Merge pull request #170 from gravitational/roman/conflict

Generate kubeconfig on startup

build.assets/makefiles/master/k8s-master/k8s-master.mk

@@ -6,7 +6,6 @@ all: k8s-master.mk
 	@echo "\n---> Building Kubernetes master components\n"
 	mkdir -p $(ROOTFS)/etc/kubernetes
 	cp -TRv -p rootfs/etc/kubernetes $(ROOTFS)/etc/kubernetes
-	cp -TRv -p rootfs/root $(ROOTFS)/root
 	cp -af ./kube-apiserver.service $(ROOTFS)/lib/systemd/system
 	cp -af ./kube-controller-manager.service $(ROOTFS)/lib/systemd/system
 	cp -af ./kube-scheduler.service $(ROOTFS)/lib/systemd/system

build.assets/makefiles/master/k8s-master/k8s-node.mk

@@ -6,7 +6,6 @@ all: k8s-node.mk
 	@echo "\n---> Building Kubernetes node components\n"
 	mkdir -p $(ROOTFS)/etc/kubernetes
 	cp -TRv -p rootfs/etc/kubernetes $(ROOTFS)/etc/kubernetes
-	cp -TRv -p rootfs/root $(ROOTFS)/root
 	cp -af ./kube-kubelet.service $(ROOTFS)/lib/systemd/system
 	cp -af ./kube-proxy.service $(ROOTFS)/lib/systemd/system
 	ln -sf /lib/systemd/system/kube-kubelet.service  $(ROOTFS)/lib/systemd/system/multi-user.target.wants/

tool/planet/cfg.go

@@ -1,13 +1,16 @@
 package main
 
 import (
+	"bytes"
 	"fmt"
 	"net"
 	"os/user"
 	"strconv"
 	"strings"
+	"text/template"
 
 	"github.com/gravitational/planet/lib/box"
+	"github.com/gravitational/trace"
 
 	kv "github.com/gravitational/configure"
 	"github.com/gravitational/configure/cstrings"
@@ -48,6 +51,12 @@ func (cfg *Config) SkyDNSResolverIP() string {
 	return cfg.ServiceSubnet.RelativeIP(3).String()
 }
 
+// APIServerIP returns the IP of the "kubernetes" service which is the first IP
+// of the configured service subnet
+func (cfg *Config) APIServerIP() net.IP {
+	return cfg.ServiceSubnet.FirstIP()
+}
+
 func (cfg *Config) hasRole(r string) bool {
 	for _, rs := range cfg.Roles {
 		if rs == r {
@@ -124,3 +133,34 @@ func (r *boolFlag) Set(input string) error {
 func (r boolFlag) String() string {
 	return strconv.FormatBool(bool(r))
 }
+
+// NewKubeConfig returns a kubectl config for the specified kubernetes API server IP
+func NewKubeConfig(ip net.IP) ([]byte, error) {
+	var b bytes.Buffer
+	err := kubeConfig.Execute(&b, map[string]string{"ip": ip.String()})
+	if err != nil {
+		return nil, trace.Wrap(err)
+	}
+	return b.Bytes(), nil
+}
+
+// kubeConfig is a template of a configuration file for kubectl
+var kubeConfig = template.Must(template.New("kubeConfig").Parse(`apiVersion: v1
+kind: Config
+current-context: default
+clusters:
+- name: default
+  cluster:
+    certificate-authority: /var/lib/gravity/secrets/root.cert
+    server: https://{{.ip}}
+users:
+- name: default
+  user:
+    client-certificate: /var/lib/gravity/secrets/kubelet.cert
+    client-key: /var/lib/gravity/secrets/kubelet.key
+contexts:
+- name: default
+  context:
+    cluster: default
+    user: default
+    namespace: default`))

tool/planet/constants.go

@@ -30,6 +30,7 @@ const (
 	EnvStateDir                = "PLANET_STATE_DIR"
 	EnvAWSAccessKey            = "AWS_ACCESS_KEY_ID"
 	EnvAWSSecretKey            = "AWS_SECRET_ACCESS_KEY"
+	EnvKubeConfig              = "KUBECONFIG"
 
 	PlanetRoleMaster = "master"
 
@@ -70,12 +71,17 @@ const (
 	KubeletResolv = "resolv.kubelet.conf"
 	// SharedFileMask is file mask for shared file
 	SharedFileMask = 0644
+	// SharedDirMask is a permissions mask for a shared directory
+	SharedDirMask = 0755
 
 	// DNSMasqK8sConf is DNSMasq DNS server K8s config
 	DNSMasqK8sConf = "/etc/dnsmasq.d/k8s.conf"
 
 	// DNSMasqAPIServerConf is the dnsmasq configuration file for apiserver
 	DNSMasqAPIServerConf = "/etc/dnsmasq.d/apiserver.conf"
+
+	// KubeConfigPath is the path to kubectl configuration file
+	KubeConfigPath = "/etc/kubernetes/kubectl.kubeconfig"
 )
 
 // K8sSearchDomains are default k8s search domain settings

tool/planet/enter.go

@@ -48,6 +48,7 @@ func enter(rootfs, socketPath string, cfg *box.ProcessConfig) error {
 	cfg.Env.Upsert(EnvEtcdctlKeyFile, DefaultEtcdctlKeyFile)
 	cfg.Env.Upsert(EnvEtcdctlCAFile, DefaultEtcdctlCAFile)
 	cfg.Env.Upsert(EnvEtcdctlPeers, DefaultEtcdEndpoints)
+	cfg.Env.Upsert(EnvKubeConfig, KubeConfigPath)
 	s, err := box.Connect(&box.ClientConfig{
 		Rootfs:     rootfs,
 		SocketPath: socketPath,

tool/planet/start.go

@@ -159,7 +159,10 @@ func start(config *Config, monitorc chan<- bool) (*runtimeContext, error) {
 	if err = addResolv(config); err != nil {
 		return nil, trace.Wrap(err)
 	}
-	if err := setDNSMasq(config); err != nil {
+	if err = setDNSMasq(config); err != nil {
+		return nil, trace.Wrap(err)
+	}
+	if err = addKubeConfig(config); err != nil {
 		return nil, trace.Wrap(err)
 	}
 	mountSecrets(config)
@@ -398,6 +401,24 @@ func addDockerOptions(config *Config) {
 	}
 }
 
+// addKubeConfig writes a kubectl config file
+func addKubeConfig(config *Config) error {
+	kubeConfig, err := NewKubeConfig(config.APIServerIP())
+	if err != nil {
+		return trace.Wrap(err)
+	}
+	path := filepath.Join(config.Rootfs, KubeConfigPath)
+	err = os.MkdirAll(filepath.Dir(path), SharedDirMask)
+	if err != nil {
+		return trace.Wrap(err)
+	}
+	err = ioutil.WriteFile(path, kubeConfig, SharedFileMask)
+	if err != nil {
+		return trace.Wrap(err)
+	}
+	return nil
+}
+
 func setDNSMasq(config *Config) error {
 	resolv, err := readHostResolv()
 	if err != nil {