color output printf
Sujith Abdul Rahim
parent
76fb7350f1
commit
7847fd0972
|
|
@ -2,6 +2,11 @@
|
||||||
set -e
|
set -e
|
||||||
#set -x
|
#set -x
|
||||||
|
|
||||||
|
# Green & Red marking for Success and Failed messages
|
||||||
|
SUCCESS='\033[0;32m'
|
||||||
|
FAILED='\033[0;31m'
|
||||||
|
NC='\033[0m'
|
||||||
|
|
||||||
# All Cert Location
|
# All Cert Location
|
||||||
|
|
||||||
# ca certificate location
|
# ca certificate location
|
||||||
|
|
@ -90,24 +95,24 @@ check_cert_ca()
|
||||||
{
|
{
|
||||||
if [ -z $CACERT ] && [ -z $CAKEY ]
|
if [ -z $CACERT ] && [ -z $CAKEY ]
|
||||||
then
|
then
|
||||||
echo "please specify cert and key location"
|
printf "${FAILED}please specify cert and key location\n"
|
||||||
exit 1
|
exit 1
|
||||||
elif [ -f $CACERT ] && [ -f $CAKEY ]
|
elif [ -f $CACERT ] && [ -f $CAKEY ]
|
||||||
then
|
then
|
||||||
echo "CA cert and key found, verifying the authenticity"
|
printf "${NC}CA cert and key found, verifying the authenticity\n"
|
||||||
CACERT_SUBJECT=$(openssl x509 -in $CACERT -text | grep "Subject: CN"| tr -d " ")
|
CACERT_SUBJECT=$(openssl x509 -in $CACERT -text | grep "Subject: CN"| tr -d " ")
|
||||||
CACERT_ISSUER=$(openssl x509 -in $CACERT -text | grep "Issuer: CN"| tr -d " ")
|
CACERT_ISSUER=$(openssl x509 -in $CACERT -text | grep "Issuer: CN"| tr -d " ")
|
||||||
CACERT_MD5=$(openssl x509 -noout -modulus -in $CACERT | openssl md5| awk '{print $2}')
|
CACERT_MD5=$(openssl x509 -noout -modulus -in $CACERT | openssl md5| awk '{print $2}')
|
||||||
CAKEY_MD5=$(openssl rsa -noout -modulus -in $CAKEY | openssl md5| awk '{print $2}')
|
CAKEY_MD5=$(openssl rsa -noout -modulus -in $CAKEY | openssl md5| awk '{print $2}')
|
||||||
if [ $CACERT_SUBJECT == "Subject:CN=KUBERNETES-CA" ] && [ $CACERT_ISSUER == "Issuer:CN=KUBERNETES-CA" ] && [ $CACERT_MD5 == $CAKEY_MD5 ]
|
if [ $CACERT_SUBJECT == "Subject:CN=KUBERNETES-CA" ] && [ $CACERT_ISSUER == "Issuer:CN=KUBERNETES-CA" ] && [ $CACERT_MD5 == $CAKEY_MD5 ]
|
||||||
then
|
then
|
||||||
echo "CA cert and key are correct"
|
printf "${SUCCESS}CA cert and key are correct\n"
|
||||||
else
|
else
|
||||||
echo "Exiting...Found mismtach in the CA certificate and keys, check subject"
|
printf "${FAILED}Exiting...Found mismtach in the CA certificate and keys, check subject\n"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
echo "ca.crt / ca.key is missing"
|
printf "${FAILED}ca.crt / ca.key is missing\n"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
@ -117,24 +122,24 @@ check_cert_admin()
|
||||||
{
|
{
|
||||||
if [ -z $ADMINCERT ] && [ -z $ADMINKEY ]
|
if [ -z $ADMINCERT ] && [ -z $ADMINKEY ]
|
||||||
then
|
then
|
||||||
echo "please specify cert and key location"
|
printf "${FAILED}please specify cert and key location\n"
|
||||||
exit 1
|
exit 1
|
||||||
elif [ -f $ADMINCERT ] && [ -f $ADMINKEY ]
|
elif [ -f $ADMINCERT ] && [ -f $ADMINKEY ]
|
||||||
then
|
then
|
||||||
echo "admin cert and key found, verifying the authenticity"
|
printf "${NC}admin cert and key found, verifying the authenticity\n"
|
||||||
ADMINCERT_SUBJECT=$(openssl x509 -in $ADMINCERT -text | grep "Subject: CN"| tr -d " ")
|
ADMINCERT_SUBJECT=$(openssl x509 -in $ADMINCERT -text | grep "Subject: CN"| tr -d " ")
|
||||||
ADMINCERT_ISSUER=$(openssl x509 -in $ADMINCERT -text | grep "Issuer: CN"| tr -d " ")
|
ADMINCERT_ISSUER=$(openssl x509 -in $ADMINCERT -text | grep "Issuer: CN"| tr -d " ")
|
||||||
ADMINCERT_MD5=$(openssl x509 -noout -modulus -in $ADMINCERT | openssl md5| awk '{print $2}')
|
ADMINCERT_MD5=$(openssl x509 -noout -modulus -in $ADMINCERT | openssl md5| awk '{print $2}')
|
||||||
ADMINKEY_MD5=$(openssl rsa -noout -modulus -in $ADMINKEY | openssl md5| awk '{print $2}')
|
ADMINKEY_MD5=$(openssl rsa -noout -modulus -in $ADMINKEY | openssl md5| awk '{print $2}')
|
||||||
if [ $ADMINCERT_SUBJECT == "Subject:CN=admin,O=system:masters" ] && [ $ADMINCERT_ISSUER == "Issuer:CN=KUBERNETES-CA" ] && [ $ADMINCERT_MD5 == $ADMINKEY_MD5 ]
|
if [ $ADMINCERT_SUBJECT == "Subject:CN=admin,O=system:masters" ] && [ $ADMINCERT_ISSUER == "Issuer:CN=KUBERNETES-CA" ] && [ $ADMINCERT_MD5 == $ADMINKEY_MD5 ]
|
||||||
then
|
then
|
||||||
echo "admin cert and key are correct"
|
printf "${SUCCESS}admin cert and key are correct\n"
|
||||||
else
|
else
|
||||||
echo "Exiting...Found mismtach in the admin certificate and keys, check subject"
|
printf "${FAILED}Exiting...Found mismtach in the admin certificate and keys, check subject\n"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
echo "admin.crt / admin.key is missing"
|
printf "${FAILED}admin.crt / admin.key is missing\n"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
@ -143,24 +148,24 @@ check_cert_kcm()
|
||||||
{
|
{
|
||||||
if [ -z $KCMCERT ] && [ -z $KCMKEY ]
|
if [ -z $KCMCERT ] && [ -z $KCMKEY ]
|
||||||
then
|
then
|
||||||
echo "please specify cert and key location"
|
printf "${FAILED}please specify cert and key location\n"
|
||||||
exit 1
|
exit 1
|
||||||
elif [ -f $KCMCERT ] && [ -f $KCMKEY ]
|
elif [ -f $KCMCERT ] && [ -f $KCMKEY ]
|
||||||
then
|
then
|
||||||
echo "kube-controller-manager cert and key found, verifying the authenticity"
|
printf "${NC}kube-controller-manager cert and key found, verifying the authenticity\n"
|
||||||
KCMCERT_SUBJECT=$(openssl x509 -in $KCMCERT -text | grep "Subject: CN"| tr -d " ")
|
KCMCERT_SUBJECT=$(openssl x509 -in $KCMCERT -text | grep "Subject: CN"| tr -d " ")
|
||||||
KCMCERT_ISSUER=$(openssl x509 -in $KCMCERT -text | grep "Issuer: CN"| tr -d " ")
|
KCMCERT_ISSUER=$(openssl x509 -in $KCMCERT -text | grep "Issuer: CN"| tr -d " ")
|
||||||
KCMCERT_MD5=$(openssl x509 -noout -modulus -in $KCMCERT | openssl md5| awk '{print $2}')
|
KCMCERT_MD5=$(openssl x509 -noout -modulus -in $KCMCERT | openssl md5| awk '{print $2}')
|
||||||
KCMKEY_MD5=$(openssl rsa -noout -modulus -in $KCMKEY | openssl md5| awk '{print $2}')
|
KCMKEY_MD5=$(openssl rsa -noout -modulus -in $KCMKEY | openssl md5| awk '{print $2}')
|
||||||
if [ $KCMCERT_SUBJECT == "Subject:CN=system:kube-controller-manager" ] && [ $KCMCERT_ISSUER == "Issuer:CN=KUBERNETES-CA" ] && [ $KCMCERT_MD5 == $KCMKEY_MD5 ]
|
if [ $KCMCERT_SUBJECT == "Subject:CN=system:kube-controller-manager" ] && [ $KCMCERT_ISSUER == "Issuer:CN=KUBERNETES-CA" ] && [ $KCMCERT_MD5 == $KCMKEY_MD5 ]
|
||||||
then
|
then
|
||||||
echo "kube-controller-manager cert and key are correct"
|
printf "${SUCCESS}kube-controller-manager cert and key are correct\n"
|
||||||
else
|
else
|
||||||
echo "Exiting...Found mismtach in the kube-controller-manager certificate and keys, check subject"
|
printf "${FAILED}Exiting...Found mismtach in the kube-controller-manager certificate and keys, check subject\n"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
echo "kube-controller-manager.crt / kube-controller-manager.key is missing"
|
