vendor update for CSI 0.3.0

2025-06-14 18:53:35 +00:00 · 2018-07-18 16:47:22 +02:00
parent 6f484f92fc
commit 8ea659f0d5
6810 changed files with 438061 additions and 193861 deletions
--- a/vendor/k8s.io/kubernetes/cmd/kubeadm/app/discovery/discovery.go
+++ b/vendor/k8s.io/kubernetes/cmd/kubeadm/app/discovery/discovery.go
@ -43,7 +43,7 @@ func For(cfg *kubeadmapi.NodeConfiguration) (*clientcmdapi.Config, error) {

 	return kubeconfigutil.CreateWithToken(
 		clusterinfo.Server,
-		"kubernetes",
+		cfg.ClusterName,
 		TokenUser,
 		clusterinfo.CertificateAuthorityData,
 		cfg.TLSBootstrapToken,
@ -55,17 +55,17 @@ func GetValidatedClusterInfoObject(cfg *kubeadmapi.NodeConfiguration) (*clientcm
 	switch {
 	case len(cfg.DiscoveryFile) != 0:
 		if isHTTPSURL(cfg.DiscoveryFile) {
-			return https.RetrieveValidatedClusterInfo(cfg.DiscoveryFile)
+			return https.RetrieveValidatedClusterInfo(cfg.DiscoveryFile, cfg.ClusterName)
 		}
-		return file.RetrieveValidatedClusterInfo(cfg.DiscoveryFile)
+		return file.RetrieveValidatedClusterInfo(cfg.DiscoveryFile, cfg.ClusterName)
 	case len(cfg.DiscoveryToken) != 0:
-		return token.RetrieveValidatedClusterInfo(cfg.DiscoveryToken, cfg.DiscoveryTokenAPIServers, cfg.DiscoveryTokenCACertHashes)
+		return token.RetrieveValidatedClusterInfo(cfg)
 	default:
 		return nil, fmt.Errorf("couldn't find a valid discovery configuration")
 	}
 }

-// isHTTPSURL checks whether the string is parsable as an URL and whether the Scheme is https
+// isHTTPSURL checks whether the string is parsable as a URL and whether the Scheme is https
 func isHTTPSURL(s string) bool {
 	u, err := url.Parse(s)
 	return err == nil && u.Scheme == "https"
--- a/vendor/k8s.io/kubernetes/cmd/kubeadm/app/discovery/file/file.go
+++ b/vendor/k8s.io/kubernetes/cmd/kubeadm/app/discovery/file/file.go
@ -33,18 +33,18 @@ import (
 // RetrieveValidatedClusterInfo connects to the API Server and makes sure it can talk
 // securely to the API Server using the provided CA cert and
 // optionally refreshes the cluster-info information from the cluster-info ConfigMap
-func RetrieveValidatedClusterInfo(filepath string) (*clientcmdapi.Cluster, error) {
+func RetrieveValidatedClusterInfo(filepath, clustername string) (*clientcmdapi.Cluster, error) {
 	clusterinfo, err := clientcmd.LoadFromFile(filepath)
 	if err != nil {
 		return nil, err
 	}
-	return ValidateClusterInfo(clusterinfo)
+	return ValidateClusterInfo(clusterinfo, clustername)
 }

