From b18be8dac71194c475c08853207614877319126e Mon Sep 17 00:00:00 2001 From: liangyuzhou Date: Thu, 13 Feb 2020 09:55:57 +0800 Subject: [PATCH] fix: accessing the cluster resource with the wrong address --- cmd/tke-installer/app/installer/installer.go | 4 ++-- pkg/platform/util/client.go | 24 ++++++++++---------- pkg/platform/util/location.go | 7 +++--- pkg/util/kubeconfig/kubeconfig.go | 12 +++++----- 4 files changed, 24 insertions(+), 23 deletions(-) diff --git a/cmd/tke-installer/app/installer/installer.go b/cmd/tke-installer/app/installer/installer.go index d3d0c78b8..1fcb51138 100644 --- a/cmd/tke-installer/app/installer/installer.go +++ b/cmd/tke-installer/app/installer/installer.go @@ -2150,12 +2150,12 @@ func (t *TKE) execHook(filename string) error { } func (t *TKE) getKubeconfig() (*api.Config, error) { - addr, err := platformutil.ClusterV1Address(&t.Cluster.Cluster) + host, err := platformutil.ClusterV1Host(&t.Cluster.Cluster) if err != nil { return nil, err } - return kubeconfig.CreateWithToken(addr, + return kubeconfig.CreateWithToken(host, t.Cluster.Name, "admin", t.Cluster.ClusterCredential.CACert, diff --git a/pkg/platform/util/client.go b/pkg/platform/util/client.go index a2db611ef..a4786bac7 100644 --- a/pkg/platform/util/client.go +++ b/pkg/platform/util/client.go @@ -226,7 +226,7 @@ func BuildTransport(credential *platform.ClusterCredential) (http.RoundTripper, // GetRestConfig returns rest config according to cluster func GetRestConfig(cluster *platformv1.Cluster, credential *platformv1.ClusterCredential) (*restclient.Config, error) { - address, err := ClusterV1Address(cluster) + host, err := ClusterV1Host(cluster) if err != nil { return nil, err } @@ -235,12 +235,12 @@ func GetRestConfig(cluster *platformv1.Cluster, credential *platformv1.ClusterCr if credential.CACert == nil { config.Clusters[contextName] = &api.Cluster{ - Server: address, + Server: fmt.Sprintf("https://%s", host), InsecureSkipTLSVerify: true, } } else { config.Clusters[contextName] = &api.Cluster{ - Server: address, + Server: fmt.Sprintf("https://%s", host), CertificateAuthorityData: credential.CACert, } } @@ -396,7 +396,7 @@ func BuildClientSet(cluster *platform.Cluster, credential *platform.ClusterCrede if cluster.Status.Locked != nil && *cluster.Status.Locked { return nil, fmt.Errorf("cluster %s has been locked", cluster.ObjectMeta.Name) } - address, err := ClusterAddress(cluster) + host, err := ClusterHost(cluster) if err != nil { return nil, err } @@ -405,12 +405,12 @@ func BuildClientSet(cluster *platform.Cluster, credential *platform.ClusterCrede if credential.CACert == nil { config.Clusters[contextName] = &api.Cluster{ - Server: address, + Server: fmt.Sprintf("https://%s", host), InsecureSkipTLSVerify: true, } } else { config.Clusters[contextName] = &api.Cluster{ - Server: address, + Server: fmt.Sprintf("https://%s", host), CertificateAuthorityData: credential.CACert, } } @@ -443,8 +443,8 @@ func BuildClientSet(cluster *platform.Cluster, credential *platform.ClusterCrede return kubernetes.NewForConfig(restConfig) } -// ClusterAddress returns the cluster address. -func ClusterAddress(cluster *platform.Cluster) (string, error) { +// ClusterHost returns host and port for kube-apiserver of cluster. +func ClusterHost(cluster *platform.Cluster) (string, error) { addrs := make(map[platform.AddressType][]platform.ClusterAddress) for _, one := range cluster.Status.Addresses { addrs[one.Type] = append(addrs[one.Type], one) @@ -469,17 +469,17 @@ func ClusterAddress(cluster *platform.Cluster) (string, error) { return "", pkgerrors.New("no valid address for the cluster") } - return fmt.Sprintf("https://%s:%d", address.Host, address.Port), nil + return fmt.Sprintf("%s:%d", address.Host, address.Port), nil } -// ClusterV1Address returns the cluster address. -func