printf "${FAILED}kube-controller-manager.crt / kube-controller-manager.key is missing\n"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
@ -169,24 +174,24 @@ check_cert_kp()
|
||||||
{
|
{
|
||||||
if [ -z $KPCERT ] && [ -z $KPKEY ]
|
if [ -z $KPCERT ] && [ -z $KPKEY ]
|
||||||
then
|
then
|
||||||
echo "please specify cert and key location"
|
printf "${FAILED}please specify cert and key location\n"
|
||||||
exit 1
|
exit 1
|
||||||
elif [ -f $KPCERT ] && [ -f $KPKEY ]
|
elif [ -f $KPCERT ] && [ -f $KPKEY ]
|
||||||
then
|
then
|
||||||
echo "kube-proxy cert and key found, verifying the authenticity"
|
printf "${NC}kube-proxy cert and key found, verifying the authenticity\n"
|
||||||
KPCERT_SUBJECT=$(openssl x509 -in $KPCERT -text | grep "Subject: CN"| tr -d " ")
|
KPCERT_SUBJECT=$(openssl x509 -in $KPCERT -text | grep "Subject: CN"| tr -d " ")
|
||||||
KPCERT_ISSUER=$(openssl x509 -in $KPCERT -text | grep "Issuer: CN"| tr -d " ")
|
KPCERT_ISSUER=$(openssl x509 -in $KPCERT -text | grep "Issuer: CN"| tr -d " ")
|
||||||
KPCERT_MD5=$(openssl x509 -noout -modulus -in $KPCERT | openssl md5| awk '{print $2}')
|
KPCERT_MD5=$(openssl x509 -noout -modulus -in $KPCERT | openssl md5| awk '{print $2}')
|
||||||
KPKEY_MD5=$(openssl rsa -noout -modulus -in $KPKEY | openssl md5| awk '{print $2}')
|
KPKEY_MD5=$(openssl rsa -noout -modulus -in $KPKEY | openssl md5| awk '{print $2}')
|
||||||
if [ $KPCERT_SUBJECT == "Subject:CN=system:kube-proxy" ] && [ $KPCERT_ISSUER == "Issuer:CN=KUBERNETES-CA" ] && [ $KPCERT_MD5 == $KPKEY_MD5 ]
|
if [ $KPCERT_SUBJECT == "Subject:CN=system:kube-proxy" ] && [ $KPCERT_ISSUER == "Issuer:CN=KUBERNETES-CA" ] && [ $KPCERT_MD5 == $KPKEY_MD5 ]
|
||||||
then
|
then
|
||||||
echo "kube-proxy cert and key are correct"
|
printf "${SUCCESS}kube-proxy cert and key are correct\n"
|
||||||
else
|
else
|
||||||
echo "Exiting...Found mismtach in the kube-proxy certificate and keys, check subject"
|
printf "${FAILED}Exiting...Found mismtach in the kube-proxy certificate and keys, check subject\n"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
echo "kube-proxy.crt / kube-proxy.key is missing"
|
printf "${FAILED}kube-proxy.crt / kube-proxy.key is missing\n"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
@ -195,24 +200,24 @@ check_cert_ks()
|
||||||
{
|
{
|
||||||
if [ -z $KSCERT ] && [ -z $KSKEY ]
|
if [ -z $KSCERT ] && [ -z $KSKEY ]
|
||||||
then
|
then
|
||||||
echo "please specify cert and key location"
|
printf "${FAILED}please specify cert and key location\n"
|
||||||
exit 1
|
exit 1
|
||||||
elif [ -f $KSCERT ] && [ -f $KSKEY ]
|
elif [ -f $KSCERT ] && [ -f $KSKEY ]
|
||||||
then
|
then
|
||||||
echo "kube-scheduler cert and key found, verifying the authenticity"
|
printf "${NC}kube-scheduler cert and key found, verifying the authenticity\n"
|
||||||
KSCERT_SUBJECT=$(openssl x509 -in $KSCERT -text | grep "Subject: CN"| tr -d " ")
|
KSCERT_SUBJECT=$(openssl x509 -in $KSCERT -text | grep "Subject: CN"| tr -d " ")
|
||||||
KSCERT_ISSUER=$(openssl x509 -in $KSCERT -text | grep "Issuer: CN"| tr -d " ")
|
KSCERT_ISSUER=$(openssl x509 -in $KSCERT -text | grep "Issuer: CN"| tr -d " ")
|
||||||
KSCERT_MD5=$(openssl x509 -noout -modulus -in $KSCERT | openssl md5| awk '{print $2}')
|
KSCERT_MD5=$(openssl x509 -noout -modulus -in $KSCERT | openssl md5| awk '{print $2}')
|
||||||
KSKEY_MD5=$(openssl rsa -noout -modulus -in $KSKEY | openssl md5| awk '{print $2}')
|
KSKEY_MD5=$(openssl rsa -noout -modulus -in $KSKEY | openssl md5| awk '{print $2}')
|
||||||
if [ $KSCERT_SUBJECT == "Subject:CN=system:kube-scheduler" ] && [ $KSCERT_ISSUER == "Issuer:CN=KUBERNETES-CA" ] && [ $KSCERT_MD5 == $KSKEY_MD5 ]
|
if [ $KSCERT_SUBJECT == "Subject:CN=system:kube-scheduler" ] && [ $KSCERT_ISSUER == "Issuer:CN=KUBERNETES-CA" ] && [ $KSCERT_MD5 == $KSKEY_MD5 ]
|
||||||
then
|
then
|
||||||
echo "kube-scheduler cert and key are correct"
|
printf "${SUCCESS}kube-scheduler cert and key are correct\n"
|
||||||
else
|
else
|
||||||
echo "Exiting...Found mismtach in the kube-scheduler certificate and keys, check subject"
|
printf "${FAILED}Exiting...Found mismtach in the kube-scheduler certificate and keys, check subject\n"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
echo "kube-scheduler.crt / kube-scheduler.key is missing"
|
printf "${FAILED}kube-scheduler.crt / kube-scheduler.key is missing\n"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
@ -221,24 +226,24 @@ check_cert_api()
|
||||||
{
|
{
|
||||||
if [ -z $APICERT ] && [ -z $APIKEY ]
|
if [ -z $APICERT ] && [ -z $APIKEY ]
|
||||||
then
|
then
|
||||||
echo "please specify kube-api cert and key location, Exiting...."
|
printf "${FAILED}please specify kube-api cert and key location, Exiting....\n"
|
||||||
exit 1
|
exit 1
|
||||||
elif [ -f $APICERT ] && [ -f $APIKEY ]
|
elif [ -f $APICERT ] && [ -f $APIKEY ]
|
||||||
then
|
then
|
||||||
echo "kube-apiserver cert and key found, verifying the authenticity"
|
printf "${NC}kube-apiserver cert and key found, verifying the authenticity\n"
|
||||||
APICERT_SUBJECT=$(openssl x509 -in $APICERT -text | grep "Subject: CN"| tr -d " ")
|
APICERT_SUBJECT=$(openssl x509 -in $APICERT -text | grep "Subject: CN"| tr -d " ")
|
||||||
APICERT_ISSUER=$(openssl x509 -in $APICERT -text | grep "Issuer: CN"| tr -d " ")
|
APICERT_ISSUER=$(openssl x509 -in $APICERT -text | grep "Issuer: CN"| tr -d " ")
|
||||||
APICERT_MD5=$(openssl x509 -noout -modulus -in $APICERT | openssl md5| awk '{print $2}')
|
APICERT_MD5=$(openssl x509 -noout -modulus -in $APICERT | openssl md5| awk '{print $2}')
|
||||||
APIKEY_MD5=$(openssl rsa -noout -modulus -in $APIKEY | openssl md5| awk '{print $2}')
|
APIKEY_MD5=$(openssl rsa -noout -modulus -in $APIKEY | openssl md5| awk '{print $2}')
|
||||||
if [ $APICERT_SUBJECT == "Subject:CN=kube-apiserver" ] && [ $APICERT_ISSUER == "Issuer:CN=KUBERNETES-CA" ] && [ $APICERT_MD5 == $APIKEY_MD5 ]
|
if [ $APICERT_SUBJECT == "Subject:CN=kube-apiserver" ] && [ $APICERT_ISSUER == "Issuer:CN=KUBERNETES-CA" ] && [ $APICERT_MD5 == $APIKEY_MD5 ]
|
||||||
then
|
then
|
||||||
echo "kube-apiserver cert and key are correct"
|
printf "${SUCCESS}kube-apiserver cert and key are correct\n"
|
||||||
else
|
else
|
||||||
echo "Exiting...Found mismtach in the kube-apiserver certificate and keys, check subject"
|
printf "${FAILED}Exiting...Found mismtach in the kube-apiserver certificate and keys, check subject\n"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
echo "kube-apiserver.crt / kube-apiserver.key is missing"
|
printf "${FAILED}kube-apiserver.crt / kube-apiserver.key is missing\n"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
@ -247,24 +252,24 @@ check_cert_etcd()
|
||||||
{
|
{
|
||||||
if [ -z $ETCDCERT ] && [ -z $ETCDKEY ]
|
if [ -z $ETCDCERT ] && [ -z $ETCDKEY ]
|
||||||
then
|
then
|
||||||
echo "please specify ETCD cert and key location, Exiting...."
