Add --bootstrap-config-name|namespace to kubelet

smarterclayton · smarterclayton · commit faaed40cd385 · 2017-09-27T14:31:42.000-04:00
This allows the kubelet to be configured to load default configuration
out of a known namespace. By default it is openshift-node/node-config.

Correct an error in bootstrapping where errors weren't logged, and
properly ignore forbidden errors when trying to load the config map.

Add a better description of bootstrapping to openshift start node.
diff --git a/contrib/completions/bash/openshift b/contrib/completions/bash/openshift
@@ -33725,6 +33725,10 @@ _openshift_start_node()
 
     flags+=("--bootstrap")
     local_nonpersistent_flags+=("--bootstrap")
+    flags+=("--bootstrap-config-name=")
+    local_nonpersistent_flags+=("--bootstrap-config-name=")
+    flags+=("--bootstrap-config-namespace=")
+    local_nonpersistent_flags+=("--bootstrap-config-namespace=")
     flags+=("--config=")
     flags_with_completion+=("--config")
     flags_completion+=("__handle_filename_extension_flag yaml|yml")
diff --git a/contrib/completions/zsh/openshift b/contrib/completions/zsh/openshift
@@ -33874,6 +33874,10 @@ _openshift_start_node()
 
     flags+=("--bootstrap")
     local_nonpersistent_flags+=("--bootstrap")
+    flags+=("--bootstrap-config-name=")
+    local_nonpersistent_flags+=("--bootstrap-config-name=")
+    flags+=("--bootstrap-config-namespace=")
+    local_nonpersistent_flags+=("--bootstrap-config-namespace=")
     flags+=("--config=")
     flags_with_completion+=("--config")
     flags_completion+=("__handle_filename_extension_flag yaml|yml")
diff --git a/pkg/cmd/server/start/bootstrap_node.go b/pkg/cmd/server/start/bootstrap_node.go
@@ -212,12 +212,20 @@ func (o NodeOptions) loadBootstrap(hostnames []string, nodeConfigDir string) err
 
 	// try to refresh the latest node-config.yaml
 	o.ConfigFile = filepath.Join(nodeConfigDir, "node-config.yaml")
-	config, err := c.Core().ConfigMaps("kube-system").Get("node-config", metav1.GetOptions{})
+	config, err := c.Core().ConfigMaps(o.NodeArgs.BootstrapConfigNamespace).Get(o.NodeArgs.BootstrapConfigName, metav1.GetOptions{})
 	if err == nil {
+		glog.V(2).Infof("Loading node configuration from %s/%s (rv=%s, uid=%s)", config.Namespace, config.Name, config.ResourceVersion, config.UID)
 		// skip all the config we generated ourselves
-		skipConfig := map[string]struct{}{"server.crt": {}, "server.key": {}, "master-client.crt": {}, "master-client.key": {}, "node.kubeconfig": {}}
+		skipConfig := map[string]struct{}{
+			"server.crt":        {},
+			"server.key":        {},
+			"master-client.crt": {},
+			"master-client.key": {},
+			"node.kubeconfig":   {},
+		}
 		for k, v := range config.Data {
 			if _, ok := skipConfig[k]; ok {
+				glog.V(2).Infof("Skipping key %q from config map", k)
 				continue
 			}
 			b := []byte(v)
@@ -233,10 +241,10 @@ func (o NodeOptions) loadBootstrap(hostnames []string, nodeConfigDir string) err
 				if err := o.NodeArgs.MergeSerializeableNodeConfig(nodeConfig); err != nil {
 					return err
 				}
-				nodeConfig.ServingInfo.ServerCert.CertFile = filepath.Join(nodeConfigDir, "server.crt")
-				nodeConfig.ServingInfo.ServerCert.KeyFile = filepath.Join(nodeConfigDir, "server.key")
-				nodeConfig.ServingInfo.ClientCA = nodeClientCAPath
-				nodeConfig.MasterKubeConfig = filepath.Join(nodeConfigDir, "node.kubeconfig")
+				nodeConfig.ServingInfo.ServerCert.CertFile = "server.crt"
+				nodeConfig.ServingInfo.ServerCert.KeyFile = "server.key"
+				nodeConfig.ServingInfo.ClientCA = "node-client-ca.crt"
+				nodeConfig.MasterKubeConfig = "node.kubeconfig"
 				b, err = configapilatest.WriteYAML(nodeConfig)
 				if err != nil {
 					return err
@@ -252,35 +260,42 @@ func (o NodeOptions) loadBootstrap(hostnames []string, nodeConfigDir string) err
 
 	// if we had a previous node-config.yaml, continue using it
 	if _, err2 := os.Stat(o.ConfigFile); err2 == nil {
-		if err == nil {
-			glog.V(2).Infof("Unable to load node configuration from the server: %v", err)
+		if err != nil {
+			glog.Warningf("Unable to load node configuration from the server: %v", err)
 		}
 		return nil
 	}
 
