From 963302605a1ce192ec9d99334bf5aa9421511e50 Mon Sep 17 00:00:00 2001 From: Kiran Thyagaraja <18704819+kirankt@users.noreply.github.com> Date: Thu, 3 Dec 2020 22:31:03 -0600 Subject: [PATCH 1/3] Add cluster admin kubeconfig into machineconfig --- .../machines/machineconfig/kubeconfig.go | 46 +++++++++++++++++++ pkg/asset/machines/worker.go | 18 +++++++- 2 files changed, 63 insertions(+), 1 deletion(-) create mode 100644 pkg/asset/machines/machineconfig/kubeconfig.go diff --git a/pkg/asset/machines/machineconfig/kubeconfig.go b/pkg/asset/machines/machineconfig/kubeconfig.go new file mode 100644 index 00000000000..1ead70c61cc --- /dev/null +++ b/pkg/asset/machines/machineconfig/kubeconfig.go @@ -0,0 +1,46 @@ +package machineconfig + +import ( + "fmt" + + igntypes "github.com/coreos/ignition/v2/config/v3_1/types" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + "github.com/openshift/installer/pkg/asset/ignition" + mcfgv1 "github.com/openshift/machine-config-operator/pkg/apis/machineconfiguration.openshift.io/v1" +) + +// GenerateKubeConfig generates a machineconfig of the admin kubeconfig +func GenerateKubeConfig(data []byte, role string) (*mcfgv1.MachineConfig, error) { + ignConfig := igntypes.Config{ + Ignition: igntypes.Ignition{ + Version: igntypes.MaxVersion.String(), + }, + Storage: igntypes.Storage{ + Files: []igntypes.File{ + ignition.FileFromBytes("/etc/kubernetes/kubeconfig", "root", 0420, data), + }, + }, + } + + rawExt, err := ignition.ConvertToRawExtension(ignConfig) + if err != nil { + return nil, err + } + + return &mcfgv1.MachineConfig{ + TypeMeta: metav1.TypeMeta{ + APIVersion: mcfgv1.SchemeGroupVersion.String(), + Kind: "MachineConfig", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: fmt.Sprintf("99-installer-kubeconfig-%s", role), + Labels: map[string]string{ + "machineconfiguration.openshift.io/role": role, + }, + }, + Spec: mcfgv1.MachineConfigSpec{ + Config: rawExt, + }, + }, nil +} diff --git a/pkg/asset/machines/worker.go b/pkg/asset/machines/worker.go index 968b409049e..2b679e51d47 100644 --- a/pkg/asset/machines/worker.go +++ b/pkg/asset/machines/worker.go @@ -37,6 +37,7 @@ import ( "github.com/openshift/installer/pkg/asset" "github.com/openshift/installer/pkg/asset/ignition/machine" "github.com/openshift/installer/pkg/asset/installconfig" + "github.com/openshift/installer/pkg/asset/kubeconfig" "github.com/openshift/installer/pkg/asset/machines/aws" "github.com/openshift/installer/pkg/asset/machines/azure" "github.com/openshift/installer/pkg/asset/machines/baremetal" @@ -184,6 +185,7 @@ func (w *Worker) Dependencies() []asset.Asset { // it is put in the dependencies but not fetched in Generate &installconfig.PlatformCredsCheck{}, &installconfig.InstallConfig{}, + &kubeconfig.AdminClient{}, new(rhcos.Image), &machine.Worker{}, } @@ -194,9 +196,10 @@ func (w *Worker) Generate(dependencies asset.Parents) error { ctx := context.TODO() clusterID := &installconfig.ClusterID{} installConfig := &installconfig.InstallConfig{} + adminKubeConfig := &kubeconfig.AdminClient{} rhcosImage := new(rhcos.Image) wign := &machine.Worker{} - dependencies.Get(clusterID, installConfig, rhcosImage, wign) + dependencies.Get(clusterID, installConfig, adminKubeConfig, rhcosImage, wign) machineConfigs := []*mcfgv1.MachineConfig{} machineSets := []runtime.Object{} @@ -325,6 +328,19 @@ func (w *Worker) Generate(dependencies asset.Parents) error { for _, set := range sets { machineSets = append(machineSets, set) } + if adminKubeConfig.Config != nil { + data, err := yaml.Marshal(adminKubeConfig.Config) + if err != nil { + return errors.Wrap(err, "failed to Marshal kubeconfig") + } + + adminKC, err := machineconfig.GenerateKubeConfig(data, "worker") + if err != nil { + return errors.Wrap(err, "failed to create ignition for admin kubeconfig for worker machines") + } + machineConfigs = append(machineConfigs, adminKC) + } + case gcptypes.Name: mpool := defaultGCPMachinePoolPlatform() mpool.Set(ic.Platform.GCP.DefaultMachinePlatform) From 