|
printf "${FAILED}please specify ETCD cert and key location, Exiting....\n"
|
||||||
exit 1
|
exit 1
|
||||||
elif [ -f $ETCDCERT ] && [ -f $ETCDKEY ]
|
elif [ -f $ETCDCERT ] && [ -f $ETCDKEY ]
|
||||||
then
|
then
|
||||||
echo "ETCD cert and key found, verifying the authenticity"
|
printf "${NC}ETCD cert and key found, verifying the authenticity\n"
|
||||||
ETCDCERT_SUBJECT=$(openssl x509 -in $ETCDCERT -text | grep "Subject: CN"| tr -d " ")
|
ETCDCERT_SUBJECT=$(openssl x509 -in $ETCDCERT -text | grep "Subject: CN"| tr -d " ")
|
||||||
ETCDCERT_ISSUER=$(openssl x509 -in $ETCDCERT -text | grep "Issuer: CN"| tr -d " ")
|
ETCDCERT_ISSUER=$(openssl x509 -in $ETCDCERT -text | grep "Issuer: CN"| tr -d " ")
|
||||||
ETCDCERT_MD5=$(openssl x509 -noout -modulus -in $ETCDCERT | openssl md5| awk '{print $2}')
|
ETCDCERT_MD5=$(openssl x509 -noout -modulus -in $ETCDCERT | openssl md5| awk '{print $2}')
|
||||||
ETCDKEY_MD5=$(openssl rsa -noout -modulus -in $ETCDKEY | openssl md5| awk '{print $2}')
|
ETCDKEY_MD5=$(openssl rsa -noout -modulus -in $ETCDKEY | openssl md5| awk '{print $2}')
|
||||||
if [ $ETCDCERT_SUBJECT == "Subject:CN=etcd-server" ] && [ $ETCDCERT_ISSUER == "Issuer:CN=KUBERNETES-CA" ] && [ $ETCDCERT_MD5 == $ETCDKEY_MD5 ]
|
if [ $ETCDCERT_SUBJECT == "Subject:CN=etcd-server" ] && [ $ETCDCERT_ISSUER == "Issuer:CN=KUBERNETES-CA" ] && [ $ETCDCERT_MD5 == $ETCDKEY_MD5 ]
|
||||||
then
|
then
|
||||||
echo "etcd-server.crt / etcd-server.key are correct"
|
printf "${SUCCESS}etcd-server.crt / etcd-server.key are correct\n"
|
||||||
else
|
else
|
||||||
echo "Exiting...Found mismtach in the ETCD certificate and keys, check subject"
|
printf "${FAILED}Exiting...Found mismtach in the ETCD certificate and keys, check subject\n"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
echo "etcd-server.crt / etcd-server.key is missing"
|
printf "${FAILED}etcd-server.crt / etcd-server.key is missing\n"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
@ -273,24 +278,24 @@ check_cert_sa()
|
||||||
{
|
{
|
||||||
if [ -z $SACERT ] && [ -z $SAKEY ]
|
if [ -z $SACERT ] && [ -z $SAKEY ]
|
||||||
then
|
then
|
||||||
echo "please specify Service Account cert and key location, Exiting...."
|
printf "${FAILED}please specify Service Account cert and key location, Exiting....\n"
|
||||||
exit 1
|
exit 1
|
||||||
elif [ -f $SACERT ] && [ -f $SAKEY ]
|
elif [ -f $SACERT ] && [ -f $SAKEY ]
|
||||||
then
|
then
|
||||||
echo "service account cert and key found, verifying the authenticity"
|
printf "${NC}service account cert and key found, verifying the authenticity\n"
|
||||||
SACERT_SUBJECT=$(openssl x509 -in $SACERT -text | grep "Subject: CN"| tr -d " ")
|
SACERT_SUBJECT=$(openssl x509 -in $SACERT -text | grep "Subject: CN"| tr -d " ")
|
||||||
SACERT_ISSUER=$(openssl x509 -in $SACERT -text | grep "Issuer: CN"| tr -d " ")
|
SACERT_ISSUER=$(openssl x509 -in $SACERT -text | grep "Issuer: CN"| tr -d " ")
|
||||||
SACERT_MD5=$(openssl x509 -noout -modulus -in $SACERT | openssl md5| awk '{print $2}')
|
SACERT_MD5=$(openssl x509 -noout -modulus -in $SACERT | openssl md5| awk '{print $2}')
|
||||||
SAKEY_MD5=$(openssl rsa -noout -modulus -in $SAKEY | openssl md5| awk '{print $2}')
|
SAKEY_MD5=$(openssl rsa -noout -modulus -in $SAKEY | openssl md5| awk '{print $2}')
|
||||||
if [ $SACERT_SUBJECT == "Subject:CN=service-accounts" ] && [ $SACERT_ISSUER == "Issuer:CN=KUBERNETES-CA" ] && [ $SACERT_MD5 == $SAKEY_MD5 ]
|
if [ $SACERT_SUBJECT == "Subject:CN=service-accounts" ] && [ $SACERT_ISSUER == "Issuer:CN=KUBERNETES-CA" ] && [ $SACERT_MD5 == $SAKEY_MD5 ]
|
||||||
then
|
then
|
||||||
echo "Service Account cert and key are correct"
|
printf "${SUCCESS}Service Account cert and key are correct\n"
|
||||||
else
|
else
|
||||||
echo "Exiting...Found mismtach in the Service Account certificate and keys, check subject"
|
printf "${FAILED}Exiting...Found mismtach in the Service Account certificate and keys, check subject\n"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
echo "service-account.crt / service-account.key is missing"
|
printf "${FAILED}service-account.crt / service-account.key is missing\n"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
@ -300,11 +305,11 @@ check_cert_kpkubeconfig()
|
||||||
{
|
{
|
||||||
if [ -z $KPKUBECONFIG ]
|
if [ -z $KPKUBECONFIG ]
|
||||||
then
|
then
|
||||||
echo "please specify kube-proxy kubeconfig location"
|
printf "${FAILED}please specify kube-proxy kubeconfig location\n"
|
||||||
exit 1
|
exit 1
|
||||||
elif [ -f $KPKUBECONFIG ]
|
elif [ -f $KPKUBECONFIG ]
|
||||||
then
|
then
|
||||||
echo "kube-proxy kubeconfig file found, verifying the authenticity"
|
printf "${NC}kube-proxy kubeconfig file found, verifying the authenticity\n"
|
||||||
KPKUBECONFIG_SUBJECT=$(cat $KPKUBECONFIG | grep "client-certificate-data:" | awk '{print $2}' | base64 --decode | openssl x509 --text | grep "Subject: CN" | tr -d " ")
|
KPKUBECONFIG_SUBJECT=$(cat $KPKUBECONFIG | grep "client-certificate-data:" | awk '{print $2}' | base64 --decode | openssl x509 --text | grep "Subject: CN" | tr -d " ")
|
||||||
KPKUBECONFIG_ISSUER=$(cat $KPKUBECONFIG | grep "client-certificate-data:" | awk '{print $2}' | base64 --decode | openssl x509 --text | grep "Issuer: CN" | tr -d " ")
|
KPKUBECONFIG_ISSUER=$(cat $KPKUBECONFIG | grep "client-certificate-data:" | awk '{print $2}' | base64 --decode | openssl x509 --text | grep "Issuer: CN" | tr -d " ")
|
||||||
KPKUBECONFIG_CERT_MD5=$(cat $KPKUBECONFIG | grep "client-certificate-data:" | awk '{print $2}' | base64 --decode | openssl x509 -noout | openssl md5 | awk '{print $2}')
|
KPKUBECONFIG_CERT_MD5=$(cat $KPKUBECONFIG | grep "client-certificate-data:" | awk '{print $2}' | base64 --decode | openssl x509 -noout | openssl md5 | awk '{print $2}')
|
||||||
|
|
@ -312,13 +317,13 @@ check_cert_kpkubeconfig()
|
||||||
KPKUBECONFIG_SERVER=$(cat $KPKUBECONFIG | grep "server:"| awk '{print $2}')
|
KPKUBECONFIG_SERVER=$(cat $KPKUBECONFIG | grep "server:"| awk '{print $2}')
|
||||||
if [ $KPKUBECONFIG_SUBJECT == "Subject:CN=system:kube-proxy" ] && [ $KPKUBECONFIG_ISSUER == "Issuer:CN=KUBERNETES-CA" ] && [ $KPKUBECONFIG_CERT_MD5 == $KPKUBECONFIG_KEY_MD5 ] && [ $KPKUBECONFIG_SERVER == "https://192.168.5.30:6443" ]
|
if [ $KPKUBECONFIG_SUBJECT == "Subject:CN=system:kube-proxy" ] && [ $KPKUBECONFIG_ISSUER == "Issuer:CN=KUBERNETES-CA" ] && [ $KPKUBECONFIG_CERT_MD5 == $KPKUBECONFIG_KEY_MD5 ] && [ $KPKUBECONFIG_SERVER == "https://192.168.5.30:6443" ]
|
||||||
then
|
then
|
||||||
echo "kube-proxy kubeconfig cert and key are correct"