ClusterV1Address(c *platformv1.Cluster) (string, error) { +// ClusterV1Host returns host and port for kube-apiserver of versioned cluster resource. +func ClusterV1Host(c *platformv1.Cluster) (string, error) { var cluster platform.Cluster err := platformv1.Convert_v1_Cluster_To_platform_Cluster(c, &cluster, nil) if err != nil { return "", pkgerrors.Wrap(err, "Convert_v1_Cluster_To_platform_Cluster errror") } - return ClusterAddress(&cluster) + return ClusterHost(&cluster) } // rootCertPool returns nil if caData is empty. When passed along, this will mean "use system CAs". diff --git a/pkg/platform/util/location.go b/pkg/platform/util/location.go index 2f076484a..0b9b1cb9d 100644 --- a/pkg/platform/util/location.go +++ b/pkg/platform/util/location.go @@ -21,9 +21,10 @@ package util import ( "context" "fmt" - "k8s.io/apimachinery/pkg/fields" "net/http" "net/url" + + "k8s.io/apimachinery/pkg/fields" platformv1 "tkestack.io/tke/api/client/clientset/versioned/typed/platform/v1" v1 "tkestack.io/tke/api/platform/v1" "tkestack.io/tke/pkg/apiserver/authentication" @@ -65,7 +66,7 @@ func APIServerLocationByCluster(ctx context.Context, cluster *platform.Cluster, if err != nil { return nil, nil, "", errors.NewInternalError(err) } - address, err := ClusterAddress(cluster) + host, err := ClusterHost(cluster) if err != nil { return nil, nil, "", errors.NewInternalError(err) } @@ -78,7 +79,7 @@ func APIServerLocationByCluster(ctx context.Context, cluster *platform.Cluster, // Otherwise, return the requested scheme and port, and the proxy transport return &url.URL{ Scheme: "https", - Host: address, + Host: host, Path: requestInfo.Path, }, transport, token, nil } diff --git a/pkg/util/kubeconfig/kubeconfig.go b/pkg/util/kubeconfig/kubeconfig.go index 27cfb8022..f71493fe2 100644 --- a/pkg/util/kubeconfig/kubeconfig.go +++ b/pkg/util/kubeconfig/kubeconfig.go @@ -25,14 +25,14 @@ import ( ) // CreateBasic creates a basic, general KubeConfig object that then can be extended -func CreateBasic(serverURL, clusterName, userName string, caCert []byte) *clientcmdapi.Config { +func CreateBasic(host, clusterName, userName string, caCert []byte) *clientcmdapi.Config { // Use the cluster and the username as the context name contextName := fmt.Sprintf("%s@%s", userName, clusterName) return &clientcmdapi.Config{ Clusters: map[string]*clientcmdapi.Cluster{ clusterName: { - Server: serverURL, + Server: fmt.Sprintf("https://%s", host), CertificateAuthorityData: caCert, }, }, @@ -48,8 +48,8 @@ func CreateBasic(serverURL, clusterName, userName string, caCert []byte) *client } // CreateWithCerts creates a KubeConfig object with access to the API server with client certificates -func CreateWithCerts(serverURL, clusterName, userName string, caCert []byte, clientKey []byte, clientCert []byte) *clientcmdapi.Config { - config := CreateBasic(serverURL, clusterName, userName, caCert) +func CreateWithCerts(host, clusterName, userName string, caCert []byte, clientKey []byte, clientCert []byte) *clientcmdapi.Config { + config := CreateBasic(host, clusterName, userName, caCert) config.AuthInfos[userName] = &clientcmdapi.AuthInfo{ ClientKeyData: clientKey, ClientCertificateData: clientCert, @@ -58,8 +58,8 @@ func CreateWithCerts(serverURL, clusterName, userName string, caCert []byte, cli } // CreateWithToken creates a KubeConfig object with access to the API server with a token -func CreateWithToken(serverURL, clusterName, userName string, caCert []byte, token string) *clientcmdapi.Config { - config := CreateBasic(serverURL, clusterName, userName, caCert) +func CreateWithToken(host, clusterName, userName string, caCert []byte, token string) *clientcmdapi.Config { + config := CreateBasic(host, clusterName, userName, caCert) config.AuthInfos[userName] = &clientcmdapi.AuthInfo{ Token: token, }