 // ValidateClusterInfo connects to the API Server and makes sure it can talk
 // securely to the API Server using the provided CA cert and
 // optionally refreshes the cluster-info information from the cluster-info ConfigMap
-func ValidateClusterInfo(clusterinfo *clientcmdapi.Config) (*clientcmdapi.Cluster, error) {
+func ValidateClusterInfo(clusterinfo *clientcmdapi.Config, clustername string) (*clientcmdapi.Cluster, error) {
 	err := validateClusterInfoKubeConfig(clusterinfo)
 	if err != nil {
 		return nil, err
@ -57,7 +57,7 @@ func ValidateClusterInfo(clusterinfo *clientcmdapi.Config) (*clientcmdapi.Cluste
 	// We do this in order to not pick up other possible misconfigurations in the clusterinfo file
 	configFromClusterInfo := kubeconfigutil.CreateBasic(
 		defaultCluster.Server,
-		"kubernetes",
+		clustername,
 		"", // no user provided
 		defaultCluster.CertificateAuthorityData,
 	)
--- a/vendor/k8s.io/kubernetes/cmd/kubeadm/app/discovery/https/https.go
+++ b/vendor/k8s.io/kubernetes/cmd/kubeadm/app/discovery/https/https.go
@ -29,7 +29,7 @@ import (
 // RetrieveValidatedClusterInfo connects to the API Server and makes sure it can talk
 // securely to the API Server using the provided CA cert and
 // optionally refreshes the cluster-info information from the cluster-info ConfigMap
-func RetrieveValidatedClusterInfo(httpsURL string) (*clientcmdapi.Cluster, error) {
+func RetrieveValidatedClusterInfo(httpsURL, clustername string) (*clientcmdapi.Cluster, error) {
 	client := &http.Client{Transport: netutil.SetOldTransportDefaults(&http.Transport{})}
 	response, err := client.Get(httpsURL)
 	if err != nil {
@ -46,5 +46,5 @@ func RetrieveValidatedClusterInfo(httpsURL string) (*clientcmdapi.Cluster, error
 	if err != nil {
 		return nil, err
 	}
-	return file.ValidateClusterInfo(clusterinfo)
+	return file.ValidateClusterInfo(clusterinfo, clustername)
 }
--- a/vendor/k8s.io/kubernetes/cmd/kubeadm/app/discovery/token/BUILD
+++ b/vendor/k8s.io/kubernetes/cmd/kubeadm/app/discovery/token/BUILD
@ -11,10 +11,10 @@ go_library(
    srcs = ["token.go"],
    importpath = "k8s.io/kubernetes/cmd/kubeadm/app/discovery/token",
    deps = [
+        "//cmd/kubeadm/app/apis/kubeadm:go_default_library",
        "//cmd/kubeadm/app/constants:go_default_library",
        "//cmd/kubeadm/app/util/kubeconfig:go_default_library",
        "//cmd/kubeadm/app/util/pubkeypin:go_default_library",
-        "//cmd/kubeadm/app/util/token:go_default_library",
        "//pkg/controller/bootstrap:go_default_library",
        "//vendor/k8s.io/api/core/v1:go_default_library",
        "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
--- a/vendor/k8s.io/kubernetes/cmd/kubeadm/app/discovery/token/token.go
+++ b/vendor/k8s.io/kubernetes/cmd/kubeadm/app/discovery/token/token.go
@ -22,6 +22,7 @@ import (
 	"encoding/pem"
 	"fmt"
 	"sync"
+	"time"

 	"k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@ -29,10 +30,10 @@ import (
 	bootstrapapi "k8s.io/client-go/tools/bootstrap/token/api"
 	"k8s.io/client-go/tools/clientcmd"
 	clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
+	kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
 	"k8s.io/kubernetes/cmd/kubeadm/app/constants"
 	kubeconfigutil "k8s.io/kubernetes/cmd/kubeadm/app/util/kubeconfig"
 	"k8s.io/kubernetes/cmd/kubeadm/app/util/pubkeypin"
-	tokenutil "k8s.io/kubernetes/cmd/kubeadm/app/util/token"
 	"k8s.io/kubernetes/pkg/controller/bootstrap"
 )

@ -40,26 +41,26 @@ import (
 const BootstrapUser = "token-bootstrap-client"

 // RetrieveValidatedClusterInfo connects to the API Server and tries to fetch the cluster-info ConfigMap
-// It then makes sure it can trust the API Server by looking at the JWS-signed tokens and (if rootCAPubKeys is not empty)
+// It then makes sure it can trust the API Server by looking at the JWS-signed tokens and (if cfg.DiscoveryTokenCACertHashes is not empty)
 // validating the cluster CA against a set of pinned public keys
-func RetrieveValidatedClusterInfo(discoveryToken string, tokenAPIServers, rootCAPubKeys []string) (*clientcmdapi.Cluster, error) {
-	tokenID, tokenSecret, err := tokenutil.ParseToken(discoveryToken)
+func RetrieveValidatedClusterInfo(cfg *kubeadmapi.NodeConfiguration) (*clientcmdapi.Cluster, error) {
+	token, err := kubeadmapi.NewBootstrapTokenString(cfg.DiscoveryToken)
 	if err != nil {
 		return nil, err
 	}

