Skip to content

Commit

Permalink
Revert "Setup a kubelet TLS configuration (#1073)" (#1103)
Browse files Browse the repository at this point in the history 
This reverts commit 924c24f.
  • Loading branch information
@JulienBalestra
JulienBalestra authored Jan 25, 2018
1 parent 924c24f commit bf928b6
Show file tree
Hide file tree
Showing 26 changed files with 199 additions and 1,209 deletions.
3 changes: 0 additions & 3 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,3 @@ dogstatsd.yaml

# Ignore debs from the root of the project.
datadog-agent*_amd64.deb

# Ignore pem created during the tests
*.pem
9 changes: 0 additions & 9 deletions pkg/config/config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -142,13 +142,6 @@ func init() {
Datadog.SetDefault("kubernetes_http_kubelet_port", 10255)
Datadog.SetDefault("kubernetes_https_kubelet_port", 10250)

Datadog.SetDefault("kubelet_tls_verify", true)
Datadog.SetDefault("kubelet_client_ca", "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt")

Datadog.SetDefault("kubelet_auth_token_path", "")
Datadog.SetDefault("kubelet_client_crt", "")
Datadog.SetDefault("kubelet_client_key", "")

// Kube ApiServer
Datadog.SetDefault("kubernetes_kubeconfig_path", "")

Expand Down Expand Up @@ -198,8 +191,6 @@ func init() {
Datadog.BindEnv("kubernetes_kubelet_host")
Datadog.BindEnv("kubernetes_http_kubelet_port")
Datadog.BindEnv("kubernetes_https_kubelet_port")
Datadog.BindEnv("kubelet_client_crt")
Datadog.BindEnv("kubelet_client_key")

Datadog.BindEnv("forwarder_timeout")
Datadog.BindEnv("forwarder_retry_queue_max_size")
Expand Down
4 changes: 1 addition & 3 deletions pkg/util/docker/docker_util.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,9 +39,7 @@ func (d *DockerUtil) ContainerList(ctx context.Context, options types.ContainerL

// DockerUtil wraps interactions with a local docker API.
type DockerUtil struct {
// used to setup the DockerUtil
initRetry retry.Retrier

retry.Retrier
sync.Mutex
cfg *Config
cli *client.Client
Expand Down
6 changes: 3 additions & 3 deletions pkg/util/docker/global.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,15 +37,15 @@ var (
func GetDockerUtil() (*DockerUtil, error) {
if globalDockerUtil == nil {
globalDockerUtil = &DockerUtil{}
globalDockerUtil.initRetry.SetupRetrier(&retry.Config{
globalDockerUtil.SetupRetrier(&retry.Config{
Name: "dockerutil",
AttemptMethod: globalDockerUtil.init,
Strategy: retry.RetryCount,
RetryCount: 10,
RetryDelay: 30 * time.Second,
})
}
err := globalDockerUtil.initRetry.TriggerRetry()
err := globalDockerUtil.TriggerRetry()
if err != nil {
log.Debugf("init error: %s", err)
return nil, err
Expand All @@ -58,7 +58,7 @@ func GetDockerUtil() (*DockerUtil, error) {
// calls to the docker server will result in nil pointer exceptions.
func EnableTestingMode() {
globalDockerUtil = &DockerUtil{}
globalDockerUtil.initRetry.SetupRetrier(&retry.Config{
globalDockerUtil.SetupRetrier(&retry.Config{
Name: "dockerutil",
Strategy: retry.JustTesting,
})
Expand Down
8 changes: 3 additions & 5 deletions pkg/util/kubernetes/apiserver/apiserver.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,9 +37,7 @@ const (
// ApiClient provides authenticated access to the
// apiserver endpoints. Use the shared instance via GetApiClient.
type APIClient struct {
// used to setup the APIClient
initRetry retry.Retrier

retry.Retrier
client *k8s.Client
timeout time.Duration
}
Expand All @@ -51,15 +49,15 @@ func GetAPIClient() (*APIClient, error) {
// TODO: make it configurable if requested
timeout: 5 * time.Second,
}
globalApiClient.initRetry.SetupRetrier(&retry.Config{
globalApiClient.SetupRetrier(&retry.Config{
Name: "apiserver",
AttemptMethod: globalApiClient.connect,
Strategy: retry.RetryCount,
RetryCount: 10,
RetryDelay: 30 * time.Second,
})
}
err := globalApiClient.initRetry.TriggerRetry()
err := globalApiClient.TriggerRetry()
if err != nil {
log.Debugf("init error: %s", err)
return nil, err
Expand Down
52 changes: 10 additions & 42 deletions pkg/util/kubernetes/auth.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,54 +6,22 @@
package kubernetes

import (
"crypto/tls"
"crypto/x509"
"fmt"
"io/ioutil"
"os"

log "github.com/cihub/seelog"
)

// Kubernetes constants
// Kubelet constants
const (
ServiceAccountPath = "/var/run/secrets/kubernetes.io/serviceaccount"
ServiceAccountTokenPath = ServiceAccountPath + "/token"
AuthTokenPath = "/var/run/secrets/kubernetes.io/serviceaccount/token"
)

// IsServiceAccountTokenAvailable returns if a service account token is available on disk
func IsServiceAccountTokenAvailable() bool {
_, err := os.Stat(ServiceAccountTokenPath)
return err == nil
}

// GetBearerToken reads the serviceaccount token
func GetBearerToken(authTokenPath string) (string, error) {
token, err := ioutil.ReadFile(authTokenPath)
if err != nil {
return "", fmt.Errorf("could not read token from %s: %s", authTokenPath, err)
}
return fmt.Sprintf("bearer %s", token), nil
}

// GetCertificates loads the certificate and the private key
func GetCertificates(certFilePath, keyFilePath string) ([]tls.Certificate, error) {
var certs []tls.Certificate
cert, err := tls.LoadX509KeyPair(certFilePath, keyFilePath)
if err != nil {
return certs, err
}
return append(certs, cert), nil
}

// GetCertificateAuthority loads the issuing certificate authority
func GetCertificateAuthority(certPath string) (*x509.CertPool, error) {
caCert, err := ioutil.ReadFile(certPath)
// GetAuthToken reads the serviceaccount token
func GetAuthToken() string {
token, err := ioutil.ReadFile(AuthTokenPath)
if err != nil {
return nil, err
}
caCertPool := x509.NewCertPool()
ok := caCertPool.AppendCertsFromPEM(caCert)
if ok == false {
return caCertPool, fmt.Errorf("fail to load certificate authority: %s", certPath)
log.Errorf("Could not read token from %s: %s", AuthTokenPath, err)
return ""
}
return caCertPool, nil
return string(token)
}
51 changes: 0 additions & 51 deletions pkg/util/kubernetes/kubelet/init.go
View file

This file was deleted.

Loading

0 comments on commit bf928b6

Please sign in to comment.