From 5f7cb0c0a222267a4f29301da181ffde8893cd8f Mon Sep 17 00:00:00 2001 From: Amit Watve Date: Tue, 23 Mar 2021 01:33:41 -0700 Subject: [PATCH 1/2] default gke to ignor gcp ssh keys. --- kubetest2-gke/deployer/deployer.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubetest2-gke/deployer/deployer.go b/kubetest2-gke/deployer/deployer.go index e0a443ef..c12eb4b6 100644 --- a/kubetest2-gke/deployer/deployer.go +++ b/kubetest2-gke/deployer/deployer.go @@ -223,7 +223,7 @@ func bindFlags(d *deployer) *pflag.FlagSet { flags.StringVar(&d.zone, "zone", "", "For use with gcloud commands to specify the cluster zone.") flags.IntVar(&d.nodes, "num-nodes", defaultNodePool.Nodes, "For use with gcloud commands to specify the number of nodes for the cluster.") flags.StringVar(&d.machineType, "machine-type", defaultNodePool.MachineType, "For use with gcloud commands to specify the machine type for the cluster.") - flags.BoolVar(&d.gcpSSHKeyIgnored, "ignore-gcp-ssh-key", false, "Whether the GCP SSH key should be ignored or not for bringing up the cluster.") + flags.BoolVar(&d.gcpSSHKeyIgnored, "ignore-gcp-ssh-key", true, "Whether the GCP SSH key should be ignored or not for bringing up the cluster.") flags.BoolVar(&d.workloadIdentityEnabled, "enable-workload-identity", false, "Whether enable workload identity for the cluster or not.") flags.StringVar(&d.privateClusterAccessLevel, "private-cluster-access-level", "", "Private cluster access level, if not empty, must be one of 'no', 'limited' or 'unrestricted'") flags.StringSliceVar(&d.privateClusterMasterIPRanges, "private-cluster-master-ip-range", []string{"172.16.0.32/28"}, "Private cluster master IP ranges. It should be IPv4 CIDR(s), and its length must be the same as the number of clusters if private cluster is requested.") From 21d2d96f74b66d11ed8a2a6de56bc08eaaec889b Mon Sep 17 00:00:00 2001 From: Amit Watve Date: Tue, 23 Mar 2021 02:03:02 -0700 Subject: [PATCH 2/2] setup ssh keys from envs --- kubetest2-gce/deployer/up.go | 53 ++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) diff --git a/kubetest2-gce/deployer/up.go b/kubetest2-gce/deployer/up.go index 452ee865..9acc78fd 100644 --- a/kubetest2-gce/deployer/up.go +++ b/kubetest2-gce/deployer/up.go @@ -22,7 +22,14 @@ import ( "path/filepath" "k8s.io/klog" + "sigs.k8s.io/kubetest2/pkg/exec" + "sigs.k8s.io/kubetest2/pkg/fs" +) + +const ( + ciPrivateKeyEnv = "GCE_SSH_PRIVATE_KEY_FILE" + ciPublicKeyEnv = "GCE_SSH_PUBLIC_KEY_FILE" ) func (d *deployer) IsUp() (up bool, err error) { @@ -82,6 +89,8 @@ func (d *deployer) Up() error { } }() + maybeSetupSSHKeys() + env := d.buildEnv() script := filepath.Join(d.RepoRoot, "cluster", "kube-up.sh") klog.V(2).Infof("About to run script at: %s", script) @@ -148,3 +157,47 @@ func (d *deployer) verifyUpFlags() error { return nil } + +// maybeSetupSSHKeys will best-effort try to setup ssh keys for gcloud to reuse +// from existing files pointed to by "well-known" environment variables used in CI +func maybeSetupSSHKeys() { + home, err := os.UserHomeDir() + if err != nil { + klog.Warningf("failed to get user's home directory") + return + } + // check if there are existing ssh keys, if either exist don't do anything + klog.V(2).Info("checking for existing gcloud ssh keys...") + privateKey := filepath.Join(home, ".ssh", "google_compute_engine") + if _, err := os.Stat(privateKey); err == nil { + klog.V(2).Infof("found existing private key at %s", privateKey) + return + } + publicKey := privateKey + ".pub" + if _, err := os.Stat(publicKey); err == nil { + klog.V(2).Infof("found existing public key at %s", publicKey) + return + } + + // no existing keys check for CI variables, create gcloud key files if both exist + // note only checks if relevant envs are non-empty, no actual key verification checks + maybePrivateKey, privateKeyEnvSet := os.LookupEnv(ciPrivateKeyEnv) + if !privateKeyEnvSet { + klog.V(2).Infof("%s is not set", ciPrivateKeyEnv) + return + } + maybePublicKey, publicKeyEnvSet := os.LookupEnv(ciPublicKeyEnv) + if !publicKeyEnvSet { + klog.V(2).Infof("%s is not set", ciPublicKeyEnv) + return + } + + if err := fs.CopyFile(maybePrivateKey, privateKey); err != nil { + klog.Warningf("failed to copy %s to %s: %v", maybePrivateKey, privateKey, err) + return + } + + if err := fs.CopyFile(maybePublicKey, publicKey); err != nil { + klog.Warningf("failed to copy %s to %s: %v", maybePublicKey, publicKey, err) + } +}