k3s/pkg/cli/server/server.go

291 lines
9.9 KiB
Go
Raw Normal View History

2019-01-09 16:54:15 +00:00
package server
import (
"context"
"fmt"
net2 "net"
2019-01-09 16:54:15 +00:00
"os"
"path/filepath"
2019-01-22 21:14:58 +00:00
"strings"
2019-01-09 16:54:15 +00:00
systemd "github.com/coreos/go-systemd/daemon"
"github.com/erikdubbelboer/gspt"
"github.com/pkg/errors"
2019-01-09 16:54:15 +00:00
"github.com/rancher/k3s/pkg/agent"
"github.com/rancher/k3s/pkg/cli/cmds"
2019-03-08 22:47:44 +00:00
"github.com/rancher/k3s/pkg/datadir"
"github.com/rancher/k3s/pkg/netutil"
2019-03-08 22:47:44 +00:00
"github.com/rancher/k3s/pkg/rootless"
2019-01-09 16:54:15 +00:00
"github.com/rancher/k3s/pkg/server"
"github.com/rancher/k3s/pkg/token"
"github.com/rancher/k3s/pkg/version"
2020-07-10 17:34:00 +00:00
"github.com/rancher/spur/cli"
2019-05-09 22:05:51 +00:00
"github.com/rancher/wrangler/pkg/signals"
2019-01-09 16:54:15 +00:00
"github.com/sirupsen/logrus"
"k8s.io/apimachinery/pkg/util/net"
kubeapiserverflag "k8s.io/component-base/cli/flag"
2019-05-29 18:53:51 +00:00
"k8s.io/kubernetes/pkg/master"
2019-01-22 21:14:58 +00:00
2019-05-15 23:05:24 +00:00
_ "github.com/go-sql-driver/mysql" // ensure we have mysql
_ "github.com/lib/pq" // ensure we have postgres
_ "github.com/mattn/go-sqlite3" // ensure we have sqlite
2019-01-09 16:54:15 +00:00
)
func Run(app *cli.Context) error {
return run(app, &cmds.ServerConfig)
}
func run(app *cli.Context, cfg *cmds.Server) error {
var (
err error
)
// hide process arguments from ps output, since they may contain
// database credentials or other secrets.
gspt.SetProcTitle(os.Args[0] + " server")
2019-03-08 22:47:44 +00:00
if !cfg.DisableAgent && os.Getuid() != 0 && !cfg.Rootless {
2019-01-09 16:54:15 +00:00
return fmt.Errorf("must run as root unless --disable-agent is specified")
}
2019-03-08 22:47:44 +00:00
if cfg.Rootless {
dataDir, err := datadir.LocalHome(cfg.DataDir, true)
if err != nil {
return err
}
cfg.DataDir = dataDir
if err := rootless.Rootless(dataDir); err != nil {
return err
}
}
2019-11-14 19:42:42 +00:00
if cfg.Token == "" && cfg.ClusterSecret != "" {
cfg.Token = cfg.ClusterSecret
}
2019-01-09 16:54:15 +00:00
serverConfig := server.Config{}
serverConfig.DisableAgent = cfg.DisableAgent
serverConfig.ControlConfig.Token = cfg.Token
serverConfig.ControlConfig.AgentToken = cfg.AgentToken
serverConfig.ControlConfig.JoinURL = cfg.ServerURL
if cfg.AgentTokenFile != "" {
serverConfig.ControlConfig.AgentToken, err = token.ReadFile(cfg.AgentTokenFile)
if err != nil {
return err
}
}
if cfg.TokenFile != "" {
serverConfig.ControlConfig.Token, err = token.ReadFile(cfg.TokenFile)
if err != nil {
return err
}
}
2019-01-09 16:54:15 +00:00
serverConfig.ControlConfig.DataDir = cfg.DataDir
2019-01-22 21:14:58 +00:00
serverConfig.ControlConfig.KubeConfigOutput = cfg.KubeConfigOutput
