Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / 12240f9bb95fae3b6c4737d825c498f35320e89b / . / metropolis / node / kubernetes / scheduler.go
blob: 74558691b231104d1ee16ea6b285205efac4ad7f [file] [log] [blame]
Tim Windelschmidt6d33a432025-02-04 14:34:25 +0100[diff] [blame]1// Copyright The Monogon Project Authors.
Lorenz Brun6e8f69c2019-11-18 10:44:24 +0100[diff] [blame]2// SPDX-License-Identifier: Apache-2.0
Lorenz Brun6e8f69c2019-11-18 10:44:24 +0100[diff] [blame]3
4package kubernetes
5
6import (
Lorenz Brun878f5f92020-05-12 16:15:39 +0200[diff] [blame]7 "context"
Lorenz Brun6e8f69c2019-11-18 10:44:24 +0100[diff] [blame]8 "encoding/pem"
9 "fmt"
Lorenz Brun6e8f69c2019-11-18 10:44:24 +0100[diff] [blame]10 "os/exec"
11
Serge Bazanski31370b02021-01-07 16:31:14 +0100[diff] [blame]12 "source.monogon.dev/metropolis/node/kubernetes/pki"
Tim Windelschmidt9f21f532024-05-07 15:14:20 +0200[diff] [blame]13 "source.monogon.dev/osbase/fileargs"
14 "source.monogon.dev/osbase/supervisor"
Lorenz Brun6e8f69c2019-11-18 10:44:24 +0100[diff] [blame]15)
16
17type schedulerConfig struct {
18 kubeConfig []byte
19 serverCert []byte
20 serverKey []byte
Tim Windelschmidt90613af2023-07-20 14:26:18 +0200[diff] [blame]21 rootCA []byte
Lorenz Brun6e8f69c2019-11-18 10:44:24 +0100[diff] [blame]22}
23
Serge Bazanski9411f7c2021-03-10 13:12:53 +0100[diff] [blame]24func getPKISchedulerConfig(ctx context.Context, kpki *pki.PKI) (*schedulerConfig, error) {
Lorenz Brun6e8f69c2019-11-18 10:44:24 +0100[diff] [blame]25 var config schedulerConfig
26 var err error
Tim Windelschmidt90613af2023-07-20 14:26:18 +0200[diff] [blame]27 config.rootCA, _, err = kpki.Certificate(ctx, pki.IdCA)
28 if err != nil {
29 return nil, fmt.Errorf("failed to get ID root CA: %w", err)
30 }
Serge Bazanskic2c7ad92020-07-13 17:20:09 +0200[diff] [blame]31 config.serverCert, config.serverKey, err = kpki.Certificate(ctx, pki.Scheduler)
Lorenz Brun6e8f69c2019-11-18 10:44:24 +0100[diff] [blame]32 if err != nil {
33 return nil, fmt.Errorf("failed to get scheduler serving certificate: %w", err)
34 }
Serge Bazanskie88ffe92023-03-21 13:38:46 +0100[diff] [blame]35 config.kubeConfig, err = kpki.Kubeconfig(ctx, pki.SchedulerClient, pki.KubernetesAPIEndpointForController)
Lorenz Brun6e8f69c2019-11-18 10:44:24 +0100[diff] [blame]36 if err != nil {
37 return nil, fmt.Errorf("failed to get scheduler kubeconfig: %w", err)
38 }
39 return &config, nil
40}
41
Serge Bazanski967be212020-11-02 11:26:59 +0100[diff] [blame]42func runScheduler(config schedulerConfig) supervisor.Runnable {
Lorenz Brun8e3b8fc2020-05-19 14:29:40 +0200[diff] [blame]43 return func(ctx context.Context) error {
44 args, err := fileargs.New()
45 if err != nil {
46 panic(err) // If this fails, something is very wrong. Just crash.
47 }
48 defer args.Close()
49 cmd := exec.CommandContext(ctx, "/kubernetes/bin/kube", "kube-scheduler",
50 args.FileOpt("--kubeconfig", "kubeconfig", config.kubeConfig),
Lorenz Brun8e3b8fc2020-05-19 14:29:40 +0200[diff] [blame]51 args.FileOpt("--tls-cert-file", "server-cert.pem",
52 pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: config.serverCert})),
53 args.FileOpt("--tls-private-key-file", "server-key.pem",
54 pem.EncodeToMemory(&pem.Block{Type: "PRIVATE KEY", Bytes: config.serverKey})),
Tim Windelschmidt90613af2023-07-20 14:26:18 +0200[diff] [blame]55 args.FileOpt("--client-ca-file", "root-ca.pem",
56 pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: config.rootCA})),
Lorenz Brund58edf42024-11-27 20:38:14 +0000[diff] [blame]57 extraFeatureGates.AsFlag(),
Lorenz Brun8e3b8fc2020-05-19 14:29:40 +0200[diff] [blame]58 )
59 if args.Error() != nil {
60 return fmt.Errorf("failed to use fileargs: %w", err)
61 }
Serge Bazanski05604292021-03-12 17:47:21 +0100[diff] [blame]62 return supervisor.RunCommand(ctx, cmd, supervisor.ParseKLog())
Lorenz Brun6e8f69c2019-11-18 10:44:24 +0100[diff] [blame]63 }
Lorenz Brun6e8f69c2019-11-18 10:44:24 +0100[diff] [blame]64}