Code review feedback

projectcalico · Mar 5, 2018 · 7403eba · 7403eba
1 parent f6d7bdc
commit 7403eba
Showing 1 changed file with 22 additions and 9 deletions.
diff --git a/k8s-install/scripts/install-cni.sh b/k8s-install/scripts/install-cni.sh
@@ -99,20 +99,30 @@ fi
 # Pull out service account token.
 SERVICEACCOUNT_TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
 
-# Write a kubeconfig file for the CNI plugin.  Do this
-# to skip TLS verification for now.  We should eventually support
-# writing more complete kubeconfig files. This is only used
-# if the provided CNI network config references it.
-touch /host/etc/cni/net.d/calico-kubeconfig
-chmod ${KUBECONFIG_MODE:-600} /host/etc/cni/net.d/calico-kubeconfig
-cat > /host/etc/cni/net.d/calico-kubeconfig <<EOF
+# Check if we're running as a k8s pod.
+if [ -f "/var/run/secrets/kubernetes.io/serviceaccount/token" ]; then
+	# We're running as a k8d pod - expect some variables.
+	if [ -z ${KUBERNETES_SERVICE_HOST} ]; then 
+		echo "KUBERNETES_SERVICE_HOST not set"; exit 1;
+	fi
+	if [ -z ${KUBERNETES_SERVICE_PORT} ]; then
+		echo "KUBERNETES_SERVICE_PORT not set"; exit 1;
+	fi
+
+	# Write a kubeconfig file for the CNI plugin.  Do this
+	# to skip TLS verification for now.  We should eventually support
+	# writing more complete kubeconfig files. This is only used
+	# if the provided CNI network config references it.
+	touch /host/etc/cni/net.d/calico-kubeconfig
+	chmod ${KUBECONFIG_MODE:-600} /host/etc/cni/net.d/calico-kubeconfig
+	cat > /host/etc/cni/net.d/calico-kubeconfig <<EOF
 # Kubeconfig file for Calico CNI plugin.
 apiVersion: v1
 kind: Config
 clusters:
 - name: local
   cluster:
-    server: https://${KUBERNETES_SERVICE_HOST:-}:${KUBERNETES_SERVICE_PORT:-} 
+    server: ${KUBERNETES_SERVICE_PROTOCOL:-https}://${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT} 
     insecure-skip-tls-verify: true
 users:
 - name: calico
@@ -126,6 +136,9 @@ contexts:
 current-context: calico-context
 EOF
 
+fi
+
+
 # Insert any of the supported "auto" parameters.
 grep "__KUBERNETES_SERVICE_HOST__" $TMP_CONF && sed -i s/__KUBERNETES_SERVICE_HOST__/${KUBERNETES_SERVICE_HOST}/g $TMP_CONF
 grep "__KUBERNETES_SERVICE_PORT__" $TMP_CONF && sed -i s/__KUBERNETES_SERVICE_PORT__/${KUBERNETES_SERVICE_PORT}/g $TMP_CONF
@@ -177,7 +190,7 @@ while [ "$should_sleep" == "true"  ]; do
         sleep 10;
         if [ "$stat_output" != "$(stat -c%y ${SECRETS_MOUNT_DIR}/etcd-cert 2>/dev/null)" ]; then
             echo "Updating installed secrets at: $(date)"
-            cp ${SECRETS_MOUNT_DIR}/* /host/etc/cni/net.d/calico-tls/
+            cp -p ${SECRETS_MOUNT_DIR}/* /host/etc/cni/net.d/calico-tls/
         fi
     else
         sleep 10