serverConfig.ControlConfig.KubeConfigMode = cfg.KubeConfigMode
2019-07-12 16:59:03 +00:00
serverConfig.ControlConfig.NoScheduler = cfg.DisableScheduler
2019-03-08 22:47:44 +00:00
serverConfig.Rootless = cfg.Rootless
serverConfig.ControlConfig.SANs = knownIPs(cfg.TLSSan)
serverConfig.ControlConfig.BindAddress = cfg.BindAddress
serverConfig.ControlConfig.SupervisorPort = cfg.SupervisorPort
2019-05-29 18:53:51 +00:00
serverConfig.ControlConfig.HTTPSPort = cfg.HTTPSPort
serverConfig.ControlConfig.APIServerPort = cfg.APIServerPort
serverConfig.ControlConfig.APIServerBindAddress = cfg.APIServerBindAddress
serverConfig.ControlConfig.ExtraAPIArgs = cfg.ExtraAPIArgs
serverConfig.ControlConfig.ExtraControllerArgs = cfg.ExtraControllerArgs
serverConfig.ControlConfig.ExtraSchedulerAPIArgs = cfg.ExtraSchedulerArgs
2019-04-12 06:06:35 +00:00
serverConfig.ControlConfig.ClusterDomain = cfg.ClusterDomain
2019-11-16 00:12:27 +00:00
serverConfig.ControlConfig.Datastore.Endpoint = cfg.DatastoreEndpoint
serverConfig.ControlConfig.Datastore.CAFile = cfg.DatastoreCAFile
serverConfig.ControlConfig.Datastore.CertFile = cfg.DatastoreCertFile
serverConfig.ControlConfig.Datastore.KeyFile = cfg.DatastoreKeyFile
2019-05-29 18:53:51 +00:00
serverConfig.ControlConfig.AdvertiseIP = cfg.AdvertiseIP
serverConfig.ControlConfig.AdvertisePort = cfg.AdvertisePort
2019-09-03 23:41:54 +00:00
serverConfig.ControlConfig.FlannelBackend = cfg.FlannelBackend
2019-10-15 21:17:26 +00:00
serverConfig.ControlConfig.ExtraCloudControllerArgs = cfg.ExtraCloudControllerArgs
serverConfig.ControlConfig.DisableCCM = cfg.DisableCCM
2019-10-17 21:46:15 +00:00
serverConfig.ControlConfig.DisableNPC = cfg.DisableNPC
2020-04-27 16:31:25 +00:00
serverConfig.ControlConfig.DisableKubeProxy = cfg.DisableKubeProxy
serverConfig.ControlConfig.ClusterInit = cfg.ClusterInit
serverConfig.ControlConfig.ClusterReset = cfg.ClusterReset
2019-12-12 22:41:10 +00:00
serverConfig.ControlConfig.EncryptSecrets = cfg.EncryptSecrets
2019-05-29 18:53:51 +00:00
if serverConfig.ControlConfig.SupervisorPort == 0 {
serverConfig.ControlConfig.SupervisorPort = serverConfig.ControlConfig.HTTPSPort
}
2019-07-08 23:02:06 +00:00
if cmds.AgentConfig.FlannelIface != "" && cmds.AgentConfig.NodeIP == "" {
cmds.AgentConfig.NodeIP = netutil.GetIPFromInterface(cmds.AgentConfig.FlannelIface)
}
if serverConfig.ControlConfig.AdvertiseIP == "" && cmds.AgentConfig.NodeExternalIP != "" {
serverConfig.ControlConfig.AdvertiseIP = cmds.AgentConfig.NodeExternalIP
}
2019-05-29 18:53:51 +00:00
if serverConfig.ControlConfig.AdvertiseIP == "" && cmds.AgentConfig.NodeIP != "" {
serverConfig.ControlConfig.AdvertiseIP = cmds.AgentConfig.NodeIP
}
if serverConfig.ControlConfig.AdvertiseIP != "" {
serverConfig.ControlConfig.SANs = append(serverConfig.ControlConfig.SANs, serverConfig.ControlConfig.AdvertiseIP)
2019-05-29 18:53:51 +00:00