|
printf "${SUCCESS}kube-proxy kubeconfig cert and key are correct\n"
|
||||||
else
|
else
|
||||||
echo "Exiting...Found mismtach in the kube-proxy kubeconfig certificate and keys, check subject"
|
printf "${FAILED}Exiting...Found mismtach in the kube-proxy kubeconfig certificate and keys, check subject\n"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
echo "kube-proxy kubeconfig file is missing"
|
printf "${FAILED}kube-proxy kubeconfig file is missing\n"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
@ -328,11 +333,11 @@ check_cert_kcmkubeconfig()
|
||||||
KCMKUBECONFIG=/var/lib/kubernetes/kube-controller-manager.kubeconfig
|
KCMKUBECONFIG=/var/lib/kubernetes/kube-controller-manager.kubeconfig
|
||||||
if [ -z $KCMKUBECONFIG ]
|
if [ -z $KCMKUBECONFIG ]
|
||||||
then
|
then
|
||||||
echo "please specify kube-controller-manager kubeconfig location"
|
printf "${FAILED}please specify kube-controller-manager kubeconfig location\n"
|
||||||
exit 1
|
exit 1
|
||||||
elif [ -f $KCMKUBECONFIG ]
|
elif [ -f $KCMKUBECONFIG ]
|
||||||
then
|
then
|
||||||
echo "kube-controller-manager kubeconfig file found, verifying the authenticity"
|
printf "${NC}kube-controller-manager kubeconfig file found, verifying the authenticity\n"
|
||||||
KCMKUBECONFIG_SUBJECT=$(cat $KCMKUBECONFIG | grep "client-certificate-data:" | awk '{print $2}' | base64 --decode | openssl x509 --text | grep "Subject: CN" | tr -d " ")
|
KCMKUBECONFIG_SUBJECT=$(cat $KCMKUBECONFIG | grep "client-certificate-data:" | awk '{print $2}' | base64 --decode | openssl x509 --text | grep "Subject: CN" | tr -d " ")
|
||||||
KCMKUBECONFIG_ISSUER=$(cat $KCMKUBECONFIG | grep "client-certificate-data:" | awk '{print $2}' | base64 --decode | openssl x509 --text | grep "Issuer: CN" | tr -d " ")
|
KCMKUBECONFIG_ISSUER=$(cat $KCMKUBECONFIG | grep "client-certificate-data:" | awk '{print $2}' | base64 --decode | openssl x509 --text | grep "Issuer: CN" | tr -d " ")
|
||||||
KCMKUBECONFIG_CERT_MD5=$(cat $KCMKUBECONFIG | grep "client-certificate-data:" | awk '{print $2}' | base64 --decode | openssl x509 -noout | openssl md5 | awk '{print $2}')
|
KCMKUBECONFIG_CERT_MD5=$(cat $KCMKUBECONFIG | grep "client-certificate-data:" | awk '{print $2}' | base64 --decode | openssl x509 -noout | openssl md5 | awk '{print $2}')
|
||||||
|
|
@ -340,13 +345,13 @@ check_cert_kcmkubeconfig()
|
||||||
KCMKUBECONFIG_SERVER=$(cat $KCMKUBECONFIG | grep "server:"| awk '{print $2}')
|
KCMKUBECONFIG_SERVER=$(cat $KCMKUBECONFIG | grep "server:"| awk '{print $2}')
|
||||||
if [ $KCMKUBECONFIG_SUBJECT == "Subject:CN=system:kube-controller-manager" ] && [ $KCMKUBECONFIG_ISSUER == "Issuer:CN=KUBERNETES-CA" ] && [ $KCMKUBECONFIG_CERT_MD5 == $KCMKUBECONFIG_KEY_MD5 ] && [ $KCMKUBECONFIG_SERVER == "https://127.0.0.1:6443" ]
|
if [ $KCMKUBECONFIG_SUBJECT == "Subject:CN=system:kube-controller-manager" ] && [ $KCMKUBECONFIG_ISSUER == "Issuer:CN=KUBERNETES-CA" ] && [ $KCMKUBECONFIG_CERT_MD5 == $KCMKUBECONFIG_KEY_MD5 ] && [ $KCMKUBECONFIG_SERVER == "https://127.0.0.1:6443" ]
|
||||||
then
|
then
|
||||||
echo "kube-controller-manager kubeconfig cert and key are correct"
|
printf "${SUCCESS}kube-controller-manager kubeconfig cert and key are correct\n"
|
||||||
else
|
else
|
||||||
echo "Exiting...Found mismtach in the kube-controller-manager kubeconfig certificate and keys, check subject"
|
printf "${FAILED}Exiting...Found mismtach in the kube-controller-manager kubeconfig certificate and keys, check subject\n"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
echo "kube-controller-manager kubeconfig file is missing"
|
printf "${FAILED}kube-controller-manager kubeconfig file is missing\n"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
@ -357,11 +362,11 @@ check_cert_kskubeconfig()
|
||||||
KSKUBECONFIG=/var/lib/kubernetes/kube-scheduler.kubeconfig
|
KSKUBECONFIG=/var/lib/kubernetes/kube-scheduler.kubeconfig
|
||||||
if [ -z $KSKUBECONFIG ]
|
if [ -z $KSKUBECONFIG ]
|
||||||
then
|
then
|
||||||
echo "please specify kube-scheduler kubeconfig location"
|
printf "${FAILED}please specify kube-scheduler kubeconfig location\n"
|
||||||
exit 1
|
exit 1
|
||||||
elif [ -f $KSKUBECONFIG ]
|
elif [ -f $KSKUBECONFIG ]
|
||||||
then
|
then
|
||||||
echo "kube-scheduler kubeconfig file found, verifying the authenticity"
|
printf "${NC}kube-scheduler kubeconfig file found, verifying the authenticity\n"
|
||||||
KSKUBECONFIG_SUBJECT=$(cat $KSKUBECONFIG | grep "client-certificate-data:" | awk '{print $2}' | base64 --decode | openssl x509 --text | grep "Subject: CN" | tr -d " ")
|
KSKUBECONFIG_SUBJECT=$(cat $KSKUBECONFIG | grep "client-certificate-data:" | awk '{print $2}' | base64 --decode | openssl x509 --text | grep "Subject: CN" | tr -d " ")
|
||||||
KSKUBECONFIG_ISSUER=$(cat $KSKUBECONFIG | grep "client-certificate-data:" | awk '{print $2}' | base64 --decode | openssl x509 --text | grep "Issuer: CN" | tr -d " ")
|
KSKUBECONFIG_ISSUER=$(cat $KSKUBECONFIG | grep "client-certificate-data:" | awk '{print $2}' | base64 --decode | openssl x509 --text | grep "Issuer: CN" | tr -d " ")
|
||||||
KSKUBECONFIG_CERT_MD5=$(cat $KSKUBECONFIG | grep "client-certificate-data:" | awk '{print $2}' | base64 --decode | openssl x509 -noout | openssl md5 | awk '{print $2}')
|
KSKUBECONFIG_CERT_MD5=$(cat $KSKUBECONFIG | grep "client-certificate-data:" | awk '{print $2}' | base64 --decode | openssl x509 -noout | openssl md5 | awk '{print $2}')
|
||||||
|
|
@ -369,13 +374,13 @@ check_cert_kskubeconfig()
|
||||||
KSKUBECONFIG_SERVER=$(cat $KSKUBECONFIG | grep "server:"| awk '{print $2}')
|
KSKUBECONFIG_SERVER=$(cat $KSKUBECONFIG | grep "server:"| awk '{print $2}')
|
||||||
if [ $KSKUBECONFIG_SUBJECT == "Subject:CN=system:kube-scheduler" ] && [ $KSKUBECONFIG_ISSUER == "Issuer:CN=KUBERNETES-CA" ] && [ $KSKUBECONFIG_CERT_MD5 == $KSKUBECONFIG_KEY_MD5 ] && [ $KSKUBECONFIG_SERVER == "https://127.0.0.1:6443" ]
|
if [ $KSKUBECONFIG_SUBJECT == "Subject:CN=system:kube-scheduler" ] && [ $KSKUBECONFIG_ISSUER == "Issuer:CN=KUBERNETES-CA" ] && [ $KSKUBECONFIG_CERT_MD5 == $KSKUBECONFIG_KEY_MD5 ] && [ $KSKUBECONFIG_SERVER == "https://127.0.0.1:6443" ]
|
||||||
then
|
then
|
||||||
echo "kube-scheduler kubeconfig cert and key are correct"
|
printf "${SUCCESS}kube-scheduler kubeconfig cert and key are correct\n"
|
||||||
else
|
else
|
||||||
echo "Exiting...Found mismtach in the kube-scheduler kubeconfig certificate and keys, check subject"
|
printf "${FAILED}Exiting...Found mismtach in the kube-scheduler kubeconfig certificate and keys, check subject\n"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
