set_cluster.go

Documentation: k8s.io/kubectl/pkg/cmd/config

     1  /*
     2  Copyright 2014 The Kubernetes Authors.
     3  
     4  Licensed under the Apache License, Version 2.0 (the "License");
     5  you may not use this file except in compliance with the License.
     6  You may obtain a copy of the License at
     7  
     8      http://www.apache.org/licenses/LICENSE-2.0
     9  
    10  Unless required by applicable law or agreed to in writing, software
    11  distributed under the License is distributed on an "AS IS" BASIS,
    12  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  See the License for the specific language governing permissions and
    14  limitations under the License.
    15  */
    16  
    17  package config
    18  
    19  import (
    20  	"errors"
    21  	"fmt"
    22  	"io"
    23  	"os"
    24  	"path/filepath"
    25  
    26  	"github.com/spf13/cobra"
    27  	"k8s.io/client-go/tools/clientcmd"
    28  	clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
    29  	cliflag "k8s.io/component-base/cli/flag"
    30  	cmdutil "k8s.io/kubectl/pkg/cmd/util"
    31  	"k8s.io/kubectl/pkg/util/i18n"
    32  	"k8s.io/kubectl/pkg/util/templates"
    33  )
    34  
    35  type setClusterOptions struct {
    36  	configAccess          clientcmd.ConfigAccess
    37  	name                  string
    38  	server                cliflag.StringFlag
    39  	tlsServerName         cliflag.StringFlag
    40  	insecureSkipTLSVerify cliflag.Tristate
    41  	certificateAuthority  cliflag.StringFlag
    42  	embedCAData           cliflag.Tristate
    43  	proxyURL              cliflag.StringFlag
    44  }
    45  
    46  var (
    47  	setClusterLong = templates.LongDesc(i18n.T(`
    48  		Set a cluster entry in kubeconfig.
    49  
    50  		Specifying a name that already exists will merge new fields on top of existing values for those fields.`))
    51  
    52  	setClusterExample = templates.Examples(`
    53  		# Set only the server field on the e2e cluster entry without touching other values
    54  		kubectl config set-cluster e2e --server=https://1.2.3.4
    55  
    56  		# Embed certificate authority data for the e2e cluster entry
    57  		kubectl config set-cluster e2e --embed-certs --certificate-authority=~/.kube/e2e/kubernetes.ca.crt
    58  
    59  		# Disable cert checking for the e2e cluster entry
    60  		kubectl config set-cluster e2e --insecure-skip-tls-verify=true
    61  
    62  		# Set the custom TLS server name to use for validation for the e2e cluster entry
    63  		kubectl config set-cluster e2e --tls-server-name=my-cluster-name
    64  
    65  		# Set the proxy URL for the e2e cluster entry
    66  		kubectl config set-cluster e2e --proxy-url=https://1.2.3.4`)
    67  )
    68  
    69  // NewCmdConfigSetCluster returns a Command instance for 'config set-cluster' sub command
    70  func NewCmdConfigSetCluster(out io.Writer, configAccess clientcmd.ConfigAccess) *cobra.Command {
    71  	options := &setClusterOptions{configAccess: configAccess}
    72  
    73  	cmd := &cobra.Command{
    74  		Use:                   fmt.Sprintf("set-cluster NAME [--%v=server] [--%v=path/to/certificate/authority] [--%v=true] [--%v=example.com]", clientcmd.FlagAPIServer, clientcmd.FlagCAFile, clientcmd.FlagInsecure, clientcmd.FlagTLSServerName),
    75  		DisableFlagsInUseLine: true,
    76  		Short:                 i18n.T("Set a cluster entry in kubeconfig"),
    77  		Long:                  setClusterLong,
    78  		Example:               setClusterExample,
    79  		Run: func(cmd *cobra.Command, args []string) {
    80  			cmdutil.CheckErr(options.complete(cmd))
    81  			cmdutil.CheckErr(options.run())
    82  			fmt.Fprintf(out, "Cluster %q set.\n", options.name)
    83  		},
    84  	}
    85  
    86  	options.insecureSkipTLSVerify.Default(false)
    87  
    88  	cmd.Flags().Var(&options.server, clientcmd.FlagAPIServer, clientcmd.FlagAPIServer+" for the cluster entry in kubeconfig")
    89  	cmd.Flags().Var(&options.tlsServerName, clientcmd.FlagTLSServerName, clientcmd.FlagTLSServerName+" for the cluster entry in kubeconfig")
    90  	f := cmd.Flags().VarPF(&options.insecureSkipTLSVerify, clientcmd.FlagInsecure, "", clientcmd.FlagInsecure+" for the cluster entry in kubeconfig")
