diff --git a/kubetest2-gce/deployer/up.go b/kubetest2-gce/deployer/up.go index 452ee865..9acc78fd 100644 --- a/kubetest2-gce/deployer/up.go +++ b/kubetest2-gce/deployer/up.go @@ -22,7 +22,14 @@ import ( "path/filepath" "k8s.io/klog" + "sigs.k8s.io/kubetest2/pkg/exec" + "sigs.k8s.io/kubetest2/pkg/fs" +) + +const ( + ciPrivateKeyEnv = "GCE_SSH_PRIVATE_KEY_FILE" + ciPublicKeyEnv = "GCE_SSH_PUBLIC_KEY_FILE" ) func (d *deployer) IsUp() (up bool, err error) { @@ -82,6 +89,8 @@ func (d *deployer) Up() error { } }() + maybeSetupSSHKeys() + env := d.buildEnv() script := filepath.Join(d.RepoRoot, "cluster", "kube-up.sh") klog.V(2).Infof("About to run script at: %s", script) @@ -148,3 +157,47 @@ func (d *deployer) verifyUpFlags() error { return nil } + +// maybeSetupSSHKeys will best-effort try to setup ssh keys for gcloud to reuse +// from existing files pointed to by "well-known" environment variables used in CI +func maybeSetupSSHKeys() { + home, err := os.UserHomeDir() + if err != nil { + klog.Warningf("failed to get user's home directory") + return + } + // check if there are existing ssh keys, if either exist don't do anything + klog.V(2).Info("checking for existing gcloud ssh keys...") + privateKey := filepath.Join(home, ".ssh", "google_compute_engine") + if _, err := os.Stat(privateKey); err == nil { + klog.V(2).Infof("found existing private key at %s", privateKey) + return + } + publicKey := privateKey + ".pub" + if _, err := os.Stat(publicKey); err == nil { + klog.V(2).Infof("found existing public key at %s", publicKey) + return + } + + // no existing keys check for CI variables, create gcloud key files if both exist + // note only checks if relevant envs are non-empty, no actual key verification checks + maybePrivateKey, privateKeyEnvSet := os.LookupEnv(ciPrivateKeyEnv) + if !privateKeyEnvSet { + klog.V(2).Infof("%s is not set", ciPrivateKeyEnv) + return + } + maybePublicKey, publicKeyEnvSet := os.LookupEnv(ciPublicKeyEnv) + if !publicKeyEnvSet { + klog.V(2).Infof("%s is not set", ciPublicKeyEnv) + return + } + + if err := fs.CopyFile(maybePrivateKey, privateKey); err != nil { + klog.Warningf("failed to copy %s to %s: %v", maybePrivateKey, privateKey, err) + return + } + + if err := fs.CopyFile(maybePublicKey, publicKey); err != nil { + klog.Warningf("failed to copy %s to %s: %v", maybePublicKey, publicKey, err) + } +} diff --git a/kubetest2-gke/deployer/deployer.go b/kubetest2-gke/deployer/deployer.go index e0a443ef..c12eb4b6 100644 --- a/kubetest2-gke/deployer/deployer.go +++ b/kubetest2-gke/deployer/deployer.go @@ -223,7 +223,7 @@ func bindFlags(d *deployer) *pflag.FlagSet { flags.StringVar(&d.zone, "zone", "", "For use with gcloud commands to specify the cluster zone.") flags.IntVar(&d.nodes, "num-nodes", defaultNodePool.Nodes, "For use with gcloud commands to specify the number of nodes for the cluster.") flags.StringVar(&d.machineType, "machine-type", defaultNodePool.MachineType, "For use with gcloud commands to specify the machine type for the cluster.") - flags.BoolVar(&d.gcpSSHKeyIgnored, "ignore-gcp-ssh-key", false, "Whether the GCP SSH key should be ignored or not for bringing up the cluster.") + flags.BoolVar(&d.gcpSSHKeyIgnored, "ignore-gcp-ssh-key", true, "Whether the GCP SSH key should be ignored or not for bringing up the cluster.") flags.BoolVar(&d.workloadIdentityEnabled, "enable-workload-identity", false, "Whether enable workload identity for the cluster or not.") flags.StringVar(&d.privateClusterAccessLevel, "private-cluster-access-level", "", "Private cluster access level, if not empty, must be one of 'no', 'limited' or 'unrestricted'") flags.StringSliceVar(&d.privateClusterMasterIPRanges, "private-cluster-master-ip-range", []string{"172.16.0.32/28"}, "Private cluster master IP ranges. It should be IPv4 CIDR(s), and its length must be the same as the number of clusters if private cluster is requested.")