echo "kube-scheduler kubeconfig file is missing"
|
printf "${FAILED}kube-scheduler kubeconfig file is missing\n"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
@ -384,11 +389,11 @@ check_cert_adminkubeconfig()
|
||||||
{
|
{
|
||||||
if [ -z $ADMINKUBECONFIG ]
|
if [ -z $ADMINKUBECONFIG ]
|
||||||
then
|
then
|
||||||
echo "please specify admin kubeconfig location"
|
printf "${FAILED}please specify admin kubeconfig location\n"
|
||||||
exit 1
|
exit 1
|
||||||
elif [ -f $ADMINKUBECONFIG ]
|
elif [ -f $ADMINKUBECONFIG ]
|
||||||
then
|
then
|
||||||
echo "admin kubeconfig file found, verifying the authenticity"
|
printf "${NC}admin kubeconfig file found, verifying the authenticity\n"
|
||||||
ADMINKUBECONFIG_SUBJECT=$(cat $ADMINKUBECONFIG | grep "client-certificate-data:" | awk '{print $2}' | base64 --decode | openssl x509 --text | grep "Subject: CN" | tr -d " ")
|
ADMINKUBECONFIG_SUBJECT=$(cat $ADMINKUBECONFIG | grep "client-certificate-data:" | awk '{print $2}' | base64 --decode | openssl x509 --text | grep "Subject: CN" | tr -d " ")
|
||||||
ADMINKUBECONFIG_ISSUER=$(cat $ADMINKUBECONFIG | grep "client-certificate-data:" | awk '{print $2}' | base64 --decode | openssl x509 --text | grep "Issuer: CN" | tr -d " ")
|
ADMINKUBECONFIG_ISSUER=$(cat $ADMINKUBECONFIG | grep "client-certificate-data:" | awk '{print $2}' | base64 --decode | openssl x509 --text | grep "Issuer: CN" | tr -d " ")
|
||||||
ADMINKUBECONFIG_CERT_MD5=$(cat $ADMINKUBECONFIG | grep "client-certificate-data:" | awk '{print $2}' | base64 --decode | openssl x509 -noout | openssl md5 | awk '{print $2}')
|
ADMINKUBECONFIG_CERT_MD5=$(cat $ADMINKUBECONFIG | grep "client-certificate-data:" | awk '{print $2}' | base64 --decode | openssl x509 -noout | openssl md5 | awk '{print $2}')
|
||||||
|
|
@ -396,13 +401,13 @@ check_cert_adminkubeconfig()
|
||||||
ADMINKUBECONFIG_SERVER=$(cat $ADMINKUBECONFIG | grep "server:"| awk '{print $2}')
|
ADMINKUBECONFIG_SERVER=$(cat $ADMINKUBECONFIG | grep "server:"| awk '{print $2}')
|
||||||
if [ $ADMINKUBECONFIG_SUBJECT == "Subject:CN=admin,O=system:masters" ] && [ $ADMINKUBECONFIG_ISSUER == "Issuer:CN=KUBERNETES-CA" ] && [ $ADMINKUBECONFIG_CERT_MD5 == $ADMINKUBECONFIG_KEY_MD5 ] && [ $ADMINKUBECONFIG_SERVER == "https://127.0.0.1:6443" ]
|
if [ $ADMINKUBECONFIG_SUBJECT == "Subject:CN=admin,O=system:masters" ] && [ $ADMINKUBECONFIG_ISSUER == "Issuer:CN=KUBERNETES-CA" ] && [ $ADMINKUBECONFIG_CERT_MD5 == $ADMINKUBECONFIG_KEY_MD5 ] && [ $ADMINKUBECONFIG_SERVER == "https://127.0.0.1:6443" ]
|
||||||
then
|
then
|
||||||
echo "admin kubeconfig cert and key are correct"
|
printf "${SUCCESS}admin kubeconfig cert and key are correct\n"
|
||||||
else
|
else
|
||||||
echo "Exiting...Found mismtach in the admin kubeconfig certificate and keys, check subject"
|
printf "${FAILED}Exiting...Found mismtach in the admin kubeconfig certificate and keys, check subject\n"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
echo "admin kubeconfig file is missing"
|
printf "${FAILED}admin kubeconfig file is missing\n"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
@ -411,11 +416,11 @@ check_systemd_etcd()
|
||||||
{
|
{
|
||||||
if [ -z $ETCDCERT ] && [ -z $ETCDKEY ]
|
if [ -z $ETCDCERT ] && [ -z $ETCDKEY ]
|
||||||
then
|
then
|
||||||
echo "please specify ETCD cert and key location, Exiting...."
|
printf "${FAILED}please specify ETCD cert and key location, Exiting....\n"
|
||||||
exit 1
|
exit 1
|
||||||
elif [ -f $SYSTEMD_ETCD_FILE ]
|
elif [ -f $SYSTEMD_ETCD_FILE ]
|
||||||
then
|
then
|
||||||
echo "Systemd for ETCD service found, verifying the authenticity"
|
printf "${NC}Systemd for ETCD service found, verifying the authenticity\n"
|
||||||
|
|
||||||
# Systemd cert and key file details
|
# Systemd cert and key file details
|
||||||
ETCD_CA_CERT=ca.crt
|
ETCD_CA_CERT=ca.crt
|
||||||
|
|
@ -440,23 +445,23 @@ check_systemd_etcd()
|
||||||
if [ $CERT_FILE == $ETCDCERT ] && [ $KEY_FILE == $ETCDKEY ] && [ $PEER_CERT_FILE == $ETCDCERT ] && [ $PEER_KEY_FILE == $ETCDKEY ] && \
|
if [ $CERT_FILE == $ETCDCERT ] && [ $KEY_FILE == $ETCDKEY ] && [ $PEER_CERT_FILE == $ETCDCERT ] && [ $PEER_KEY_FILE == $ETCDKEY ] && \
|
||||||
[ $TRUSTED_CA_FILE == $ETCD_CA_CERT ] && [ $PEER_TRUSTED_CA_FILE = $ETCD_CA_CERT ]
|
[ $TRUSTED_CA_FILE == $ETCD_CA_CERT ] && [ $PEER_TRUSTED_CA_FILE = $ETCD_CA_CERT ]
|
||||||
then
|
then
|
||||||
echo "ETCD certificate, ca and key files are correct under systemd service"
|
printf "${SUCCESS}ETCD certificate, ca and key files are correct under systemd service\n"
|
||||||
else
|
else
|
||||||
echo "Exiting...Found mismtach in the ETCD certificate, ca and keys, check /etc/systemd/system/etcd.service file"
|
printf "${FAILED}Exiting...Found mismtach in the ETCD certificate, ca and keys, check /etc/systemd/system/etcd.service file\n"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ $IAP_URL == "https://$INTERNAL_IP:2380" ] && [ $LP_URL == "https://$INTERNAL_IP:2380" ] && [ $LC_URL == "https://$INTERNAL_IP:2379,https://127.0.0.1:2379" ] && \
|
if [ $IAP_URL == "https://$INTERNAL_IP:2380" ] && [ $LP_URL == "https://$INTERNAL_IP:2380" ] && [ $LC_URL == "https://$INTERNAL_IP:2379,https://127.0.0.1:2379" ] && \
|
||||||
[ $AC_URL == "https://$INTERNAL_IP:2379" ]
|
[ $AC_URL == "https://$INTERNAL_IP:2379" ]
|
||||||
then
|
then
|
||||||
echo "ETCD initial-advertise-peer-urls, listen-peer-urls, listen-client-urls, advertise-client-urls are correct"
|
printf "${SUCCESS}ETCD initial-advertise-peer-urls, listen-peer-urls, listen-client-urls, advertise-client-urls are correct\n"
|
||||||
else
|
else
|
||||||
echo "Exiting...Found mismtach in the ETCD initial-advertise-peer-urls / listen-peer-urls / listen-client-urls / advertise-client-urls, check /etc/systemd/system/etcd.service file"
|
printf "${FAILED}Exiting...Found mismtach in the ETCD initial-advertise-peer-urls / listen-peer-urls / listen-client-urls / advertise-client-urls, check /etc/systemd/system/etcd.service file\n"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
else
|
else
|
||||||
echo "etcd-server.crt / etcd-server.key is missing"
|
printf "${FAILED}etcd-server.crt / etcd-server.key is missing\n"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
@ -465,11 +470,11 @@ check_systemd_api()
|
||||||
{
|
{
|
||||||
if [ -z $APICERT ] && [ -z $APIKEY ]
|
if [ -z $APICERT ] && [ -z $APIKEY ]
|
||||||
then
|
then
|
||||||
echo "please specify kube-api cert and key location, Exiting...."