0420390c346f808ca33c23c797ca18358efa17b0 Mon Sep 17 00:00:00 2001 From: Kiran Thyagaraja <18704819+kirankt@users.noreply.github.com> Date: Fri, 4 Dec 2020 16:30:44 -0600 Subject: [PATCH 2/3] Change logic to save the kubeconfig as a secret rather than a machineconfig --- .../kubeconfig-kubelet-secret.yaml.template | 7 ++ .../machines/machineconfig/kubeconfig.go | 46 ------------- pkg/asset/machines/worker.go | 18 +---- pkg/asset/manifests/openshift.go | 18 ++++- pkg/asset/manifests/template.go | 5 +- .../openshift/kubeconfig-kubelet-secret.go | 65 +++++++++++++++++++ 6 files changed, 91 insertions(+), 68 deletions(-) create mode 100644 data/data/manifests/openshift/kubeconfig-kubelet-secret.yaml.template delete mode 100644 pkg/asset/machines/machineconfig/kubeconfig.go create mode 100644 pkg/asset/templates/content/openshift/kubeconfig-kubelet-secret.go diff --git a/data/data/manifests/openshift/kubeconfig-kubelet-secret.yaml.template b/data/data/manifests/openshift/kubeconfig-kubelet-secret.yaml.template new file mode 100644 index 00000000000..9ac5c57e744 --- /dev/null +++ b/data/data/manifests/openshift/kubeconfig-kubelet-secret.yaml.template @@ -0,0 +1,7 @@ +kind: Secret +apiVersion: v1 +metadata: + namespace: openshift-machine-api + name: kubeconfig-kubelet-secret +data: + kubeconfig: {{.Base64EncodedKubeconfigKubeletData}} diff --git a/pkg/asset/machines/machineconfig/kubeconfig.go b/pkg/asset/machines/machineconfig/kubeconfig.go deleted file mode 100644 index 1ead70c61cc..00000000000 --- a/pkg/asset/machines/machineconfig/kubeconfig.go +++ /dev/null @@ -1,46 +0,0 @@ -package machineconfig - -import ( - "fmt" - - igntypes "github.com/coreos/ignition/v2/config/v3_1/types" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - - "github.com/openshift/installer/pkg/asset/ignition" - mcfgv1 "github.com/openshift/machine-config-operator/pkg/apis/machineconfiguration.openshift.io/v1" -) - -// GenerateKubeConfig generates a machineconfig of the admin kubeconfig -func GenerateKubeConfig(data []byte, role string) (*mcfgv1.MachineConfig, error) { - ignConfig := igntypes.Config{ - Ignition: igntypes.Ignition{ - Version: igntypes.MaxVersion.String(), - }, - Storage: igntypes.Storage{ - Files: []igntypes.File{ - ignition.FileFromBytes("/etc/kubernetes/kubeconfig", "root", 0420, data), - }, - }, - } - - rawExt, err := ignition.ConvertToRawExtension(ignConfig) - if err != nil { - return nil, err - } - - return &mcfgv1.MachineConfig{ - TypeMeta: metav1.TypeMeta{ - APIVersion: mcfgv1.SchemeGroupVersion.String(), - Kind: "MachineConfig", - }, - ObjectMeta: metav1.ObjectMeta{ - Name: fmt.Sprintf("99-installer-kubeconfig-%s", role), - Labels: map[string]string{ - "machineconfiguration.openshift.io/role": role, - }, - }, - Spec: mcfgv1.MachineConfigSpec{ - Config: rawExt, - }, - }, nil -} diff --git a/pkg/asset/machines/worker.go b/pkg/asset/machines/worker.go index 2b679e51d47..968b409049e 100644 --- a/pkg/asset/machines/worker.go +++ b/pkg/asset/machines/worker.go @@ -37,7 +37,6 @@ import ( "github.com/openshift/installer/pkg/asset" "github.com/openshift/installer/pkg/asset/ignition/machine" "github.com/openshift/installer/pkg/asset/installconfig" - "github.com/openshift/installer/pkg/asset/kubeconfig" "github.com/openshift/installer/pkg/asset/machines/aws" "github.com/openshift/installer/pkg/asset/machines/azure" "github.com/openshift/installer/pkg/asset/machines/baremetal" @@ -185,7 +184,6 @@ func (w *Worker) Dependencies() []asset.Asset { // it is put in the dependencies but not fetched in Generate &installconfig.PlatformCredsCheck{}, &installconfig.InstallConfig{}, - &kubeconfig.AdminClient{}, new(rhcos.Image), &machine.Worker{}, } @@ -196,10 +194,9 @@ func (w *Worker) Generate(dependencies asset.Parents) error { ctx := context.TODO() clusterID := &installconfig.ClusterID{} installConfig := &installconfig.InstallConfig{} - adminKubeConfig := &kubeconfig.AdminClient{} rhcosImage := new(rhcos.Image) wign := &machine.Worker{} - dependencies.Get(clusterID, installConfig, adminKubeConfig, rhcosImage, wign) + dependencies.Get(clusterID, installConfig, rhcosImage, wign) machineConfigs := []*mcfgv1.MachineConfig{} machineSets := []runtime.Object{} @@ -328,19 +325,6 @@ func (w *Worker) Generate(dependencies asset.Parents) error { for _, set := range sets { machineSets = append(machineSets, set) } - if adminKubeConfig.Config != nil { - data, err := yaml.Marshal(adminKubeConfig.Config) - if err != nil { - return errors.Wrap(err, "failed to Marshal kubeconfig") - } - - adminKC, err := machineconfig.GenerateKubeConfig(data, "worker") - if err != nil { - return errors.Wrap(err, "failed to create ignition for admin kubeconfig for worker machines") - } - machineConfigs = append(machineConfigs, adminKC) - } - case gcptypes.Name: mpool := defaultGCPMachinePoolPlatform() mpool.Set(ic.Platform.GCP.DefaultMachinePlatform) diff --git a/pkg/asset/manifests/openshift.go b/pkg/asset/manifests/openshift.go index 4c064771be2..79b5217ff94 100644 --- a/pkg/asset/manifests/openshift.go +++ b/pkg/asset/manifests/openshift.go @@ -16,6 +16,7 @@ import ( "github.com/openshift/installer/pkg/asset/installconfig/gcp" kubeconfig "github.com/openshift/installer/pkg/asset/installconfig/kubevirt" "github.com/openshift/installer/pkg/asset/installconfig/ovirt" + "github.com/openshift/installer/pkg/asset/kubeconfig" "github.com/openshift/installer/pkg/asset/machines" osmachine "github.com/openshift/installer/pkg/asset/machines/openstack" openstackmanifests "github.com/openshift/installer/pkg/asset/manifests/openstack" @@ -58,11 +59,13 @@ func (o *Openshift) Dependencies() []asset.Asset { return []asset.Asset{ &installconfig.InstallConfig{}, &installconfig.ClusterID{}, + &kubeconfig.Kubelet{}, &password.KubeadminPassword{}, &openshiftinstall.Config{}, &openshift.CloudCredsSecret{}, &openshift.KubeadminPasswordSecret{}, + &openshift.KubeconfigKubeletSecret{}, &openshift.RoleCloudCredsSecretReader{}, &openshift.PrivateClusterOutbound{}, &openshift.BaremetalConfig{}, @@ -75,8 +78,9 @@ func (o *Openshift) Generate(dependencies asset.Parents) error { installConfig := &installconfig.InstallConfig{} clusterID := &installconfig.ClusterID{} kubeadminPassword := &password.KubeadminPassword{} + kubeconfigKubelet := &kubeconfig.Kubelet{} openshiftInstall := &openshiftinstall.Config{} - dependencies.Get(installConfig, kubeadminPassword, clusterID, openshiftInstall) + dependencies.Get(installConfig, kubeadminPassword, kubeconfigKubelet, clusterID, openshiftInstall) var cloudCreds cloudCredsSecretData platform := installConfig.Config.Platform.Name() switch platform { @@ -196,13 +200,19 @@ func (o *Openshift) Generate(dependencies asset.Parents) error { } } + kubeconfigKubeletData, err := yaml.Marshal(kubeconfigKubelet.Config) + if err != nil { + return err + } templateData := &openshiftTemplateData{ - CloudCreds: cloudCreds, - Base64EncodedKubeadminPwHash: base64.StdEncoding.EncodeToString(kubeadminPassword.PasswordHash), + CloudCreds: cloudCreds, + Base64EncodedKubeadminPwHash: base64.StdEncoding.EncodeToString(kubeadminPassword.PasswordHash), + Base64EncodedKubeconfigKubeletData: base64.StdEncoding.EncodeToString(kubeconfigKubeletData), } cloudCredsSecret := &openshift.CloudCredsSecret{} kubeadminPasswordSecret := &openshift.KubeadminPasswordSecret{} + kubeconfigKubeletSecret := &openshift.KubeconfigKubeletSecret{} roleCloudCredsSecretReader := &openshift.RoleCloudCredsSecretReader{} baremetalConfig := &openshift.BaremetalConfig{} rhcosImage := new(rhcos.Image) @@ -210,12 +220,14 @@ func (o *Openshift) Generate(dependencies asset.Parents) error { dependencies.Get( cloudCredsSecret, kubeadminPasswordSecret, + kubeconfigKubeletSecret, roleCloudCredsSecretReader, baremetalConfig, rhcosImage) assetData := map[string][]byte{ "99_kubeadmin-password-secret.yaml": applyTemplateData(kubeadminPasswordSecret.Files()[0].Data, templateData), + "99_kubeconfig-kubelet-secret.yaml": applyTemplateData(kubeconfigKubeletSecret.Files()[0].Data, templateData), } switch platform { diff --git a/pkg/asset/manifests/template.go b/pkg/asset/manifests/template.go index 4980193b40a..7ebf6aa99b9 100644 --- a/pkg/asset/manifests/template.go +++ b/pkg/asset/manifests/template.go @@ -88,6 +88,7 @@ type baremetalTemplateData struct { } type openshiftTemplateData struct { - CloudCreds cloudCredsSecretData - Base64EncodedKubeadminPwHash string + CloudCreds cloudCredsSecretData + Base64EncodedKubeadminPwHash string + Base64EncodedKubeconfigKubeletData string } diff --git a/pkg/asset/templates/content/openshift/kubeconfig-kubelet-secret.go b/pkg/asset/templates/content/openshift/kubeconfig-kubelet-secret.go new file mode 100644 index 00000000000..1d0bbabb2e5 --- /dev/null +++ b/pkg/asset/templates/content/openshift/kubeconfig-kubelet-secret.go @@ -0,0 +1,65 @@ +package openshift + +import ( + "os" + "path/filepath" + + "github.com/openshift/installer/pkg/asset" + "github.com/openshift/installer/pkg/asset/templates/content" +) + +const ( + kubeconfigKubeletSecretFileName = "kubeconfig-kubelet-secret.yaml.template" +) + +var _ asset.WritableAsset = (*KubeconfigKubeletSecret)(nil) + +// KubeconfigKubeletSecret is the constant to represent contents of +// kubeconfig-kubelet-password-secret.yaml.template file +type KubeconfigKubeletSecret struct { + FileList []*asset.File +} + +// Dependencies returns all of the dependencies directly needed by the asset +func (t *KubeconfigKubeletSecret) Dependencies() []asset.Asset { + return []asset.Asset{} +} + +// Name returns the human-friendly name of the asset. +func (t *KubeconfigKubeletSecret) Name() string { + return "KubeconfigKubeletSecret" +} + +// Generate generates the actual files by this asset +func (t *KubeconfigKubeletSecret) Generate(parents asset.Parents) error { + fileName := kubeconfigKubeletSecretFileName + data, err := content.GetOpenshiftTemplate(fileName) + if err != nil { + return err + } + t.FileList = []*asset.File{ + { + Filename: filepath.Join(content.TemplateDir, fileName), + Data: []byte(data), + }, + } + return nil +} + +// Files returns the files generated by the asset. +func (t *KubeconfigKubeletSecret) Files() []*asset.File { + return t.FileList +} + +// Load returns the asset from disk. +func (t *KubeconfigKubeletSecret) Load(f asset.FileFetcher) (bool, error) { + file, err := f.FetchByName(filepath.Join(content.TemplateDir, kubeconfigKubeletSecretFileName)) + if err != nil { + if os.IsNotExist(err) { + return false, nil + } + return false, err + } + t.FileList = []*asset.File{file} + return true, nil +} From 6d3609f79c9168335ba376b16a0a3bd68e086acf Mon Sep 17 00:00:00 2001 From: Kiran Thyagaraja <18704819+kirankt@users.noreply.github.com> Date: Sun, 6 Dec 2020 19:22:07 -0600 Subject: [PATCH 3/3] adjusted another package's kubeconfig import name to kubevirt --- pkg/asset/manifests/openshift.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/asset/manifests/openshift.go b/pkg/asset/manifests/openshift.go index 79b5217ff94..014edf53dcc 100644 --- a/pkg/asset/manifests/openshift.go +++ b/pkg/asset/manifests/openshift.go @@ -14,7 +14,7 @@ import ( "github.com/openshift/installer/pkg/asset" "github.com/openshift/installer/pkg/asset/installconfig" "github.com/openshift/installer/pkg/asset/installconfig/gcp" - kubeconfig "github.com/openshift/installer/pkg/asset/installconfig/kubevirt" + "github.com/openshift/installer/pkg/asset/installconfig/kubevirt" "github.com/openshift/installer/pkg/asset/installconfig/ovirt" "github.com/openshift/installer/pkg/asset/kubeconfig" "github.com/openshift/installer/pkg/asset/machines" @@ -189,7 +189,7 @@ func (o *Openshift) Generate(dependencies asset.Parents) error { }, } case kubevirttypes.Name: - kubeconfigContent, err := kubeconfig.LoadKubeConfigContent() + kubeconfigContent, err := kubevirt.LoadKubeConfigContent() if err != nil { return err }