 	// Load the cfg.DiscoveryTokenCACertHashes into a pubkeypin.Set
 	pubKeyPins := pubkeypin.NewSet()
-	err = pubKeyPins.Allow(rootCAPubKeys...)
+	err = pubKeyPins.Allow(cfg.DiscoveryTokenCACertHashes...)
 	if err != nil {
 		return nil, err
 	}

 	// The function below runs for every endpoint, and all endpoints races with each other.
 	// The endpoint that wins the race and completes the task first gets its kubeconfig returned below
-	baseKubeConfig := runForEndpointsAndReturnFirst(tokenAPIServers, func(endpoint string) (*clientcmdapi.Config, error) {
+	baseKubeConfig, err := runForEndpointsAndReturnFirst(cfg.DiscoveryTokenAPIServers, cfg.DiscoveryTimeout.Duration, func(endpoint string) (*clientcmdapi.Config, error) {

-		insecureBootstrapConfig := buildInsecureBootstrapKubeConfig(endpoint)
+		insecureBootstrapConfig := buildInsecureBootstrapKubeConfig(endpoint, cfg.ClusterName)
 		clusterName := insecureBootstrapConfig.Contexts[insecureBootstrapConfig.CurrentContext].Cluster

 		insecureClient, err := kubeconfigutil.ToClientSet(insecureBootstrapConfig)
@ -86,11 +87,11 @@ func RetrieveValidatedClusterInfo(discoveryToken string, tokenAPIServers, rootCA
 		if !ok || len(insecureKubeconfigString) == 0 {
 			return nil, fmt.Errorf("there is no %s key in the %s ConfigMap. This API Server isn't set up for token bootstrapping, can't connect", bootstrapapi.KubeConfigKey, bootstrapapi.ConfigMapClusterInfo)
 		}
-		detachedJWSToken, ok := insecureClusterInfo.Data[bootstrapapi.JWSSignatureKeyPrefix+tokenID]
+		detachedJWSToken, ok := insecureClusterInfo.Data[bootstrapapi.JWSSignatureKeyPrefix+token.ID]
 		if !ok || len(detachedJWSToken) == 0 {
-			return nil, fmt.Errorf("token id %q is invalid for this cluster or it has expired. Use \"kubeadm token create\" on the master node to creating a new valid token", tokenID)
+			return nil, fmt.Errorf("token id %q is invalid for this cluster or it has expired. Use \"kubeadm token create\" on the master node to creating a new valid token", token.ID)
 		}
-		if !bootstrap.DetachedTokenIsValid(detachedJWSToken, insecureKubeconfigString, tokenID, tokenSecret) {
+		if !bootstrap.DetachedTokenIsValid(detachedJWSToken, insecureKubeconfigString, token.ID, token.Secret) {
 			return nil, fmt.Errorf("failed to verify JWS signature of received cluster info object, can't trust this API Server")
 		}
 		insecureKubeconfigBytes := []byte(insecureKubeconfigString)
@ -126,7 +127,7 @@ func RetrieveValidatedClusterInfo(discoveryToken string, tokenAPIServers, rootCA
 		}

 		// Now that we know the proported cluster CA, connect back a second time validating with that CA
-		secureBootstrapConfig := buildSecureBootstrapKubeConfig(endpoint, clusterCABytes)
+		secureBootstrapConfig := buildSecureBootstrapKubeConfig(endpoint, clusterCABytes, clusterName)
 		secureClient, err := kubeconfigutil.ToClientSet(secureBootstrapConfig)
 		if err != nil {
 			return nil, err
@ -158,28 +159,30 @@ func RetrieveValidatedClusterInfo(discoveryToken string, tokenAPIServers, rootCA
 		fmt.Printf("[discovery] Cluster info signature and contents are valid and TLS certificate validates against pinned roots, will use API Server %q\n", endpoint)
 		return secureKubeconfig, nil
 	})
+	if err != nil {
+		return nil, err
+	}