|
printf "${FAILED}please specify kube-api cert and key location, Exiting....\n"
|
||||||
exit 1
|
exit 1
|
||||||
elif [ -f $SYSTEMD_API_FILE ]
|
elif [ -f $SYSTEMD_API_FILE ]
|
||||||
then
|
then
|
||||||
echo "Systemd for kube-api service found, verifying the authenticity"
|
printf "${NC}Systemd for kube-api service found, verifying the authenticity\n"
|
||||||
|
|
||||||
INTERNAL_IP=$(ip addr show enp0s8 | grep "inet " | awk '{print $2}' | cut -d / -f 1)
|
INTERNAL_IP=$(ip addr show enp0s8 | grep "inet " | awk '{print $2}' | cut -d / -f 1)
|
||||||
ADVERTISE_ADDRESS=$(systemctl cat kube-apiserver.service | grep "\--advertise-address" | awk '{print $1}' | cut -d "=" -f2)
|
ADVERTISE_ADDRESS=$(systemctl cat kube-apiserver.service | grep "\--advertise-address" | awk '{print $1}' | cut -d "=" -f2)
|
||||||
|
|
@ -493,13 +498,13 @@ check_systemd_api()
|
||||||
[ $KUBELET_CERTIFICATE_AUTHORITY == $CACERT ] && [ $KUBELET_CLIENT_CERTIFICATE == $APICERT ] && [ $KUBELET_CLIENT_KEY == $APIKEY ] && \
|
[ $KUBELET_CERTIFICATE_AUTHORITY == $CACERT ] && [ $KUBELET_CLIENT_CERTIFICATE == $APICERT ] && [ $KUBELET_CLIENT_KEY == $APIKEY ] && \
|
||||||
[ $SERVICE_ACCOUNT_KEY_FILE == $SACERT ] && [ $TLS_CERT_FILE == $APICERT ] && [ $TLS_PRIVATE_KEY_FILE == $APIKEY ]
|
[ $SERVICE_ACCOUNT_KEY_FILE == $SACERT ] && [ $TLS_CERT_FILE == $APICERT ] && [ $TLS_PRIVATE_KEY_FILE == $APIKEY ]
|
||||||
then
|
then
|
||||||
echo "kube-apiserver advertise-address/ client-ca-file/ etcd-cafile/ etcd-certfile/ etcd-keyfile/ kubelet-certificate-authority/ kubelet-client-certificate/ kubelet-client-key/ service-account-key-file/ tls-cert-file/ tls-private-key-file are correct"
|
printf "${SUCCESS}kube-apiserver advertise-address/ client-ca-file/ etcd-cafile/ etcd-certfile/ etcd-keyfile/ kubelet-certificate-authority/ kubelet-client-certificate/ kubelet-client-key/ service-account-key-file/ tls-cert-file/ tls-private-key-file are correct\n"
|
||||||
else
|
else
|
||||||
echo "Exiting...Found mismtach in the kube-apiserver systemd file, check advertise-address/ client-ca-file/ etcd-cafile/ etcd-certfile/ etcd-keyfile/ kubelet-certificate-authority/ kubelet-client-certificate/ kubelet-client-key/ service-account-key-file/ tls-cert-file/ tls-private-key-file under /etc/systemd/system/kube-apiserver.service"
|
printf "${FAILED}Exiting...Found mismtach in the kube-apiserver systemd file, check advertise-address/ client-ca-file/ etcd-cafile/ etcd-certfile/ etcd-keyfile/ kubelet-certificate-authority/ kubelet-client-certificate/ kubelet-client-key/ service-account-key-file/ tls-cert-file/ tls-private-key-file under /etc/systemd/system/kube-apiserver.service\n"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
echo "kube-apiserver.crt / kube-apiserver.key is missing"
|
printf "${FAILED}kube-apiserver.crt / kube-apiserver.key is missing\n"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
@ -514,11 +519,11 @@ check_systemd_kcm()
|
||||||
KCMKUBECONFIG=/var/lib/kubernetes/kube-controller-manager.kubeconfig
|
KCMKUBECONFIG=/var/lib/kubernetes/kube-controller-manager.kubeconfig
|
||||||
if [ -z $KCMCERT ] && [ -z $KCMKEY ]
|
if [ -z $KCMCERT ] && [ -z $KCMKEY ]
|
||||||
then
|
then
|
||||||
echo "please specify cert and key location"
|
printf "${FAILED}please specify cert and key location\n"
|
||||||
exit 1
|
exit 1
|
||||||
elif [ -f $SYSTEMD_KCM_FILE ]
|
elif [ -f $SYSTEMD_KCM_FILE ]
|
||||||
then
|
then
|
||||||
echo "Systemd for kube-controller-manager service found, verifying the authenticity"
|
printf "${NC}Systemd for kube-controller-manager service found, verifying the authenticity\n"
|
||||||
CLUSTER_SIGNING_CERT_FILE=$(systemctl cat kube-controller-manager.service | grep "\--cluster-signing-cert-file" | awk '{print $1}' | cut -d "=" -f2)
|
CLUSTER_SIGNING_CERT_FILE=$(systemctl cat kube-controller-manager.service | grep "\--cluster-signing-cert-file" | awk '{print $1}' | cut -d "=" -f2)
|
||||||
CLUSTER_SIGNING_KEY_FILE=$(systemctl cat kube-controller-manager.service | grep "\--cluster-signing-key-file" | awk '{print $1}' | cut -d "=" -f2)
|
CLUSTER_SIGNING_KEY_FILE=$(systemctl cat kube-controller-manager.service | grep "\--cluster-signing-key-file" | awk '{print $1}' | cut -d "=" -f2)
|
||||||
KUBECONFIG=$(systemctl cat kube-controller-manager.service | grep "\--kubeconfig" | awk '{print $1}' | cut -d "=" -f2)
|
KUBECONFIG=$(systemctl cat kube-controller-manager.service | grep "\--kubeconfig" | awk '{print $1}' | cut -d "=" -f2)
|
||||||
|
|
@ -528,13 +533,13 @@ check_systemd_kcm()
|
||||||
if [ $CLUSTER_SIGNING_CERT_FILE == $CACERT ] && [ $CLUSTER_SIGNING_KEY_FILE == $CAKEY ] && [ $KUBECONFIG == $KCMKUBECONFIG ] && \
|
if [ $CLUSTER_SIGNING_CERT_FILE == $CACERT ] && [ $CLUSTER_SIGNING_KEY_FILE == $CAKEY ] && [ $KUBECONFIG == $KCMKUBECONFIG ] && \
|
||||||
[ $ROOT_CA_FILE == $CACERT ] && [ $SERVICE_ACCOUNT_PRIVATE_KEY_FILE == $SAKEY ]
|
[ $ROOT_CA_FILE == $CACERT ] && [ $SERVICE_ACCOUNT_PRIVATE_KEY_FILE == $SAKEY ]
|
||||||
then
|
then
|
||||||
echo "kube-controller-manager cluster-signing-cert-file, cluster-signing-key-file, kubeconfig, root-ca-file, service-account-private-key-file are correct"
|
printf "${SUCCESS}kube-controller-manager cluster-signing-cert-file, cluster-signing-key-file, kubeconfig, root-ca-file, service-account-private-key-file are correct\n"
|
||||||
else
|
else
|
||||||
echo "Exiting...Found mismtach in the kube-controller-manager cluster-signing-cert-file, cluster-signing-key-file, kubeconfig, root-ca-file, service-account-private-key-file , check /etc/systemd/system/kube-controller-manager.service file"
|
printf "${FAILED}Exiting...Found mismtach in the kube-controller-manager cluster-signing-cert-file, cluster-signing-key-file, kubeconfig, root-ca-file, service-account-private-key-file , check /etc/systemd/system/kube-controller-manager.service file\n"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
echo "kube-controller-manager.crt / kube-controller-manager.key is missing"
|
printf "${FAILED}kube-controller-manager.crt / kube-controller-manager.key is missing\n"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
@ -547,24 +552,24 @@ check_systemd_ks()
|
||||||
|
|
||||||
if [ -z $KSCERT ] && [ -z $KSKEY ]
|
if [ -z $KSCERT ] && [ -z $KSKEY ]
|
||||||
then
|
then
|
||||||
echo "please specify cert and key location"
|
printf "${FAILED}please specify cert and key location\n"
|
||||||
exit 1
|
exit 1
|
||||||
elif [ -f $SYSTEMD_KS_FILE ]
|
elif [ -f $SYSTEMD_KS_FILE ]
|
||||||
then
|
then
|
||||||
