApi, nodesApi)
kubeEventsSource := NewKubeEvents(kubeClient, c)
return []api.Source{kubePodsSource, kubeNodeSource, kubeEventsSource}, nil
}
func (s *KubeletServer) kubeconfigClientConfig() (*client.Config, error) {
return clientcmd.NewNonInteractiveDeferredLoadingClientConfig(
&clientcmd.ClientConfigLoadingRules{ExplicitPath: s.KubeConfig.Value()},
&clientcmd.ConfigOverrides{ClusterInfo: clientcmdapi.Cluster{Server: s.APIServerList[0]}}).ClientConfig()
}