switch from K3S_CLUSTER_SECRET to K3S_TOKEN and use exact matching to get node containers by name and make --cluster flag required when creating a new node

5 years ago · 644b369b60
parent fd4b803681
commit 644b369b60
5 changed files with 56 additions and 5 deletions
--- a/cmd/create/createNode.go
+++ b/cmd/create/createNode.go
@ -56,7 +56,11 @@ func NewCmdCreateNode() *cobra.Command {
 	// add flags
 	cmd.Flags().Int("replicas", 1, "Number of replicas of this node specification.")
 	cmd.Flags().String("role", string(k3d.WorkerRole), "Specify node role [master, worker]")
-	cmd.Flags().StringP("cluster", "c", "", "Select the cluster that the node shall connect to.")
+	cmd.Flags().StringP("cluster", "c", "", "[REQUIRED] Select the cluster that the node shall connect to.")
+	if err := cmd.MarkFlagRequired("cluster"); err != nil {
+		log.Fatalln("Failed to mark required flag '--cluster'")
+	}
+
 	cmd.Flags().String("image", fmt.Sprintf("%s:%s", k3d.DefaultK3sImageRepo, version.K3sVersion), "Specify k3s image used for the node(s)") // TODO: get image version tag

 	// done
--- a/pkg/cluster/cluster.go
+++ b/pkg/cluster/cluster.go
@ -105,7 +105,7 @@ func CreateCluster(cluster *k3d.Cluster, runtime k3drt.Runtime) error {
 			node.Labels = make(map[string]string) // TODO: maybe create an init function?
 		}
 		node.Labels["k3d.cluster"] = cluster.Name
-		node.Env = append(node.Env, fmt.Sprintf("K3S_CLUSTER_SECRET=%s", cluster.Secret))
+		node.Env = append(node.Env, fmt.Sprintf("K3S_TOKEN=%s", cluster.Secret))
 		node.Labels["k3d.cluster.secret"] = cluster.Secret

 		// append extra labels
--- a/pkg/cluster/node.go
+++ b/pkg/cluster/node.go
@ -33,9 +33,10 @@ import (

 // AddNodeToCluster adds a node to an existing cluster
 func AddNodeToCluster(runtime runtimes.Runtime, node *k3d.Node, cluster *k3d.Cluster) error {
+	clusterName := cluster.Name
 	cluster, err := GetCluster(cluster, runtime)
 	if err != nil {
-		log.Errorf("Failed to find specified cluster '%s'", cluster.Name)
+		log.Errorf("Failed to find specified cluster '%s'", clusterName)
 		return err
 	}

@ -62,7 +63,7 @@ func AddNodeToCluster(runtime runtimes.Runtime, node *k3d.Node, cluster *k3d.Clu
 					node.Env = append(node.Env, fmt.Sprintf("K3S_URL=%s", v))
 				}
 				if k == "k3d.cluster.secret" {
-					node.Env = append(node.Env, fmt.Sprintf("K3S_CLUSTER_SECRET=%s", v))
+					node.Env = append(node.Env, fmt.Sprintf("K3S_TOKEN=%s", v))
 				}
 			}

--- a/pkg/runtimes/docker/container.go
+++ b/pkg/runtimes/docker/container.go
@ -143,7 +143,7 @@ func getNodeContainer(node *k3d.Node) (*types.Container, error) {
 	for k, v := range node.Labels {
 		filters.Add("label", fmt.Sprintf("%s=%s", k, v))
 	}
-	filters.Add("name", node.Name)
+	filters.Add("name", fmt.Sprintf("^%s$", node.Name)) // regex filtering for exact name match

 	containers, err := docker.ContainerList(ctx, types.ContainerListOptions{
 		Filters: filters,
--- a/thoughts.md
+++ b/thoughts.md
@ -200,3 +200,49 @@ Here's how k3d types should translate to a runtime type:

 - [https://github.com/opencontainers/runtime-spec/blob/master/specs-go/config.go](https://github.com/opencontainers/runtime-spec/blob/master/specs-go/config.go)
 - move node -> container translation out of runtime
+
+## node configuration comparison
+
+- master node(s)
+  - ENV
+    - `K3S_CLUSTER_INIT`
+      - if num_masters > 1 && no external datastore configured
+    - `K3S_KUBECONFIG_OUTPUT`
+      - k3d default -> `/output/kubeconfig.yaml`
+  - CMD/ARGS
+    - `--https-listen-port`
+      - can/should be left default (unset = 6443), since we handle it via port mapping
+      - `--tls-san=<some-ip-or-hostname>`
+        - get from `--api-port` k3d flag and/or from docker machine
+  - Runtime Configuration
+    - nothing special
+- all nodes
+  - ENV
+    - `K3S_TOKEN` for node authentication
+      - TODO: replaces `K3S_CLUSTER_SECRET`
+  - CMD/ARGS
+    - nothing special
+  - Runtime Configuration
+    - Volumes
+      - shared image volume
+        - cluster-specific (create cluster) or inherit from existing (create node)
+      - tmpfs for k3s to work properly
+        - `/run`
+        - `/var/run`
+    - Capabilities/Security Context
+      - `privileged`
+    - Network
+      - cluster network or external/inherited
+- worker nodes
+  - ENV
+    - `K3S_URL` to connect to master node
+      - server hostname + port (6443)
+      - cluster-specific or inherited
+  - CMD/ARGS
+    - nothing special
+  - Runtime Configuration
+    - nothing special
+
+## Features
+
+- remove/add nodes -> needs to remove line in `/var/lib/rancher/k3s/server/cred/node-passwd` for the deleted node