echo "Systemd for kube-scheduler service found, verifying the authenticity"
|
printf "${NC}Systemd for kube-scheduler service found, verifying the authenticity\n"
|
||||||
|
|
||||||
KUBECONFIG=$(systemctl cat kube-scheduler.service | grep "\--kubeconfig"| awk '{print $1}'| cut -d "=" -f2)
|
KUBECONFIG=$(systemctl cat kube-scheduler.service | grep "\--kubeconfig"| awk '{print $1}'| cut -d "=" -f2)
|
||||||
ADDRESS=$(systemctl cat kube-scheduler.service | grep "\--address"| awk '{print $1}'| cut -d "=" -f2)
|
ADDRESS=$(systemctl cat kube-scheduler.service | grep "\--address"| awk '{print $1}'| cut -d "=" -f2)
|
||||||
|
|
||||||
if [ $KUBECONFIG == $KSKUBECONFIG ] && [ $ADDRESS == "127.0.0.1" ]
|
if [ $KUBECONFIG == $KSKUBECONFIG ] && [ $ADDRESS == "127.0.0.1" ]
|
||||||
then
|
then
|
||||||
echo "kube-scheduler --kubeconfig, --address are correct"
|
printf "${SUCCESS}kube-scheduler --kubeconfig, --address are correct\n"
|
||||||
else
|
else
|
||||||
echo "Exiting...Found mismtach in the kube-scheduler --kubeconfig, --address, check /etc/systemd/system/kube-scheduler.service file"
|
printf "${FAILED}Exiting...Found mismtach in the kube-scheduler --kubeconfig, --address, check /etc/systemd/system/kube-scheduler.service file\n"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
echo "kube-scheduler.crt / kube-scheduler.key is missing"
|
printf "${FAILED}kube-scheduler.crt / kube-scheduler.key is missing\n"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
@ -577,24 +582,24 @@ check_cert_worker_1()
|
||||||
{
|
{
|
||||||
if [ -z $WORKER_1_CERT ] && [ -z $WORKER_1_KEY ]
|
if [ -z $WORKER_1_CERT ] && [ -z $WORKER_1_KEY ]
|
||||||
then
|
then
|
||||||
echo "please specify cert and key location of worker-1 node"
|
printf "${FAILED}please specify cert and key location of worker-1 node\n"
|
||||||
exit 1
|
exit 1
|
||||||
elif [ -f $WORKER_1_CERT ] && [ -f $WORKER_1_KEY ]
|
elif [ -f $WORKER_1_CERT ] && [ -f $WORKER_1_KEY ]
|
||||||
then
|
then
|
||||||
echo "worker-1 cert and key found, verifying the authenticity"
|
printf "${NC}worker-1 cert and key found, verifying the authenticity\n"
|
||||||
WORKER_1_CERT_SUBJECT=$(openssl x509 -in $WORKER_1_CERT -text | grep "Subject: CN"| tr -d " ")
|
WORKER_1_CERT_SUBJECT=$(openssl x509 -in $WORKER_1_CERT -text | grep "Subject: CN"| tr -d " ")
|
||||||
WORKER_1_CERT_ISSUER=$(openssl x509 -in $WORKER_1_CERT -text | grep "Issuer: CN"| tr -d " ")
|
WORKER_1_CERT_ISSUER=$(openssl x509 -in $WORKER_1_CERT -text | grep "Issuer: CN"| tr -d " ")
|
||||||
WORKER_1_CERT_MD5=$(openssl x509 -noout -modulus -in $WORKER_1_CERT | openssl md5| awk '{print $2}')
|
WORKER_1_CERT_MD5=$(openssl x509 -noout -modulus -in $WORKER_1_CERT | openssl md5| awk '{print $2}')
|
||||||
WORKER_1_KEY_MD5=$(openssl rsa -noout -modulus -in $WORKER_1_KEY | openssl md5| awk '{print $2}')
|
WORKER_1_KEY_MD5=$(openssl rsa -noout -modulus -in $WORKER_1_KEY | openssl md5| awk '{print $2}')
|
||||||
if [ $WORKER_1_CERT_SUBJECT == "Subject:CN=system:node:worker-1,O=system:nodes" ] && [ $WORKER_1_CERT_ISSUER == "Issuer:CN=KUBERNETES-CA" ] && [ $WORKER_1_CERT_MD5 == $WORKER_1_KEY_MD5 ]
|
if [ $WORKER_1_CERT_SUBJECT == "Subject:CN=system:node:worker-1,O=system:nodes" ] && [ $WORKER_1_CERT_ISSUER == "Issuer:CN=KUBERNETES-CA" ] && [ $WORKER_1_CERT_MD5 == $WORKER_1_KEY_MD5 ]
|
||||||
then
|
then
|
||||||
echo "worker-1 cert and key are correct"
|
printf "${SUCCESS}worker-1 cert and key are correct\n"
|
||||||
else
|
else
|
||||||
echo "Exiting...Found mismtach in the worker-1 certificate and keys, check subject"
|
printf "${FAILED}Exiting...Found mismtach in the worker-1 certificate and keys, check subject\n"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
echo "/var/lib/kubelet/worker-1.crt / /var/lib/kubelet/worker-1.key is missing"
|
printf "${FAILED}/var/lib/kubelet/worker-1.crt / /var/lib/kubelet/worker-1.key is missing\n"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
@ -603,11 +608,11 @@ check_cert_worker_1_kubeconfig()
|
||||||
{
|
{
|
||||||
if [ -z $WORKER_1_KUBECONFIG ]
|
if [ -z $WORKER_1_KUBECONFIG ]
|
||||||
then
|
then
|
||||||
echo "please specify worker-1 kubeconfig location"
|
printf "${FAILED}please specify worker-1 kubeconfig location\n"
|
||||||
exit 1
|
exit 1
|
||||||
elif [ -f $WORKER_1_KUBECONFIG ]
|
elif [ -f $WORKER_1_KUBECONFIG ]
|
||||||
then
|
then
|
||||||
echo "worker-1 kubeconfig file found, verifying the authenticity"
|
printf "${NC}worker-1 kubeconfig file found, verifying the authenticity\n"
|
||||||
WORKER_1_KUBECONFIG_SUBJECT=$(cat $WORKER_1_KUBECONFIG | grep "client-certificate-data:" | awk '{print $2}' | base64 --decode | openssl x509 --text | grep "Subject: CN" | tr -d " ")
|
WORKER_1_KUBECONFIG_SUBJECT=$(cat $WORKER_1_KUBECONFIG | grep "client-certificate-data:" | awk '{print $2}' | base64 --decode | openssl x509 --text | grep "Subject: CN" | tr -d " ")
|
||||||
WORKER_1_KUBECONFIG_ISSUER=$(cat $WORKER_1_KUBECONFIG | grep "client-certificate-data:" | awk '{print $2}' | base64 --decode | openssl x509 --text | grep "Issuer: CN" | tr -d " ")
|
WORKER_1_KUBECONFIG_ISSUER=$(cat $WORKER_1_KUBECONFIG | grep "client-certificate-data:" | awk '{print $2}' | base64 --decode | openssl x509 --text | grep "Issuer: CN" | tr -d " ")
|
||||||
WORKER_1_KUBECONFIG_CERT_MD5=$(cat $WORKER_1_KUBECONFIG | grep "client-certificate-data:" | awk '{print $2}' | base64 --decode | openssl x509 -noout | openssl md5 | awk '{print $2}')
|
WORKER_1_KUBECONFIG_CERT_MD5=$(cat $WORKER_1_KUBECONFIG | grep "client-certificate-data:" | awk '{print $2}' | base64 --decode | openssl x509 -noout | openssl md5 | awk '{print $2}')
|
||||||
|
|
@ -616,13 +621,13 @@ check_cert_worker_1_kubeconfig()
|
||||||
if [ $WORKER_1_KUBECONFIG_SUBJECT == "Subject:CN=system:node:worker-1,O=system:nodes" ] && [ $WORKER_1_KUBECONFIG_ISSUER == "Issuer:CN=KUBERNETES-CA" ] && \
|
if [ $WORKER_1_KUBECONFIG_SUBJECT == "Subject:CN=system:node:worker-1,O=system:nodes" ] && [ $WORKER_1_KUBECONFIG_ISSUER == "Issuer:CN=KUBERNETES-CA" ] && \
|
||||||
[ $WORKER_1_KUBECONFIG_CERT_MD5 == $WORKER_1_KUBECONFIG_KEY_MD5 ] && [ $WORKER_1_KUBECONFIG_SERVER == "https://192.168.5.30:6443" ]
|
[ $WORKER_1_KUBECONFIG_CERT_MD5 == $WORKER_1_KUBECONFIG_KEY_MD5 ] && [ $WORKER_1_KUBECONFIG_SERVER == "https://192.168.5.30:6443" ]
|
||||||
then
|
then
|
||||||
echo "worker-1 kubeconfig cert and key are correct"
|
printf "${SUCCESS}worker-1 kubeconfig cert and key are correct\n"
|
||||||
else
|
else
|
||||||
echo "Exiting...Found mismtach in the worker-1 kubeconfig certificate and keys, check subject"
