From f167e4192343c6340e3b2e0d00ff276ffa1daf68 Mon Sep 17 00:00:00 2001 From: Jack Francis Date: Thu, 4 Jun 2020 16:45:52 -0700 Subject: [PATCH] chore: use local kubeconfig if no outbound (#3410) --- parts/k8s/cloud-init/artifacts/cse_config.sh | 7 ++++++- pkg/engine/template_generator.go | 3 +++ pkg/engine/templates_generated.go | 7 ++++++- 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/parts/k8s/cloud-init/artifacts/cse_config.sh b/parts/k8s/cloud-init/artifacts/cse_config.sh index 89ba5787de..444e51b79b 100755 --- a/parts/k8s/cloud-init/artifacts/cse_config.sh +++ b/parts/k8s/cloud-init/artifacts/cse_config.sh @@ -469,6 +469,11 @@ createKubeManifestDir() { writeKubeConfig() { local DIR=/home/$ADMINUSER/.kube local FILE=$DIR/config +{{- if HasBlockOutboundInternet}} + local SERVER=https://localhost +{{else}} + local SERVER=$KUBECONFIG_SERVER +{{- end}} mkdir -p $DIR touch $FILE chown $ADMINUSER:$ADMINUSER $DIR $FILE @@ -481,7 +486,7 @@ apiVersion: v1 clusters: - cluster: certificate-authority-data: \"$CA_CERTIFICATE\" - server: $KUBECONFIG_SERVER + server: $SERVER name: \"$MASTER_FQDN\" contexts: - context: diff --git a/pkg/engine/template_generator.go b/pkg/engine/template_generator.go index 96f1a821a9..4ecd3fba90 100644 --- a/pkg/engine/template_generator.go +++ b/pkg/engine/template_generator.go @@ -818,6 +818,9 @@ func getContainerServiceFuncMap(cs *api.ContainerService) template.FuncMap { "HasTelemetryEnabled": func() bool { return cs.Properties.FeatureFlags != nil && cs.Properties.FeatureFlags.EnableTelemetry }, + "HasBlockOutboundInternet": func() bool { + return cs.Properties.FeatureFlags != nil && cs.Properties.FeatureFlags.BlockOutboundInternet + }, "GetCSEErrorCode": func(errorType string) int { return GetCSEErrorCode(errorType) }, diff --git a/pkg/engine/templates_generated.go b/pkg/engine/templates_generated.go index a42186bd17..9e07077975 100644 --- a/pkg/engine/templates_generated.go +++ b/pkg/engine/templates_generated.go @@ -18316,6 +18316,11 @@ createKubeManifestDir() { writeKubeConfig() { local DIR=/home/$ADMINUSER/.kube local FILE=$DIR/config +{{- if HasBlockOutboundInternet}} + local SERVER=https://localhost +{{else}} + local SERVER=$KUBECONFIG_SERVER +{{- end}} mkdir -p $DIR touch $FILE chown $ADMINUSER:$ADMINUSER $DIR $FILE @@ -18328,7 +18333,7 @@ apiVersion: v1 clusters: - cluster: certificate-authority-data: \"$CA_CERTIFICATE\" - server: $KUBECONFIG_SERVER + server: $SERVER name: \"$MASTER_FQDN\" contexts: - context: