Canonical Kubernetes is an opinionated and CNCF conformant Kubernetes operated by Snaps and Charms, which come together to bring simplified operations and an enhanced security posture on any infrastructure.
GNU General Public License v3.0
40
stars
11
forks
source link
Implement CLI API Endpoints for CAPI Clustering #498
This pull request introduces two API endpoints for enabling support for CAPI clustering.
Rationale
We need to provide a mechanism to issue tokens using a static token for ClusterAPI clustering. This pull request adds the set-auth-token sub-command (under the x-capi command), which allows the user to set a static token for requesting a join token for a node. Additionally, it includes the GenerateJoinToken endpoint, which is accessible through the API and will verify the token header against the one set in the database via the previously mentioned CLI command.
Testing
This pull request has been manually tested.
root@kcp-1:~# k8s bootstrap
Bootstrapping the cluster. This may take a few seconds, please wait.
Bootstrapped a new Kubernetes cluster with node address "10.45.248.119:6400".
The node will be 'Ready' to host workloads after the CNI is deployed successfully.
root@kcp-1:~# k8s x-capi set-auth-token foo
root@kcp-1:~# curl --unix-socket /var/snap/k8s/common/var/lib/k8sd/state/control.socket localhost/1.0/x/capi/generate-join-token -H "token: foo" --request POST -H "Content-Type: application/json" --data '{"name": "kcp-2", "worker": false}'
{"type":"sync","status":"Success","status_code":200,"operation":"","error_code":0,"error":"","metadata":{"token":"eyJuYW1lIjoia2NwLTIiLCJzZWNyZXQiOiJiYWRmOWNkNjk0MDNmYWI2YTMzN2ZmZjk0ZmRmODk4ODE3MTVlMmY4ZTdmNjg0ZTNkZjFhMjEyMzY0OTU4YjgwIiwiZmluZ2VycHJp
bnQiOiJiZTc0YWI4MmYxYmNkOTU3NGJjNWQxZTk3MDlhMmFlMjdmZjdkZDJkOTk3MGFiNzVlNjJkOGQzZjhiMjI0MDI5Iiwiam9pbl9hZGRyZXNzZXMiOlsiMTAuNDUuMjQ4LjExOTo2NDAwIl19"}}
root@kcp-1:~# curl --unix-socket /var/snap/k8s/common/var/lib/k8sd/state/control.socket localhost/1.0/x/capi/generate-join-token -H "token: foo" --request POST -H "Content-Type: application/json" --data '{"name": "", "worker": true}'
{"type":"sync","status":"Success","status_code":200,"operation":"","error_code":0,"error":"","metadata":{"token":"eyJ0b2tlbiI6IiIsInNlY3JldCI6Indvcmtlcjo6ZGZmNzZlZmRkZDYyZTRlMmI2NDk2MjRmMDMzYzQ0MzM3ZDVlMjI0OCIsImpvaW5fYWRkcmVzc2VzIjpbIjEwLjQ1LjI0OC4x
MTk6NjQwMCJdLCJmaW5nZXJwcmludCI6ImJlNzRhYjgyZjFiY2Q5NTc0YmM1ZDFlOTcwOWEyYWUyN2ZmN2RkMmQ5OTcwYWI3NWU2MmQ4ZDNmOGIyMjQwMjkiLCJfIjoibSEhIn0"}}
root@kcp-1:~# curl --unix-socket /var/snap/k8s/common/var/lib/k8sd/state/control.socket localhost/1.0/x/capi/generate-join-token -H "token: bad-token" --request POST -H "Content-Type: application/json" --data '{"name": "", "worker": true}'
{"type":"error","status":"","status_code":0,"operation":"","error_code":401,"error":"invalid token","metadata":null}
Overview
This pull request introduces two API endpoints for enabling support for CAPI clustering.
Rationale
We need to provide a mechanism to issue tokens using a static token for ClusterAPI clustering. This pull request adds the
set-auth-tokensub-command (under thex-capicommand), which allows the user to set a static token for requesting a join token for a node. Additionally, it includes theGenerateJoinTokenendpoint, which is accessible through the API and will verify the token header against the one set in the database via the previously mentioned CLI command.Testing
This pull request has been manually tested.