|
printf "${FAILED}Exiting...Found mismtach in the worker-1 kubeconfig certificate and keys, check subject\n"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
echo "worker-1 /var/lib/kubelet/kubeconfig file is missing"
|
printf "${FAILED}worker-1 /var/lib/kubelet/kubeconfig file is missing\n"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
@ -636,11 +641,11 @@ check_cert_worker_1_kubelet()
|
||||||
|
|
||||||
if [ -z $WORKER_1_KUBELET ] && [ -z $SYSTEMD_WORKER_1_KUBELET ]
|
if [ -z $WORKER_1_KUBELET ] && [ -z $SYSTEMD_WORKER_1_KUBELET ]
|
||||||
then
|
then
|
||||||
echo "please specify worker-1 kubelet config location"
|
printf "${FAILED}please specify worker-1 kubelet config location\n"
|
||||||
exit 1
|
exit 1
|
||||||
elif [ -f $WORKER_1_KUBELET ] && [ -f $SYSTEMD_WORKER_1_KUBELET ] && [ -f $WORKER_1_TLSCERTFILE ] && [ -f $WORKER_1_TLSPRIVATEKEY ]
|
elif [ -f $WORKER_1_KUBELET ] && [ -f $SYSTEMD_WORKER_1_KUBELET ] && [ -f $WORKER_1_TLSCERTFILE ] && [ -f $WORKER_1_TLSPRIVATEKEY ]
|
||||||
then
|
then
|
||||||
echo "worker-1 kubelet config file, systemd services, tls cert and key found, verifying the authenticity"
|
printf "${NC}worker-1 kubelet config file, systemd services, tls cert and key found, verifying the authenticity\n"
|
||||||
|
|
||||||
WORKER_1_KUBELET_CA=$(cat $WORKER_1_KUBELET | grep "clientCAFile:" | awk '{print $2}' | tr -d " \"")
|
WORKER_1_KUBELET_CA=$(cat $WORKER_1_KUBELET | grep "clientCAFile:" | awk '{print $2}' | tr -d " \"")
|
||||||
WORKER_1_KUBELET_DNS=$(cat $WORKER_1_KUBELET | grep "resolvConf:" | awk '{print $2}' | tr -d " \"")
|
WORKER_1_KUBELET_DNS=$(cat $WORKER_1_KUBELET | grep "resolvConf:" | awk '{print $2}' | tr -d " \"")
|
||||||
|
|
@ -649,9 +654,9 @@ check_cert_worker_1_kubelet()
|
||||||
if [ $WORKER_1_KUBELET_CA == $CACERT ] && [ $WORKER_1_KUBELET_DNS == "/run/systemd/resolve/resolv.conf" ] && \
|
if [ $WORKER_1_KUBELET_CA == $CACERT ] && [ $WORKER_1_KUBELET_DNS == "/run/systemd/resolve/resolv.conf" ] && \
|
||||||
[ $WORKER_1_KUBELET_AUTH_MODE == "Webhook" ]
|
[ $WORKER_1_KUBELET_AUTH_MODE == "Webhook" ]
|
||||||
then
|
then
|
||||||
echo "worker-1 kubelet config CA cert, resolvConf and Auth mode are correct"
|
printf "${SUCCESS}worker-1 kubelet config CA cert, resolvConf and Auth mode are correct\n"
|
||||||
else
|
else
|
||||||
echo "Exiting...Found mismtach in the worker-1 kubelet config CA cert, resolvConf and Auth mode, check /var/lib/kubelet/kubelet-config.yaml"
|
printf "${FAILED}Exiting...Found mismtach in the worker-1 kubelet config CA cert, resolvConf and Auth mode, check /var/lib/kubelet/kubelet-config.yaml\n"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
@ -662,14 +667,14 @@ check_cert_worker_1_kubelet()
|
||||||
if [ $KUBELETCONFIG == $WORKER_1_KUBELET ] && [ $TLSCERTFILE == $WORKER_1_TLSCERTFILE ] && \
|
if [ $KUBELETCONFIG == $WORKER_1_KUBELET ] && [ $TLSCERTFILE == $WORKER_1_TLSCERTFILE ] && \
|
||||||
[ $TLSPRIVATEKEY == $WORKER_1_TLSPRIVATEKEY ]
|
[ $TLSPRIVATEKEY == $WORKER_1_TLSPRIVATEKEY ]
|
||||||
then
|
then
|
||||||
echo "worker-1 kubelet systemd services are correct"
|
printf "${SUCCESS}worker-1 kubelet systemd services are correct\n"
|
||||||
else
|
else
|
||||||
echo "Exiting...Found mismtach in the worker-1 kubelet systemd services, check /etc/systemd/system/kubelet.service"
|
printf "${FAILED}Exiting...Found mismtach in the worker-1 kubelet systemd services, check /etc/systemd/system/kubelet.service\n"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
else
|
else
|
||||||
echo "worker-1 kubelet config, systemd services, tls cert and key file is missing"
|
printf "${FAILED}worker-1 kubelet config, systemd services, tls cert and key file is missing\n"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
@ -681,25 +686,25 @@ check_cert_worker_1_kp()
|
||||||
|
|
||||||
if [ -z $WORKER_1_KP_KUBECONFIG ] && [ -z $SYSTEMD_WORKER_1_KP ]
|
if [ -z $WORKER_1_KP_KUBECONFIG ] && [ -z $SYSTEMD_WORKER_1_KP ]
|
||||||
then
|
then
|
||||||
echo "please specify worker-1 kube-proxy config and systemd service path"
|
printf "${FAILED}please specify worker-1 kube-proxy config and systemd service path\n"
|
||||||
exit 1
|
exit 1
|
||||||
elif [ -f $WORKER_1_KP_KUBECONFIG ] && [ -f $SYSTEMD_WORKER_1_KP ] && [ -f $WORKER_1_KP_CONFIG_YAML ]
|
elif [ -f $WORKER_1_KP_KUBECONFIG ] && [ -f $SYSTEMD_WORKER_1_KP ] && [ -f $WORKER_1_KP_CONFIG_YAML ]
|
||||||
then
|
then
|
||||||
echo "worker-1 kube-proxy kubeconfig, systemd services and configuration files found, verifying the authenticity"
|
printf "${NC}worker-1 kube-proxy kubeconfig, systemd services and configuration files found, verifying the authenticity\n"
|
||||||
|
|
||||||
KP_CONFIG=$(cat $WORKER_1_KP_CONFIG_YAML | grep "kubeconfig:" | awk '{print $2}' | tr -d " \"")
|
KP_CONFIG=$(cat $WORKER_1_KP_CONFIG_YAML | grep "kubeconfig:" | awk '{print $2}' | tr -d " \"")
|
||||||
KP_CONFIG_YAML=$(systemctl cat kube-proxy.service | grep "\--config" | awk '{print $1}'| cut -d "=" -f2)
|
KP_CONFIG_YAML=$(systemctl cat kube-proxy.service | grep "\--config" | awk '{print $1}'| cut -d "=" -f2)
|
||||||
|
|
||||||
if [ $KP_CONFIG == $WORKER_1_KP_KUBECONFIG ] && [ $KP_CONFIG_YAML == $WORKER_1_KP_CONFIG_YAML ]
|
if [ $KP_CONFIG == $WORKER_1_KP_KUBECONFIG ] && [ $KP_CONFIG_YAML == $WORKER_1_KP_CONFIG_YAML ]
|
||||||
then
|
then
|
||||||
echo "worker-1 kube-proxy kubeconfig and configuration files are correct"
|
printf "${SUCCESS}worker-1 kube-proxy kubeconfig and configuration files are correct\n"
|
||||||
else
|
else
|
||||||
echo "Exiting...Found mismtach in the worker-1 kube-proxy kubeconfig and configuration files, check /var/lib/kubelet/kubelet-config.yaml & /etc/systemd/system/kube-proxy.service"
|
printf "${FAILED}Exiting...Found mismtach in the worker-1 kube-proxy kubeconfig and configuration files, check /var/lib/kubelet/kubelet-config.yaml & /etc/systemd/system/kube-proxy.service\n"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
else
|
else
|
||||||
echo "worker-1 kube-proxy kubeconfig and configuration files are missing"
|
printf "${FAILED}worker-1 kube-proxy kubeconfig and configuration files are missing\n"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
@ -763,7 +768,7 @@ case $value in
|
||||||
;;
|
;;
|
||||||
|
|
||||||
*)
|
*)
|
||||||
echo -e "Exiting.... Please select the valid option either 1 or 2\n"
|
printf "${FAILED}Exiting.... Please select the valid option either 1 or 2\n"
|
||||||
exit 1
|
exit 1
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
Loading…
Reference in New Issue