Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

bugfix: update clusterrole and certificate for yurt-tunnel-server and fix kubeconfig path error for yurtctl #323

Merged
merged 1 commit into from
May 26, 2021
Merged

bugfix: update clusterrole and certificate for yurt-tunnel-server and fix kubeconfig path error for yurtctl #323

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 26 additions & 2 deletions config/setup/yurt-tunnel-server.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,9 +29,7 @@ rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- configmaps
verbs:
- get
- apiGroups:
Expand All @@ -41,6 +39,32 @@ rules:
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- list
- watch
- get
- create
- update
- apiGroups:
- "coordination.k8s.io"
resources:
- leases
verbs:
- create
- get
- update
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
Expand Down
42 changes: 33 additions & 9 deletions config/yaml-template/yurt-tunnel-server.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,20 +27,44 @@ rules:
verbs:
- approve
- apiGroups:
- ""
- ""
resources:
- services
- endpoints
- configmaps
- endpoints
verbs:
- get
- get
- apiGroups:
- ""
- ""
resources:
- nodes
- nodes
verbs:
- list
- watch
- list
- watch
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- list
- watch
- get
- create
- update
- apiGroups:
- "coordination.k8s.io"
resources:
- leases
verbs:
- create
- get
- update
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
Expand Down
2 changes: 1 addition & 1 deletion pkg/yurtctl/cmd/revert/revert.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -263,7 +263,7 @@ func removeYurtTunnelServer(client *kubernetes.Clientset) error {
return fmt.Errorf("fail to delete the daemonset/%s: %s",
constants.YurttunnelServerComponentName, err)
}
klog.V(4).Infof("daemonset/%s is deleted", constants.YurttunnelServerComponentName)
klog.V(4).Infof("deployment/%s is deleted", constants.YurttunnelServerComponentName)

// 2.1 remove the Service
if err := client.CoreV1().Services(constants.YurttunnelNamespace).
Expand Down
28 changes: 26 additions & 2 deletions pkg/yurtctl/constants/yurt-tunnel-server-tmpl.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,9 +49,7 @@ rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- configmaps
verbs:
- get
- apiGroups:
Expand All @@ -61,6 +59,32 @@ rules:
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- list
- watch
- get
- create
- update
- apiGroups:
- "coordination.k8s.io"
resources:
- leases
verbs:
- create
- get
- update
`
YurttunnelServerServiceAccount = `
apiVersion: v1
Expand Down
2 changes: 1 addition & 1 deletion pkg/yurtctl/util/edgenode/util.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -177,7 +177,7 @@ func PrepareKubeConfigPath(flags *pflag.FlagSet) (string, error) {
if kbCfgPath == "" {
if home := homedir.HomeDir(); home != "" {
homeKbCfg := filepath.Join(home, ".kube", "config")
if ok, _ := FileExists(kbCfgPath); ok {
if ok, _ := FileExists(homeKbCfg); ok {
kbCfgPath = homeKbCfg
}
}
Expand Down
23 changes: 13 additions & 10 deletions pkg/yurttunnel/pki/certmanager/certmanager.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,23 +55,25 @@ func NewYurttunnelServerCertManager(
)
_ = wait.PollUntil(5*time.Second, func() (bool, error) {
dnsNames, ips, err = serveraddr.GetYurttunelServerDNSandIP(clientset)
if err == nil {
return true, nil
if err != nil {
return false, err
}

// get clusterIP for tunnel server internal service
svc, err := clientset.CoreV1().Services(constants.YurttunnelServerServiceNs).Get(context.Background(), constants.YurttunnelServerInternalServiceName, metav1.GetOptions{})
if err == nil {
if svc.Spec.ClusterIP != "" && net.ParseIP(svc.Spec.ClusterIP) != nil {
ips = append(ips, net.ParseIP(svc.Spec.ClusterIP))
}
} else if errors.IsNotFound(err) {
// compatible with versions that not supported dns
if errors.IsNotFound(err) {
// compatible with versions that not supported x-tunnel-server-internal-svc
return true, nil
} else if err != nil {
return false, err
}

if svc.Spec.ClusterIP != "" && net.ParseIP(svc.Spec.ClusterIP) != nil {
ips = append(ips, net.ParseIP(svc.Spec.ClusterIP))
dnsNames = append(dnsNames, serveraddr.GetDefaultDomainsForSvc(svc.Namespace, svc.Name)...)
}

klog.Errorf("failed to get DNS names and ips: %s", err)
return false, nil
return true, nil
}, stopCh)
// add user specified DNS anems and IP addresses
dnsNames = append(dnsNames, clCertNames...)
Expand Down Expand Up @@ -139,6 +141,7 @@ func newCertManager(
ClientFn: func(current *tls.Certificate) (clicert.CertificateSigningRequestInterface, error) {
return clientset.CertificatesV1beta1().CertificateSigningRequests(), nil
},
SignerName: certificates.LegacyUnknownSignerName,
GetTemplate: getTemplate,
Usages: []certificates.KeyUsage{
certificates.UsageAny,
Expand Down
4 changes: 2 additions & 2 deletions pkg/yurttunnel/server/serveraddr/addr.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -169,7 +169,7 @@ func extractTunnelServerDNSandIPs(svc *v1.Service, eps *v1.Endpoints, nodeLst *v
}

// extract dns and ip from ClusterIP info
dnsNames = append(dnsNames, getDefaultDomainsForSvc(svc.Namespace, svc.Name)...)
dnsNames = append(dnsNames, GetDefaultDomainsForSvc(svc.Namespace, svc.Name)...)
if svc.Spec.ClusterIP != "None" {
ips = append(ips, net.ParseIP(svc.Spec.ClusterIP))
}
Expand Down Expand Up @@ -266,7 +266,7 @@ func getNodePortDNSandIP(nodeLst *v1.NodeList) ([]string, []net.IP, error) {
}

// getDefaultDomainsForSvc get default domains for specified service
func getDefaultDomainsForSvc(ns, name string) []string {
func GetDefaultDomainsForSvc(ns, name string) []string {
domains := make([]string, 0)
if len(ns) == 0 || len(name) == 0 {
return domains
Expand Down
4 changes: 2 additions & 2 deletions pkg/yurttunnel/server/serveraddr/addr_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ import (
)

func TestGetDefaultDomainsForSvcInputParamEmptyChar(t *testing.T) {
domains := getDefaultDomainsForSvc("", "")
domains := GetDefaultDomainsForSvc("", "")
if len(domains) != 0 {
t.Error("domains len is not equal zero")
}
Expand All @@ -37,7 +37,7 @@ func TestGetDefaultDomainsForSvcInputParamEmptyChar(t *testing.T) {
func TestGetDefaultDomainsForSvc(t *testing.T) {
ns := "hello"
name := "world"
domains := getDefaultDomainsForSvc(ns, name)
domains := GetDefaultDomainsForSvc(ns, name)
if len(domains) == 0 {
t.Log("domains len is zero")
} else {
Expand Down