}
2019-01-09 16:54:15 +00:00
_, serverConfig.ControlConfig.ClusterIPRange, err = net2.ParseCIDR(cfg.ClusterCIDR)
if err != nil {
return errors.Wrapf(err, "Invalid CIDR %s: %v", cfg.ClusterCIDR, err)
}
2019-03-06 10:37:03 +00:00
_, serverConfig.ControlConfig.ServiceIPRange, err = net2.ParseCIDR(cfg.ServiceCIDR)
if err != nil {
return errors.Wrapf(err, "Invalid CIDR %s: %v", cfg.ServiceCIDR, err)
}
2019-12-12 01:23:55 +00:00
_, apiServerServiceIP, err := master.ServiceIPRange(*serverConfig.ControlConfig.ServiceIPRange)
2019-05-29 18:53:51 +00:00
if err != nil {
return err
}
serverConfig.ControlConfig.SANs = append(serverConfig.ControlConfig.SANs, apiServerServiceIP.String())
2019-05-29 18:53:51 +00:00
// If cluster-dns CLI arg is not set, we set ClusterDNS address to be ServiceCIDR network + 10,
// i.e. when you set service-cidr to 192.168.0.0/16 and don't provide cluster-dns, it will be set to 192.168.0.10
if cfg.ClusterDNS == "" {
serverConfig.ControlConfig.ClusterDNS = make(net2.IP, 4)
copy(serverConfig.ControlConfig.ClusterDNS, serverConfig.ControlConfig.ServiceIPRange.IP.To4())
serverConfig.ControlConfig.ClusterDNS[3] = 10
} else {
serverConfig.ControlConfig.ClusterDNS = net2.ParseIP(cfg.ClusterDNS)
}
2019-09-27 00:18:37 +00:00
if cfg.DefaultLocalStoragePath == "" {
dataDir, err := datadir.LocalHome(cfg.DataDir, false)
if err != nil {
return err
}
serverConfig.ControlConfig.DefaultLocalStoragePath = filepath.Join(dataDir, "/storage")
} else {
serverConfig.ControlConfig.DefaultLocalStoragePath = cfg.DefaultLocalStoragePath
}
2020-01-29 23:40:49 +00:00
serverConfig.ControlConfig.Skips = map[string]bool{}
2019-01-22 21:14:58 +00:00
for _, noDeploy := range app.StringSlice("no-deploy") {
2020-01-29 23:40:49 +00:00
for _, v := range strings.Split(noDeploy, ",") {
v = strings.TrimSpace(v)
2020-01-29 23:40:49 +00:00
serverConfig.ControlConfig.Skips[v] = true
}
}
2020-01-29 23:40:49 +00:00
serverConfig.ControlConfig.Disables = map[string]bool{}
for _, disable := range app.StringSlice("disable") {
for _, v := range strings.Split(disable, ",") {
v = strings.TrimSpace(v)
2020-01-29 23:40:49 +00:00
serverConfig.ControlConfig.Skips[v] = true
serverConfig.ControlConfig.Disables[v] = true
2019-02-02 05:09:11 +00:00
}
2020-01-29 23:40:49 +00:00
}
if serverConfig.ControlConfig.Skips["servicelb"] {
serverConfig.DisableServiceLB = true
2019-01-22 21:14:58 +00:00
}
if serverConfig.ControlConfig.DisableCCM {
serverConfig.ControlConfig.Skips["ccm"] = true
serverConfig.ControlConfig.Disables["ccm"] = true
}
tlsMinVersionArg := getArgValueFromList("tls-min-version", cfg.ExtraAPIArgs)
serverConfig.ControlConfig.TLSMinVersion, err = kubeapiserverflag.TLSVersion(tlsMinVersionArg)
if err != nil {
return errors.Wrap(err, "Invalid tls-min-version")
}
serverConfig.SetupHooks = append(serverConfig.SetupHooks, cfg.SetupHooks...)