-	// if there is no node-config.yaml and no server config map, generate one
-	if kerrors.IsNotFound(err) {
-		glog.V(2).Infof("Generating a local configuration since no server config available")
-		nodeConfig, err := o.NodeArgs.BuildSerializeableNodeConfig()
-		if err != nil {
-			return err
-		}
-		if err := o.NodeArgs.MergeSerializeableNodeConfig(nodeConfig); err != nil {
-			return err
-		}
-		nodeConfig.ServingInfo.ServerCert.CertFile = "server.crt"
-		nodeConfig.ServingInfo.ServerCert.KeyFile = "server.key"
-		nodeConfig.ServingInfo.ClientCA = "node-client-ca.crt"
-		nodeConfig.MasterKubeConfig = "node.kubeconfig"
-		b, err := configapilatest.WriteYAML(nodeConfig)
-		if err != nil {
-			return err
-		}
-		if err := ioutil.WriteFile(o.ConfigFile, b, 0600); err != nil {
-			return err
-		}
-		return nil
+	switch {
+	case kerrors.IsNotFound(err):
+		err = nil
+	case kerrors.IsForbidden(err):
+		glog.Warningf("Node is not authorized to access config, continuing without config: %v", err)
+		err = nil
+	}
+	if err != nil {
+		return err
 	}
 
-	return err
+	// if there is no node-config.yaml and no server config map, generate one
+	glog.V(2).Infof("Generating a local configuration since no server config available")
+	nodeConfig, err := o.NodeArgs.BuildSerializeableNodeConfig()
+	if err != nil {
+		return err
+	}
+	if err := o.NodeArgs.MergeSerializeableNodeConfig(nodeConfig); err != nil {
+		return err
+	}
+	nodeConfig.ServingInfo.ServerCert.CertFile = "server.crt"
+	nodeConfig.ServingInfo.ServerCert.KeyFile = "server.key"
+	nodeConfig.ServingInfo.ClientCA = "node-client-ca.crt"
+	nodeConfig.MasterKubeConfig = "node.kubeconfig"
+	b, err := configapilatest.WriteYAML(nodeConfig)
+	if err != nil {
+		return err
+	}
+	if err := ioutil.WriteFile(o.ConfigFile, b, 0600); err != nil {
+		return err
+	}
+	return nil
 }
diff --git a/pkg/cmd/server/start/node_args.go b/pkg/cmd/server/start/node_args.go
@@ -58,6 +58,10 @@ type NodeArgs struct {
 
 	// Bootstrap is true if the node should rely on the server to set initial configuration.
 	Bootstrap bool
+	// BootstrapConfigName is the name of a config map to read node-config.yaml from.
+	BootstrapConfigName string
+	// BootstrapConfigNamespace is the namespace the config map for bootstrap config is expected to load from.
+	BootstrapConfigNamespace string
 
 	MasterCertDir string
 	ConfigDir     flag.StringFlag
@@ -129,6 +133,9 @@ func NewDefaultNodeArgs() *NodeArgs {
 
 		NodeName: hostname,
 
+		BootstrapConfigName:      "node-config",
+		BootstrapConfigNamespace: "openshift-node",
+
 		MasterCertDir: "openshift.local.config/master",
 
 		ClusterDomain: cmdutil.Env("OPENSHIFT_DNS_DOMAIN", "cluster.local"),
@@ -152,6 +159,14 @@ func (args NodeArgs) Validate() error {
 	if addr, _ := args.KubeConnectionArgs.GetKubernetesAddress(args.DefaultKubernetesURL); addr == nil {
 		return errors.New("--kubeconfig must be set to provide API server connection information")
 	}
+	if args.Bootstrap {
+		if len(args.BootstrapConfigName) == 0 {
+			return errors.New("--bootstrap-config-name must be specified")
+		}
+		if len(args.BootstrapConfigNamespace) == 0 {
+			return errors.New("--bootstrap-config-namespace must be specified")
+		}
+	}
 	return nil
 }
 
diff --git a/pkg/cmd/server/start/start_node.go b/pkg/cmd/server/start/start_node.go
@@ -52,7 +52,14 @@ var nodeLong = templates.LongDesc(`
 	    %[1]s start node --config=<node-config>
 
 	will start a node with given configuration file. The node will run in the
-	foreground until you terminate the process.`)
+	foreground until you terminate the process.
+	
+	The --bootstrap flag instructs the node to use the provided kubeconfig
+	file to contact the master and request a client cert (its identity) and
+	a serving cert, and then downloads node-config.yaml from a config map on
+	the server. If no config map exists, it will use the default settings. 
+	In this mode --config will be location of the downloaded config.
+	`)
 
 // NewCommandStartNode provides a CLI handler for 'start node' command
 func NewCommandStartNode(basename string, out, errout io.Writer) (*cobra.Command, *NodeOptions) {
@@ -82,6 +89,8 @@ func NewCommandStartNode(basename string, out, errout io.Writer) (*cobra.Command
 	BindKubeConnectionArgs(options.NodeArgs.KubeConnectionArgs, flags, "")
 
 	flags.BoolVar(&options.NodeArgs.Bootstrap, "bootstrap", false, "Use the provided .kubeconfig file to perform initial node setup (experimental).")
+	flags.StringVar(&options.NodeArgs.BootstrapConfigName, "bootstrap-config-name", options.NodeArgs.BootstrapConfigName, "The name of a config map to load node-config.yaml from (experimental).")
+	flags.StringVar(&options.NodeArgs.BootstrapConfigNamespace, "bootstrap-config-namespace", options.NodeArgs.BootstrapConfigNamespace, "The namespace containing a config map to load node-config.yaml from (experimental).")
 
 	// autocompletion hints
 	cmd.MarkFlagFilename("config", "yaml", "yml")