 	return kubeconfigutil.GetClusterFromKubeConfig(baseKubeConfig), nil
 }

 // buildInsecureBootstrapKubeConfig makes a KubeConfig object that connects insecurely to the API Server for bootstrapping purposes
-func buildInsecureBootstrapKubeConfig(endpoint string) *clientcmdapi.Config {
+func buildInsecureBootstrapKubeConfig(endpoint, clustername string) *clientcmdapi.Config {
 	masterEndpoint := fmt.Sprintf("https://%s", endpoint)
-	clusterName := "kubernetes"
-	bootstrapConfig := kubeconfigutil.CreateBasic(masterEndpoint, clusterName, BootstrapUser, []byte{})
-	bootstrapConfig.Clusters[clusterName].InsecureSkipTLSVerify = true
+	bootstrapConfig := kubeconfigutil.CreateBasic(masterEndpoint, clustername, BootstrapUser, []byte{})
+	bootstrapConfig.Clusters[clustername].InsecureSkipTLSVerify = true
 	return bootstrapConfig
 }

 // buildSecureBootstrapKubeConfig makes a KubeConfig object that connects securely to the API Server for bootstrapping purposes (validating with the specified CA)
-func buildSecureBootstrapKubeConfig(endpoint string, caCert []byte) *clientcmdapi.Config {
+func buildSecureBootstrapKubeConfig(endpoint string, caCert []byte, clustername string) *clientcmdapi.Config {
 	masterEndpoint := fmt.Sprintf("https://%s", endpoint)
-	bootstrapConfig := kubeconfigutil.CreateBasic(masterEndpoint, "kubernetes", BootstrapUser, caCert)
+	bootstrapConfig := kubeconfigutil.CreateBasic(masterEndpoint, clustername, BootstrapUser, caCert)
 	return bootstrapConfig
 }

 // runForEndpointsAndReturnFirst loops the endpoints slice and let's the endpoints race for connecting to the master
-func runForEndpointsAndReturnFirst(endpoints []string, fetchKubeConfigFunc func(string) (*clientcmdapi.Config, error)) *clientcmdapi.Config {
+func runForEndpointsAndReturnFirst(endpoints []string, discoveryTimeout time.Duration, fetchKubeConfigFunc func(string) (*clientcmdapi.Config, error)) (*clientcmdapi.Config, error) {
 	stopChan := make(chan struct{})
 	var resultingKubeConfig *clientcmdapi.Config
 	var once sync.Once
@ -205,8 +208,17 @@ func runForEndpointsAndReturnFirst(endpoints []string, fetchKubeConfigFunc func(
 			}, constants.DiscoveryRetryInterval, stopChan)
 		}(endpoint)
 	}
-	wg.Wait()
-	return resultingKubeConfig
+	select {
+	case <-time.After(discoveryTimeout):
+		close(stopChan)
+		err := fmt.Errorf("abort connecting to API servers after timeout of %v", discoveryTimeout)
+		fmt.Printf("[discovery] %v\n", err)
+		wg.Wait()
+		return nil, err
+	case <-stopChan:
+		wg.Wait()
+		return resultingKubeConfig, nil
+	}
 }

 // parsePEMCert decodes a PEM-formatted certificate and returns it as an x509.Certificate
--- a/vendor/k8s.io/kubernetes/cmd/kubeadm/app/discovery/token/token_test.go
+++ b/vendor/k8s.io/kubernetes/cmd/kubeadm/app/discovery/token/token_test.go
@ -68,11 +68,14 @@ func TestRunForEndpointsAndReturnFirst(t *testing.T) {
 		},
 	}
 	for _, rt := range tests {
-		returnKubeConfig := runForEndpointsAndReturnFirst(rt.endpoints, func(endpoint string) (*clientcmdapi.Config, error) {
+		returnKubeConfig, err := runForEndpointsAndReturnFirst(rt.endpoints, 5*time.Minute, func(endpoint string) (*clientcmdapi.Config, error) {
 			timeout, _ := strconv.Atoi(endpoint)
 			time.Sleep(time.Second * time.Duration(timeout))
 			return kubeconfigutil.CreateBasic(endpoint, "foo", "foo", []byte{}), nil
 		})
+		if err != nil {
+			t.Errorf("unexpected error: %v for endpoint %s", err, rt.expectedEndpoint)
+		}
 		endpoint := returnKubeConfig.Clusters[returnKubeConfig.Contexts[returnKubeConfig.CurrentContext].Cluster].Server
 		if endpoint != rt.expectedEndpoint {
 			t.Errorf(