#!/bin/bash # Copyright 2017 The Kubernetes Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # A library of helper functions for landing kubemark containers on a # pre-existing Kubernetes master. See test/kubemark/pre-existing/README.md # for me details on using a pre-existing provider. global KUBE_ROOT := "$[dirname $(BASH_SOURCE)]/../.." source "$(KUBE_ROOT)/cluster/common.sh" source "$(KUBE_ROOT)/hack/lib/util.sh" proc detect-project { if [[ -z "${MASTER_IP:-}" ]] { echo "Set 'MASTER_IP' to the instance assigned to be the Kubernetes master" !1 > !2 exit 1 } if [[ -z "${PROJECT:-}" ]] { echo "Set 'PROJECT' to the name of the container project: $CONTAINER_REGISTRY/$PROJECT/kubemark" > !2 exit 1 } if [[ -z "${SERVICE_CLUSTER_IP_RANGE:-}" ]] { global cluster_range := $[echo $(MASTER_IP) | awk -F '.' '{printf("%d.%d.%d.0", $1, $2, $3)}] global SERVICE_CLUSTER_IP_RANGE := $(SERVICE_CLUSTER_IP_RANGE:-$cluster_range/16) } } proc create-certs { rm /tmp/kubeconfig execute-cmd-on-pre-existing-master-with-retries "sudo cat /etc/kubernetes/admin.conf" > /tmp/kubeconfig global CA_CERT_BASE64 := $[cat /tmp/kubeconfig | grep certificate-authority | awk '{print $2}' | head -n 1] global KUBELET_CERT_BASE64 := $[cat /tmp/kubeconfig | grep client-certificate-data | awk '{print $2}' | head -n 1] global KUBELET_KEY_BASE64 := $[cat /tmp/kubeconfig | grep client-key-data | awk '{print $2}' | head -n 1] # Local kubeconfig.kubemark vars global KUBECFG_CERT_BASE64 := $(KUBELET_CERT_BASE64) global KUBECFG_KEY_BASE64 := $(KUBELET_KEY_BASE64) # The pre-existing Kubernetes master already has these setup # Set these vars but don't use them global CA_KEY_BASE64 := $[dd if=/dev/urandom bs=128 count=1 !2 >/dev/null | base64 | tr -d "=+/" | dd bs=32 count=1 !2 >/dev/null] global MASTER_CERT_BASE64 := $[dd if=/dev/urandom bs=128 count=1 !2 >/dev/null | base64 | tr -d "=+/" | dd bs=32 count=1 !2 >/dev/null] global MASTER_KEY_BASE64 := $[dd if=/dev/urandom bs=128 count=1 !2 >/dev/null | base64 | tr -d "=+/" | dd bs=32 count=1 !2 >/dev/null] global KUBEAPISERVER_CERT_BASE64 := $[dd if=/dev/urandom bs=128 count=1 !2 >/dev/null | base64 | tr -d "=+/" | dd bs=32 count=1 !2 >/dev/null] global KUBEAPISERVER_KEY_BASE64 := $[dd if=/dev/urandom bs=128 count=1 !2 >/dev/null | base64 | tr -d "=+/" | dd bs=32 count=1 !2 >/dev/null] } (CommandList children: [ (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:KUBE_ROOT) op: Equal rhs: { (CommandSubPart command_list: (CommandList children: [(C {(dirname)} {(DQ (${ VSub_Name BASH_SOURCE))})] ) left_token: spids: [55 63] ) (/../..) } spids: [54] ) ] spids: [54] ) (C {(source)} {(DQ (${ VSub_Name KUBE_ROOT) (/cluster/common.sh))}) (C {(source)} {(DQ (${ VSub_Name KUBE_ROOT) (/hack/lib/util.sh))}) (FuncDef name: detect-project body: (BraceGroup children: [ (If arms: [ (if_arm cond: [ (Sentence child: (DBracket expr: (BoolUnary op_id: BoolUnary_z child: { (DQ (BracedVarSub token: suffix_op: (StringUnary op_id:VTest_ColonHyphen arg_word:{(SQ )}) spids: [102 105] ) ) } ) ) terminator: ) ] action: [ (SimpleCommand words: [ {(echo)} { (DQ ( "Set 'MASTER_IP' to the instance assigned to be the Kubernetes master" ) ) } ] redirects: [(Redir op_id:Redir_GreatAnd fd:1 arg_word:{(2)} spids:[120])] ) (C {(exit)} {(1)}) ] spids: [-1 111] ) ] spids: [-1 129] ) (If arms: [ (if_arm cond: [ (Sentence child: (DBracket expr: (BoolUnary op_id: BoolUnary_z child: { (DQ (BracedVarSub token: suffix_op: (StringUnary op_id:VTest_ColonHyphen arg_word:{(SQ )}) spids: [140 143] ) ) } ) ) terminator: ) ] action: [ (SimpleCommand words: [ {(echo)} { (DQ ("Set 'PROJECT' to the name of the container project: ") ($ VSub_Name "$CONTAINER_REGISTRY") (/) ($ VSub_Name "$PROJECT") (/kubemark) ) } ] redirects: [(Redir op_id:Redir_GreatAnd fd:-1 arg_word:{(2)} spids:[162])] ) (C {(exit)} {(1)}) ] spids: [-1 149] ) ] spids: [-1 171] ) (If arms: [ (if_arm cond: [ (Sentence child: (DBracket expr: (BoolUnary op_id: BoolUnary_z child: { (DQ (BracedVarSub token: suffix_op: (StringUnary op_id:VTest_ColonHyphen arg_word:{(SQ )}) spids: [182 185] ) ) } ) ) terminator: ) ] action: [ (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:cluster_range) op: Equal rhs: { (CommandSubPart command_list: (CommandList children: [ (Pipeline children: [ (C {(echo)} {(DQ (${ VSub_Name MASTER_IP))}) (C {(awk)} {(-F)} {(SQ <.>)} {(SQ <"{printf(\"%d.%d.%d.0\", $1, $2, $3)}">)} ) ] negated: False ) ] ) left_token: spids: [195 217] ) } spids: [194] ) ] spids: [194] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:SERVICE_CLUSTER_IP_RANGE) op: Equal rhs: { (DQ (BracedVarSub token: suffix_op: (StringUnary op_id: VTest_ColonHyphen arg_word: {($ VSub_Name "$cluster_range") (Lit_Slash /) (16)} ) spids: [222 228] ) ) } spids: [220] ) ] spids: [220] ) ] spids: [-1 191] ) ] spids: [-1 232] ) ] spids: [92] ) spids: [86 91] ) (FuncDef name: create-certs body: (BraceGroup children: [ (C {(rm)} {(/tmp/kubeconfig)}) (SimpleCommand words: [ {(execute-cmd-on-pre-existing-master-with-retries)} {(DQ ("sudo cat /etc/kubernetes/admin.conf"))} ] redirects: [(Redir op_id:Redir_Great fd:-1 arg_word:{(/tmp/kubeconfig)} spids:[256])] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:CA_CERT_BASE64) op: Equal rhs: { (CommandSubPart command_list: (CommandList children: [ (Pipeline children: [ (C {(cat)} {(/tmp/kubeconfig)}) (C {(grep)} {(certificate-authority)}) (C {(awk)} {(SQ <"{print $2}">)}) (C {(head)} {(-n)} {(1)}) ] negated: False ) ] ) left_token: spids: [262 288] ) } spids: [261] ) ] spids: [261] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:KUBELET_CERT_BASE64) op: Equal rhs: { (CommandSubPart command_list: (CommandList children: [ (Pipeline children: [ (C {(cat)} {(/tmp/kubeconfig)}) (C {(grep)} {(client-certificate-data)}) (C {(awk)} {(SQ <"{print $2}">)}) (C {(head)} {(-n)} {(1)}) ] negated: False ) ] ) left_token: spids: [292 318] ) } spids: [291] ) ] spids: [291] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:KUBELET_KEY_BASE64) op: Equal rhs: { (CommandSubPart command_list: (CommandList children: [ (Pipeline children: [ (C {(cat)} {(/tmp/kubeconfig)}) (C {(grep)} {(client-key-data)}) (C {(awk)} {(SQ <"{print $2}">)}) (C {(head)} {(-n)} {(1)}) ] negated: False ) ] ) left_token: spids: [322 348] ) } spids: [321] ) ] spids: [321] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:KUBECFG_CERT_BASE64) op: Equal rhs: {(DQ (${ VSub_Name KUBELET_CERT_BASE64))} spids: [356] ) ] spids: [356] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:KUBECFG_KEY_BASE64) op: Equal rhs: {(DQ (${ VSub_Name KUBELET_KEY_BASE64))} spids: [364] ) ] spids: [364] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:CA_KEY_BASE64) op: Equal rhs: { (CommandSubPart command_list: (CommandList children: [ (Pipeline children: [ (SimpleCommand words: [ {(dd)} {(Lit_VarLike "if=") (/dev/urandom)} {(Lit_VarLike "bs=") (128)} {(Lit_VarLike "count=") (1)} ] redirects: [ (Redir op_id: Redir_Great fd: 2 arg_word: {(/dev/null)} spids: [394] ) ] ) (C {(base64)}) (C {(tr)} {(-d)} {(DQ ("=+/"))}) (SimpleCommand words: [ {(dd)} {(Lit_VarLike "bs=") (32)} {(Lit_VarLike "count=") (1)} ] redirects: [ (Redir op_id: Redir_Great fd: 2 arg_word: {(/dev/null)} spids: [421] ) ] ) ] negated: False ) ] ) left_token: spids: [382 423] ) } spids: [381] ) ] spids: [381] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:MASTER_CERT_BASE64) op: Equal rhs: { (CommandSubPart command_list: (CommandList children: [ (Pipeline children: [ (SimpleCommand words: [ {(dd)} {(Lit_VarLike "if=") (/dev/urandom)} {(Lit_VarLike "bs=") (128)} {(Lit_VarLike "count=") (1)} ] redirects: [ (Redir op_id: Redir_Great fd: 2 arg_word: {(/dev/null)} spids: [439] ) ] ) (C {(base64)}) (C {(tr)} {(-d)} {(DQ ("=+/"))}) (SimpleCommand words: [ {(dd)} {(Lit_VarLike "bs=") (32)} {(Lit_VarLike "count=") (1)} ] redirects: [ (Redir op_id: Redir_Great fd: 2 arg_word: {(/dev/null)} spids: [466] ) ] ) ] negated: False ) ] ) left_token: spids: [427 468] ) } spids: [426] ) ] spids: [426] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:MASTER_KEY_BASE64) op: Equal rhs: { (CommandSubPart command_list: (CommandList children: [ (Pipeline children: [ (SimpleCommand words: [ {(dd)} {(Lit_VarLike "if=") (/dev/urandom)} {(Lit_VarLike "bs=") (128)} {(Lit_VarLike "count=") (1)} ] redirects: [ (Redir op_id: Redir_Great fd: 2 arg_word: {(/dev/null)} spids: [484] ) ] ) (C {(base64)}) (C {(tr)} {(-d)} {(DQ ("=+/"))}) (SimpleCommand words: [ {(dd)} {(Lit_VarLike "bs=") (32)} {(Lit_VarLike "count=") (1)} ] redirects: [ (Redir op_id: Redir_Great fd: 2 arg_word: {(/dev/null)} spids: [511] ) ] ) ] negated: False ) ] ) left_token: spids: [472 513] ) } spids: [471] ) ] spids: [471] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:KUBEAPISERVER_CERT_BASE64) op: Equal rhs: { (CommandSubPart command_list: (CommandList children: [ (Pipeline children: [ (SimpleCommand words: [ {(dd)} {(Lit_VarLike "if=") (/dev/urandom)} {(Lit_VarLike "bs=") (128)} {(Lit_VarLike "count=") (1)} ] redirects: [ (Redir op_id: Redir_Great fd: 2 arg_word: {(/dev/null)} spids: [529] ) ] ) (C {(base64)}) (C {(tr)} {(-d)} {(DQ ("=+/"))}) (SimpleCommand words: [ {(dd)} {(Lit_VarLike "bs=") (32)} {(Lit_VarLike "count=") (1)} ] redirects: [ (Redir op_id: Redir_Great fd: 2 arg_word: {(/dev/null)} spids: [556] ) ] ) ] negated: False ) ] ) left_token: spids: [517 558] ) } spids: [516] ) ] spids: [516] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:KUBEAPISERVER_KEY_BASE64) op: Equal rhs: { (CommandSubPart command_list: (CommandList children: [ (Pipeline children: [ (SimpleCommand words: [ {(dd)} {(Lit_VarLike "if=") (/dev/urandom)} {(Lit_VarLike "bs=") (128)} {(Lit_VarLike "count=") (1)} ] redirects: [ (Redir op_id: Redir_Great fd: 2 arg_word: {(/dev/null)} spids: [574] ) ] ) (C {(base64)}) (C {(tr)} {(-d)} {(DQ ("=+/"))}) (SimpleCommand words: [ {(dd)} {(Lit_VarLike "bs=") (32)} {(Lit_VarLike "count=") (1)} ] redirects: [ (Redir op_id: Redir_Great fd: 2 arg_word: {(/dev/null)} spids: [601] ) ] ) ] negated: False ) ] ) left_token: spids: [562 603] ) } spids: [561] ) ] spids: [561] ) ] spids: [241] ) spids: [237 240] ) ] )