// TLS config based on mozilla ssl-config generator
// https://ssl-config.mozilla.org/#server=golang&version=1.13.6&config=intermediate&guideline=5.4
// Need to disable the TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Cipher for TLS1.2
tlsCipherSuitesArg := getArgValueFromList("tls-cipher-suites", cfg.ExtraAPIArgs)
tlsCipherSuites := strings.Split(tlsCipherSuitesArg, ",")
for i := range tlsCipherSuites {
tlsCipherSuites[i] = strings.TrimSpace(tlsCipherSuites[i])
}
if len(tlsCipherSuites) == 0 || tlsCipherSuites[0] == "" {
tlsCipherSuites = []string{
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
}
}
serverConfig.ControlConfig.TLSCipherSuites, err = kubeapiserverflag.TLSCipherSuites(tlsCipherSuites)
if err != nil {
return errors.Wrap(err, "Invalid tls-cipher-suites")
}
logrus.Info("Starting "+version.Program+" ", app.App.Version)
notifySocket := os.Getenv("NOTIFY_SOCKET")
os.Unsetenv("NOTIFY_SOCKET")
2019-05-09 22:05:51 +00:00
ctx := signals.SetupSignalHandler(context.Background())
if err := server.StartServer(ctx, &serverConfig); err != nil {
2019-01-09 16:54:15 +00:00
return err
}
go func() {
<-serverConfig.ControlConfig.Runtime.APIServerReady
logrus.Info("" + version.Program + " is up and running")
if notifySocket != "" {
os.Setenv("NOTIFY_SOCKET", notifySocket)
systemd.SdNotify(true, "READY=1\n")
}
}()
2019-01-09 16:54:15 +00:00
if cfg.DisableAgent {
<-ctx.Done()
return nil
}
ip := serverConfig.ControlConfig.BindAddress
2019-03-31 00:10:23 +00:00
if ip == "" {
2019-08-22 18:56:00 +00:00
ip = "127.0.0.1"
2019-03-31 00:10:23 +00:00
}
url := fmt.Sprintf("https://%s:%d", ip, serverConfig.ControlConfig.SupervisorPort)
token, err := server.FormatToken(serverConfig.ControlConfig.Runtime.AgentToken, serverConfig.ControlConfig.Runtime.ServerCA)
if err != nil {
return err
}
2019-01-09 16:54:15 +00:00
agentConfig := cmds.AgentConfig
2020-07-10 17:34:00 +00:00
agentConfig.Debug = app.Bool("debug")
2019-01-22 21:14:58 +00:00
agentConfig.DataDir = filepath.Dir(serverConfig.ControlConfig.DataDir)
2019-01-09 16:54:15 +00:00
agentConfig.ServerURL = url
agentConfig.Token = token
2019-07-24 07:22:31 +00:00
agentConfig.DisableLoadBalancer = true
agentConfig.Rootless = cfg.Rootless
if agentConfig.Rootless {
// let agent specify Rootless kubelet flags, but not unshare twice
agentConfig.RootlessAlreadyUnshared = true
}
2019-01-09 16:54:15 +00:00
return agent.Run(ctx, agentConfig)
}
2019-01-31 23:57:40 +00:00
2019-03-23 17:34:55 +00:00
func knownIPs(ips []string) []string {
ips = append(ips, "127.0.0.1")
2019-01-31 23:57:40 +00:00
ip, err := net.ChooseHostInterface()
if err == nil {
ips = append(ips, ip.String())
}
return ips
}
func getArgValueFromList(searchArg string, argList []string) string {
var value string
for _, arg := range argList {
splitArg := strings.SplitN(arg, "=", 2)
if splitArg[0] == searchArg {
value = splitArg[1]
// break if we found our value
break
}
}
return value
}