Skip to content

Commit

Permalink
Merge pull request #152 from sivanzcw/develop
Browse files Browse the repository at this point in the history
admission to get tls certificate from kubeconfig, if tls config not defined in command line
  • Loading branch information
volcano-sh-bot authored May 11, 2019
2 parents cb65574 + 9ae0d87 commit feabf5a
Show file tree
Hide file tree
Showing 2 changed files with 41 additions and 24 deletions.
52 changes: 30 additions & 22 deletions cmd/admission/app/server.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,7 @@ import (
"k8s.io/api/admission/v1beta1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/rest"
"k8s.io/client-go/tools/clientcmd"
restclient "k8s.io/client-go/rest"

appConf "volcano.sh/volcano/cmd/admission/app/configure"
admissioncontroller "volcano.sh/volcano/pkg/admission"
Expand All @@ -38,34 +37,43 @@ const (
APPLICATIONJSON = "application/json"
)

// Get a clientset with in-cluster config.
func GetClient(c *appConf.Config) *kubernetes.Clientset {
var config *rest.Config
var err error
if c.Master != "" || c.Kubeconfig != "" {
config, err = clientcmd.BuildConfigFromFlags(c.Master, c.Kubeconfig)
} else {
config, err = rest.InClusterConfig()
}

if err != nil {
glog.Fatal(err)
}
clientset, err := kubernetes.NewForConfig(config)
// Get a clientset with restConfig.
func GetClient(restConfig *restclient.Config) *kubernetes.Clientset {
clientset, err := kubernetes.NewForConfig(restConfig)
if err != nil {
glog.Fatal(err)
}
return clientset
}

func ConfigTLS(config *appConf.Config, clientset *kubernetes.Clientset) *tls.Config {
sCert, err := tls.LoadX509KeyPair(config.CertFile, config.KeyFile)
if err != nil {
glog.Fatal(err)
// ConfigTLS is a helper function that generate tls certificates from directly defined tls config or kubeconfig
// These are passed in as command line for cluster certification. If tls config is passed in, we use the directly
// defined tls config, else use that defined in kubeconfig
func ConfigTLS(config *appConf.Config, restConfig *restclient.Config) *tls.Config {
if len(config.CertFile) != 0 && len(config.KeyFile) != 0 {
sCert, err := tls.LoadX509KeyPair(config.CertFile, config.KeyFile)
if err != nil {
glog.Fatal(err)
}

return &tls.Config{
Certificates: []tls.Certificate{sCert},
}
}
return &tls.Config{
Certificates: []tls.Certificate{sCert},

if len(restConfig.CertData) != 0 && len(restConfig.KeyData) != 0 {
sCert, err := tls.X509KeyPair(restConfig.CertData, restConfig.KeyData)
if err != nil {
glog.Fatal(err)
}

return &tls.Config{
Certificates: []tls.Certificate{sCert},
}
}

glog.Fatal("tls: failed to find any tls config data")
return &tls.Config{}
}

func Serve(w http.ResponseWriter, r *http.Request, admit admissioncontroller.AdmitFunc) {
Expand Down
13 changes: 11 additions & 2 deletions cmd/admission/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,8 @@ import (
appConf "volcano.sh/volcano/cmd/admission/app/configure"
admissioncontroller "volcano.sh/volcano/pkg/admission"
"volcano.sh/volcano/pkg/version"

"k8s.io/client-go/tools/clientcmd"
)

func serveJobs(w http.ResponseWriter, r *http.Request) {
Expand Down Expand Up @@ -55,7 +57,13 @@ func main() {
}
addr := ":" + strconv.Itoa(config.Port)

clientset := app.GetClient(config)
restConfig, err := clientcmd.BuildConfigFromFlags(config.Master, config.Kubeconfig)
if err != nil {
fmt.Fprintf(os.Stderr, "%v\n", err)
os.Exit(1)
}

clientset := app.GetClient(restConfig)

caCertPem, err := ioutil.ReadFile(config.CaCertFile)
if err != nil {
Expand All @@ -71,9 +79,10 @@ func main() {
fmt.Fprintf(os.Stderr, "%v\n", err)
}
}

server := &http.Server{
Addr: addr,
TLSConfig: app.ConfigTLS(config, clientset),
TLSConfig: app.ConfigTLS(config, restConfig),
}
server.ListenAndServeTLS("", "")
}

0 comments on commit feabf5a

Please sign in to comment.