def join_dqlite(connection_parts, verify=True, interface=None):
"""
Configure node to join a dqlite cluster.
:param connection_parts: connection string parts
:param interface: source address to be used for the HTTP connection
"""
token = connection_parts[1]
master_ep = connection_parts[0].split(":")
master_ip = master_ep[0]
master_port = master_ep[1]
fingerprint = None
if len(connection_parts) > 2:
fingerprint = connection_parts[2]
verify = False
print("Contacting cluster at {}".format(master_ip))
info = get_connection_info(
master_ip,
master_port,
token,
cluster_type="dqlite",
verify_peer=verify,
fingerprint=fingerprint,
interface=interface,
)
hostname_override = info["hostname_override"]
store_cert("ca.crt", info["ca"])
store_cert("ca.key", info["ca_key"])
store_cert("serviceaccount.key", info["service_account_key"])
# triplets of [username in known_tokens.csv, username in kubeconfig, kubeconfig filename name]
for component in [
("kube-proxy", "kubeproxy", "proxy.config"),
("kubelet", "kubelet", "kubelet.config"),
("kube-controller-manager", "controller", "controller.config"),
("kube-scheduler", "scheduler", "scheduler.config"),
]:
component_token = get_token(component[0])
if not component_token:
print("Error, could not locate {} token. Joining cluster failed.".
format(component[0]))
exit(3)
assert token is not None
# TODO make this configurable
create_kubeconfig(component_token, info["ca"], "127.0.0.1", "16443",
component[2], component[1])
if "admin_token" in info:
replace_admin_token(info["admin_token"])
create_admin_kubeconfig(info["ca"], info["admin_token"])
store_base_kubelet_args(info["kubelet_args"])
store_callback_token(info["callback_token"])
update_dqlite(info["cluster_cert"], info["cluster_key"], info["voters"],
hostname_override)
# We want to update the local CNI yaml but we do not want to apply it.
# The cni is applied already in the cluster we join
try_initialise_cni_autodetect_for_clustering(master_ip, apply_cni=False)
def join_dqlite_master_node(info, master_ip, token):
"""
Join this node to a cluster running dqlite.
:param info: dictionary with the connection information
:param master_ip: the IP of the master node we contacted to connect to the cluster
:param token: the token to pass to the master in order to authenticate with it
"""
hostname_override = info["hostname_override"]
store_cert("ca.crt", info["ca"])
store_cert("ca.key", info["ca_key"])
store_cert("serviceaccount.key", info["service_account_key"])
# triplets of [username in known_tokens.csv, username in kubeconfig, kubeconfig filename name]
for component in [
("kube-proxy", "kubeproxy", "proxy.config"),
("kubelet", "kubelet", "kubelet.config"),
("kube-controller-manager", "controller", "controller.config"),
("kube-scheduler", "scheduler", "scheduler.config"),
]:
component_token = get_token(component[0])
if not component_token:
print("Error, could not locate {} token. Joining cluster failed.".format(component[0]))
exit(3)
assert token is not None
# TODO make this configurable
create_kubeconfig(
component_token, info["ca"], "127.0.0.1", "16443", component[2], component[1]
)
if "admin_token" in info:
replace_admin_token(info["admin_token"])
if "api_authz_mode" in info:
update_apiserver(info["api_authz_mode"])
create_admin_kubeconfig(info["ca"], info["admin_token"])
store_base_kubelet_args(info["kubelet_args"])
update_kubelet_node_ip(info["kubelet_args"], hostname_override)
store_callback_token(info["callback_token"])
update_dqlite(info["cluster_cert"], info["cluster_key"], info["voters"], hostname_override)
# We want to update the local CNI yaml but we do not want to apply it.
# The cni is applied already in the cluster we join
try_initialise_cni_autodetect_for_clustering(master_ip, apply_cni=False)
mark_no_cert_reissue()
