Feature: add hubself cert manage mode that use bearer token to bootst…

…rap yurthub agent
openyurtio · Sep 29, 2020 · 442f0dd · 442f0dd
1 parent 209e4de
commit 442f0dd
Show file tree

Hide file tree

Showing 7 changed files with 676 additions and 6 deletions.
diff --git a/cmd/yurthub/app/config/config.go b/cmd/yurthub/app/config/config.go
@@ -24,6 +24,8 @@ type YurtHubConfiguration struct {
 	HeartbeatHealthyThreshold int
 	HeartbeatTimeoutSeconds   int
 	MaxRequestInFlight        int
+	JoinToken                 string
+	RootDir                   string
 }
 
 // Complete converts *options.YurtHubOptions to *YurtHubConfiguration
@@ -45,6 +47,8 @@ func Complete(options *options.YurtHubOptions) (*YurtHubConfiguration, error) {
 		HeartbeatHealthyThreshold: options.HeartbeatHealthyThreshold,
 		HeartbeatTimeoutSeconds:   options.HeartbeatTimeoutSeconds,
 		MaxRequestInFlight:        options.MaxRequestInFlight,
+		JoinToken:                 options.JoinToken,
+		RootDir:                   options.RootDir,
 	}
 
 	return cfg, nil

diff --git a/cmd/yurthub/app/options/options.go b/cmd/yurthub/app/options/options.go
@@ -2,7 +2,9 @@ package options
 
 import (
 	"fmt"
+	"path/filepath"
 
+	"github.com/alibaba/openyurt/pkg/projectinfo"
 	"github.com/alibaba/openyurt/pkg/yurthub/util"
 	"github.com/spf13/pflag"
 )
@@ -20,6 +22,8 @@ type YurtHubOptions struct {
 	HeartbeatHealthyThreshold int
 	HeartbeatTimeoutSeconds   int
 	MaxRequestInFlight        int
+	JoinToken                 string
+	RootDir                   string
 }
 
 // NewYurtHubOptions creates a new YurtHubOptions with a default config.
@@ -28,12 +32,13 @@ func NewYurtHubOptions() *YurtHubOptions {
 		YurtHubHost:               "127.0.0.1",
 		YurtHubPort:               10261,
 		GCFrequency:               120,
-		CertMgrMode:               "kubelet",
+		CertMgrMode:               "hubself",
 		LBMode:                    "rr",
 		HeartbeatFailedRetry:      3,
 		HeartbeatHealthyThreshold: 2,
 		HeartbeatTimeoutSeconds:   2,
 		MaxRequestInFlight:        250,
+		RootDir:                   filepath.Join("/var/lib/", projectinfo.GetHubName()),
 	}
 
 	return o
@@ -65,12 +70,14 @@ func (o *YurtHubOptions) AddFlags(fs *pflag.FlagSet) {
 	fs.StringVar(&o.YurtHubHost, "bind-address", o.YurtHubHost, "the IP address on which to listen for the --serve-port port.")
 	fs.IntVar(&o.YurtHubPort, "serve-port", o.YurtHubPort, "the port on which to serve HTTP.")
 	fs.StringVar(&o.ServerAddr, "server-addr", o.ServerAddr, "the address of Kubernetes kube-apiserver,the format is: \"server1,server2,...\"")
-	fs.StringVar(&o.CertMgrMode, "cert-mgr-mode", o.CertMgrMode, "the cert manager mode, kubelet: use certificates that belongs to kubelet")
+	fs.StringVar(&o.CertMgrMode, "cert-mgr-mode", o.CertMgrMode, "the cert manager mode, kubelet: use certificates that belongs to kubelet, hubself: auto generate client cert for hub agent.")
 	fs.IntVar(&o.GCFrequency, "gc-frequency", o.GCFrequency, "the frequency to gc cache in storage(unit: minute).")
 	fs.StringVar(&o.NodeName, "node-name", o.NodeName, "the name of node that runs hub agent")
 	fs.StringVar(&o.LBMode, "lb-mode", o.LBMode, "the mode of load balancer to connect remote servers(rr, priority)")
 	fs.IntVar(&o.HeartbeatFailedRetry, "heartbeat-failed-retry", o.HeartbeatFailedRetry, "number of heartbeat request retry after having failed.")
 	fs.IntVar(&o.HeartbeatHealthyThreshold, "heartbeat-healthy-threshold", o.HeartbeatHealthyThreshold, "minimum consecutive successes for the heartbeat to be considered healthy after having failed.")
 	fs.IntVar(&o.HeartbeatTimeoutSeconds, "heartbeat-timeout-seconds", o.HeartbeatTimeoutSeconds, " number of seconds after which the heartbeat times out.")
 	fs.IntVar(&o.MaxRequestInFlight, "max-requests-in-flight", o.MaxRequestInFlight, "the maximum number of parallel requests.")
+	fs.StringVar(&o.JoinToken, "join-token", o.JoinToken, "the Join token for bootstrapping hub agent when --cert-mgr-mode=hubself.")
+	fs.StringVar(&o.RootDir, "root-dir", o.RootDir, "directory path for managing hub agent files(pki, cache etc).")
 }
diff --git a/cmd/yurthub/app/start.go b/cmd/yurthub/app/start.go
@@ -6,6 +6,7 @@ import (
 	"github.com/alibaba/openyurt/pkg/projectinfo"
 	"github.com/alibaba/openyurt/pkg/yurthub/cachemanager"
 	"github.com/alibaba/openyurt/pkg/yurthub/certificate"
+	"github.com/alibaba/openyurt/pkg/yurthub/certificate/hubself"
 	"github.com/alibaba/openyurt/pkg/yurthub/certificate/initializer"
 	"github.com/alibaba/openyurt/pkg/yurthub/certificate/kubelet"
 	"github.com/alibaba/openyurt/pkg/yurthub/gc"
@@ -79,6 +80,7 @@ func Run(cfg *config.YurtHubConfiguration, stopCh <-chan struct{}) error {
 	klog.Infof("%d. register cert managers", trace)
 	cmr := certificate.NewCertificateManagerRegistry()
 	kubelet.Register(cmr)
+	hubself.Register(cmr)
 	trace++
 
 	klog.Infof("%d. create cert manager with %s mode", trace, cfg.CertMgrMode)