Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

use cluster dns to reach apiserver for rustls - for #587 #597

Merged
merged 2 commits into from Jul 26, 2021
Merged

use cluster dns to reach apiserver for rustls - for #587 #597

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
4efd997
use cluster dns to reach apiserver when on rustls - for #587
clux Jul 21, 2021
153bc6e
ci test run with rustls
clux Jul 24, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
14 changes: 14 additions & 0 deletions kube/src/config/incluster_config.rs
View file
Open in desktop
Expand Up @@ -2,8 +2,12 @@ use std::env;

use crate::{config::utils, Result};

// Old method to connect to kubernetes
pub const SERVICE_HOSTENV: &str = "KUBERNETES_SERVICE_HOST";
pub const SERVICE_PORTENV: &str = "KUBERNETES_SERVICE_PORT";
// New method to connect to kubernetes
pub const SERVICE_DNS: &str = "kubernetes.default.svc";
// Mounted credential files
const SERVICE_TOKENFILE: &str = "/var/run/secrets/kubernetes.io/serviceaccount/token";
const SERVICE_CERTFILE: &str = "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt";
const SERVICE_DEFAULT_NS: &str = "/var/run/secrets/kubernetes.io/serviceaccount/namespace";
Expand All @@ -15,6 +19,15 @@ pub fn kube_server() -> Option<String> {
Some(format!("https://{}:{}", host, port))
}

pub fn kube_dns() -> http::Uri {
http::Uri::builder()
.scheme("https")
.authority(SERVICE_DNS)
.path_and_query("/")
.build()
.unwrap()
}

fn kube_host() -> Option<String> {
env::var(SERVICE_HOSTENV).ok()
}
Expand Down Expand Up @@ -43,6 +56,7 @@ fn test_kube_host() {
let expected = "fake.io";
env::set_var(SERVICE_HOSTENV, expected);
assert_eq!(kube_host().unwrap(), expected);
kube_dns(); // verify kube_dns always unwraps
}

#[test]
Expand Down
16 changes: 11 additions & 5 deletions kube/src/config/mod.rs
View file
Open in desktop
Expand Up @@ -91,11 +91,17 @@ impl Config {
/// and relies on you having the service account's token mounted,
/// as well as having given the service account rbac access to do what you need.
pub fn from_cluster_env() -> Result<Self> {
let cluster_url = incluster_config::kube_server().ok_or(ConfigError::MissingInClusterVariables {
hostenv: incluster_config::SERVICE_HOSTENV,
portenv: incluster_config::SERVICE_PORTENV,
})?;
let cluster_url = cluster_url.parse::<http::Uri>()?;

let cluster_url = if cfg!(feature = "rustls-tls") {
clux marked this conversation as resolved.
Show resolved Hide resolved
// try rolling out new method for rustls which does not support ip based urls anyway
// see https://github.com/kube-rs/kube-rs/issues/587
incluster_config::kube_dns()
} else {
incluster_config::kube_server().ok_or(ConfigError::MissingInClusterVariables {
hostenv: incluster_config::SERVICE_HOSTENV,
portenv: incluster_config::SERVICE_PORTENV,
})?.parse::<http::Uri>()?
};

let default_namespace = incluster_config::load_default_ns()
.map_err(Box::new)
Expand Down
2 changes: 1 addition & 1 deletion tests/Cargo.toml
View file
Open in desktop
Expand Up @@ -16,7 +16,7 @@ path = "dapp.rs"
anyhow = "1.0.37"
env_logger = "0.8.2"
futures = "0.3.8"
kube = { path = "../kube", version = "^0.58.0"}
kube = { path = "../kube", version = "^0.58.1", default-features = false, features = ["client", "rustls-tls"] }
k8s-openapi = { version = "0.12.0", features = ["v1_20"], default-features = false }
log = "0.4.11"
serde_json = "1.0.61"
Expand Down