    91  	f.NoOptDefVal = "true"
    92  	cmd.Flags().Var(&options.certificateAuthority, clientcmd.FlagCAFile, "Path to "+clientcmd.FlagCAFile+" file for the cluster entry in kubeconfig")
    93  	cmd.MarkFlagFilename(clientcmd.FlagCAFile)
    94  	f = cmd.Flags().VarPF(&options.embedCAData, clientcmd.FlagEmbedCerts, "", clientcmd.FlagEmbedCerts+" for the cluster entry in kubeconfig")
    95  	f.NoOptDefVal = "true"
    96  	cmd.Flags().Var(&options.proxyURL, clientcmd.FlagProxyURL, clientcmd.FlagProxyURL+" for the cluster entry in kubeconfig")
    97  
    98  	return cmd
    99  }
   100  
   101  func (o setClusterOptions) run() error {
   102  	err := o.validate()
   103  	if err != nil {
   104  		return err
   105  	}
   106  
   107  	config, err := o.configAccess.GetStartingConfig()
   108  	if err != nil {
   109  		return err
   110  	}
   111  
   112  	startingStanza, exists := config.Clusters[o.name]
   113  	if !exists {
   114  		startingStanza = clientcmdapi.NewCluster()
   115  	}
   116  	cluster := o.modifyCluster(*startingStanza)
   117  	config.Clusters[o.name] = &cluster
   118  
   119  	if err := clientcmd.ModifyConfig(o.configAccess, *config, true); err != nil {
   120  		return err
   121  	}
   122  
   123  	return nil
   124  }
   125  
   126  func (o *setClusterOptions) modifyCluster(existingCluster clientcmdapi.Cluster) clientcmdapi.Cluster {
   127  	modifiedCluster := existingCluster
   128  
   129  	if o.server.Provided() {
   130  		modifiedCluster.Server = o.server.Value()
   131  		// specifying a --server on the command line, overrides the TLSServerName that was specified in the kubeconfig file.
   132  		// if both are specified, then the next if block will write the new TLSServerName.
   133  		modifiedCluster.TLSServerName = ""
   134  	}
   135  	if o.tlsServerName.Provided() {
   136  		modifiedCluster.TLSServerName = o.tlsServerName.Value()
   137  	}
   138  	if o.insecureSkipTLSVerify.Provided() {
   139  		modifiedCluster.InsecureSkipTLSVerify = o.insecureSkipTLSVerify.Value()
   140  		// Specifying insecure mode clears any certificate authority
   141  		if modifiedCluster.InsecureSkipTLSVerify {
   142  			modifiedCluster.CertificateAuthority = ""
   143  			modifiedCluster.CertificateAuthorityData = nil
   144  		}
   145  	}
   146  	if o.certificateAuthority.Provided() {
   147  		caPath := o.certificateAuthority.Value()
   148  		if o.embedCAData.Value() {
   149  			modifiedCluster.CertificateAuthorityData, _ = os.ReadFile(caPath)
   150  			modifiedCluster.InsecureSkipTLSVerify = false
   151  			modifiedCluster.CertificateAuthority = ""
   152  		} else {
   153  			caPath, _ = filepath.Abs(caPath)
   154  			modifiedCluster.CertificateAuthority = caPath
   155  			// Specifying a certificate authority file clears certificate authority data and insecure mode
   156  			if caPath != "" {
   157  				modifiedCluster.InsecureSkipTLSVerify = false
   158  				modifiedCluster.CertificateAuthorityData = nil
   159  			}
   160  		}
   161  	}
   162  
   163  	if o.proxyURL.Provided() {
   164  		modifiedCluster.ProxyURL = o.proxyURL.Value()
   165  	}
   166  
   167  	return modifiedCluster
   168  }
   169  
   170  func (o *setClusterOptions) complete(cmd *cobra.Command) error {
   171  	args := cmd.Flags().Args()
   172  	if len(args) != 1 {
   173  		return helpErrorf(cmd, "Unexpected args: %v", args)
   174  	}
   175  
   176  	o.name = args[0]
   177  	return nil
   178  }
   179  
   180  func (o setClusterOptions) validate() error {
   181  	if len(o.name) == 0 {
   182  		return errors.New("you must specify a non-empty cluster name")
   183  	}
   184  	if o.insecureSkipTLSVerify.Value() && o.certificateAuthority.Value() != "" {
   185  		return errors.New("you cannot specify a certificate authority and insecure mode at the same time")
   186  	}
   187  	if o.embedCAData.Value() {
   188  		caPath := o.certificateAuthority.Value()
   189  		if caPath == "" {
   190  			return fmt.Errorf("you must specify a --%s to embed", clientcmd.FlagCAFile)
   191  		}
   192  		if _, err := os.Stat(caPath); err != nil {
   193  			return fmt.Errorf("could not stat %s file %s: %v", clientcmd.FlagCAFile, caPath, err)
   194  		}
   195  	}
   196  
   197  	return nil
   198  }
   199
View as plain text