Merge pull request #25 from virtual-kubelet/usekubeconfig

Use kubeconfig if set to be passed to kubeproxy
virtual-kubelet · Nov 21, 2019 · fd54235 · fd54235
2 parents 658fa92 + 87f8601
commit fd54235
Showing 1 changed file with 72 additions and 22 deletions.
diff --git a/aci.go b/aci.go
@@ -34,7 +34,9 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/intstr"
-	clientcmdv1 "k8s.io/client-go/tools/clientcmd/api/v1"
+	"k8s.io/client-go/tools/clientcmd"
+	clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
+	clientcmdapiv1 "k8s.io/client-go/tools/clientcmd/api/v1"
 	stats "k8s.io/kubernetes/pkg/kubelet/apis/stats/v1alpha1"
 )
 
@@ -460,43 +462,75 @@ func getNetworkProfileName(subnetID string) string {
 }
 
 func getKubeProxyExtension(secretPath, masterURI, clusterCIDR string) (*aci.Extension, error) {
-	ca, err := ioutil.ReadFile(secretPath + "/ca.crt")
-	if err != nil {
-		return nil, fmt.Errorf("failed to read ca.crt file: %v", err)
+	name := "virtual-kubelet"
+	var certAuthData []byte
+	var authInfo *clientcmdapi.AuthInfo
+
+	// Try loading kubeconfig if path to it is specified.
+	kubeconfig := os.Getenv("KUBECONFIG")
+	if kubeconfig != "" {
+		if _, err := os.Stat(kubeconfig); !os.IsNotExist(err) {
+			// Get the kubeconfig from the filepath.
+			var configFromPath *clientcmdapi.Config
+			configFromPath, err = clientcmd.LoadFromFile(kubeconfig)
+			if err == nil &&
+				len(configFromPath.Clusters) > 0 &&
+				len(configFromPath.AuthInfos) > 0 {
+
+				certAuthData = getKubeconfigCertAuthData(configFromPath.Clusters)
+				authInfo = getKubeconfigAuthInfo(configFromPath.AuthInfos)
+			}
+		}
 	}
 
-	var token []byte
-	token, err = ioutil.ReadFile(secretPath + "/token")
-	if err != nil {
-		return nil, fmt.Errorf("failed to read token file: %v", err)
-	}
+	if len(certAuthData) <= 0 || authInfo == nil {
+		var err error
+		certAuthData, err = ioutil.ReadFile(secretPath + "/ca.crt")
+		if err != nil {
+			return nil, fmt.Errorf("failed to read ca.crt file: %v", err)
+		}
 
-	name := "virtual-kubelet"
+		var token []byte
+		token, err = ioutil.ReadFile(secretPath + "/token")
+		if err != nil {
+			return nil, fmt.Errorf("failed to read token file: %v", err)
+		}
 
-	config := clientcmdv1.Config{
+		authInfo = &clientcmdapi.AuthInfo{
+			Token: string(token),
+		}
+	}
+
+	config := clientcmdapiv1.Config{
 		APIVersion: "v1",
 		Kind:       "Config",
-		Clusters: []clientcmdv1.NamedCluster{
-			clientcmdv1.NamedCluster{
+		Clusters: []clientcmdapiv1.NamedCluster{
+			clientcmdapiv1.NamedCluster{
 				Name: name,
-				Cluster: clientcmdv1.Cluster{
+				Cluster: clientcmdapiv1.Cluster{
 					Server: masterURI,
-					CertificateAuthorityData: ca,
+					CertificateAuthorityData: certAuthData,
 				},
 			},
 		},
-		AuthInfos: []clientcmdv1.NamedAuthInfo{
-			clientcmdv1.NamedAuthInfo{
+		AuthInfos: []clientcmdapiv1.NamedAuthInfo{
+			clientcmdapiv1.NamedAuthInfo{
 				Name: name,
-				AuthInfo: clientcmdv1.AuthInfo{
-					Token: string(token),
+				AuthInfo: clientcmdapiv1.AuthInfo{
+					ClientCertificate:     authInfo.ClientCertificate,
+					ClientCertificateData: authInfo.ClientCertificateData,
+					ClientKey:             authInfo.ClientKey,
+					ClientKeyData:         authInfo.ClientKeyData,
+					Token:                 authInfo.Token,
+					Username:              authInfo.Username,
+					Password:              authInfo.Password,
 				},
 			},
 		},
-		Contexts: []clientcmdv1.NamedContext{
-			clientcmdv1.NamedContext{
+		Contexts: []clientcmdapiv1.NamedContext{
+			clientcmdapiv1.NamedContext{
 				Name: name,
-				Context: clientcmdv1.Context{
+				Context: clientcmdapiv1.Context{
 					Cluster:  name,
 					AuthInfo: name,
 				},
@@ -528,6 +562,22 @@ func getKubeProxyExtension(secretPath, masterURI, clusterCIDR string) (*aci.Exte
 	return &extension, nil
 }
 
+func getKubeconfigCertAuthData(clusters map[string]*clientcmdapi.Cluster) []byte {
+	for _, v := range clusters {
+		return v.CertificateAuthorityData
+	}
+
+	return make([]byte, 0)
+}
+
+func getKubeconfigAuthInfo(authInfos map[string]*clientcmdapi.AuthInfo) *clientcmdapi.AuthInfo {
+	for _, v := range authInfos {
+		return v
+	}
+
+	return nil
+}
+
 func addAzureAttributes(ctx context.Context, span trace.Span, p *ACIProvider) context.Context {
 	return span.WithFields(ctx, log.Fields{
 		"azure.resourceGroup": p.resourceGroup,