minio
diff --git a/‎cluster/cluster.go‎
Lines changed: 22 additions & 30 deletions b/‎cluster/cluster.go‎
Lines changed: 22 additions & 30 deletions
diff --git a/‎cluster/config.go‎
Lines changed: 6 additions & 58 deletions b/‎cluster/config.go‎
Lines changed: 6 additions & 58 deletions
diff --git a/‎cluster/const.go‎
Lines changed: 3 additions & 14 deletions b/‎cluster/const.go‎
Lines changed: 3 additions & 14 deletions
@@ -17,44 +17,36 @@
 package cluster
 
 import (
-	v12 "k8s.io/client-go/kubernetes/typed/apps/v1"
-
+	operator "github.com/minio/minio-operator/pkg/client/clientset/versioned"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/rest"
+	certutil "k8s.io/client-go/util/cert"
 )
 
-func GetK8sConfig() *rest.Config {
-	// creates the in-cluster config
-	var config *rest.Config
-	// if k8s service-account token its provided we try to connect using those credentials
-	if getK8sToken() != "" {
-		config = &rest.Config{
-			Host:            getK8sAPIServer(),
-			TLSClientConfig: rest.TLSClientConfig{Insecure: true},
-			APIPath:         "/",
-			BearerToken:     getK8sToken(),
-		}
-	} else {
-		// if no token it's provided use rest.InClusterConfig() to get the service-account
-		// credentials, assuming we are running inside a k8s pod
-		var err error
-		config, err = rest.InClusterConfig()
-		if err != nil {
-			panic(err.Error())
-		}
-
+func GetK8sConfig(token string) *rest.Config {
+	// if m3 is running inside k8s by default he will have access to the ca cert from the k8s local authority
+	const (
+		rootCAFile = "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
+	)
+	tlsClientConfig := rest.TLSClientConfig{}
+	if _, err := certutil.NewPool(rootCAFile); err == nil {
+		tlsClientConfig.CAFile = rootCAFile
+	}
+	config := &rest.Config{
+		Host:            getK8sAPIServer(),
+		TLSClientConfig: tlsClientConfig,
+		APIPath:         "/",
+		BearerToken:     token,
 	}
-
 	return config
 }
 
-// K8sClient returns kubernetes client using GetK8sConfig for its config
-func K8sClient() (*kubernetes.Clientset, error) {
-	return kubernetes.NewForConfig(GetK8sConfig())
+// OperatorClient returns an operator client using GetK8sConfig for its config
+func OperatorClient(token string) (*operator.Clientset, error) {
+	return operator.NewForConfig(GetK8sConfig(token))
 }
 
-// appsV1API encapsulates the appsv1 kubernetes interface to ensure all
-// deployment related APIs are of the same version
-func appsV1API(client *kubernetes.Clientset) v12.AppsV1Interface {
-	return client.AppsV1()
+// K8sClient returns kubernetes client using GetK8sConfig for its config
+func K8sClient(token string) (*kubernetes.Clientset, error) {
+	return kubernetes.NewForConfig(GetK8sConfig(token))
 }
@@ -20,9 +20,9 @@ import (
 	"errors"
 	"fmt"
 	"io/ioutil"
+	"net"
 	"net/http"
 	"regexp"
-	"strconv"
 	"strings"
 	"time"
 
@@ -34,12 +34,12 @@ var (
 	errCantDetermineMCImage    = errors.New("Can't determine MC Image")
 )
 
-func getK8sToken() string {
-	return env.Get(m3K8sToken, "")
-}
-
 func getK8sAPIServer() string {
-	return env.Get(m3K8sAPIServer, "http://localhost:8001")
+	// if m3 is running inside a k8s pod KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT will contain the k8s api server address
+	// if m3 is not running inside k8s by default will look for the k8s api server on localhost:8001 (kubectl proxy)
+	// you can override this using M3_K8S_API_SERVER, ie use http instead of https
+	host, port := env.Get("KUBERNETES_SERVICE_HOST", "localhost"), env.Get("KUBERNETES_SERVICE_PORT", "8001")
+	return env.Get(M3K8sAPIServer, "https://"+net.JoinHostPort(host, port))
 }
 
 // Returns the namespace in which the controller is installed
@@ -51,58 +51,6 @@ func GetNs() string {
 	return string(dat)
 }
 
-func getKesContainerImage() string {
-	return env.Get(m3KesImage, "minio/kes:latest")
-}
-
-func getKesRunningPort() int {
-	port, err := strconv.Atoi(env.Get(m3KesPort, "7373"))
-	if err != nil {
-		port = 7373
-	}
-	return port
-}
-
-func getKesMTlsAuth() string {
-	defaultMode := "verify"
-	var re = regexp.MustCompile(`^[a-z]+$`)
-	authMode := env.Get(m3KesMTlsAuth, defaultMode)
-	if !re.MatchString(authMode) {
-		authMode = defaultMode
-	}
-	return authMode
-}
-
-func getKesConfigPath() string {
-	var re = regexp.MustCompile(`^[a-z_/\-\s0-9\.]+$`)
-	defaultPath := "kes-config/server-config.toml"
-	configPath := env.Get(m3KesConfigPath, defaultPath)
-	if !re.MatchString(configPath) {
-		configPath = defaultPath
-	}
-	return configPath
-}
-
-func getKmsAddress() string {
-	return env.Get(m3KmsAddress, "")
-}
-
-func getKmsToken() string {
-	return env.Get(m3KmsToken, "")
-}
-
-func getKmsCACertConfigMap() string {
-	return env.Get(m3KmsCACertConfigMap, "")
-}
-
-func getKmsCACertFileName() string {
-	return env.Get(m3KmsCACertFileName, "")
-}
-
-func getCACertDefaultMounPath() string {
-	return env.Get(m3CACertDefaultMountPath, "/usr/local/share/ca-certificates")
-}
-
 // getLatestMinIOImage returns the latest docker image for MinIO if found on the internet
 func getLatestMinIOImage() (*string, error) {
 	// Create an http client with a 4 second timeout
 
@@ -17,18 +17,7 @@
 package cluster
 
 const (
-	m3KesImage               = "M3_KES_IMAGE"
-	m3KesPort                = "M3_KES_PORT"
-	m3KesMTlsAuth            = "M3_KES_M_TLS_AUTH"
-	m3KesConfigPath          = "M3_KES_CONFIG_FILE_PATH"
-	m3KmsCACertConfigMap     = "M3_KMS_CA_CERT_CONFIG_MAP"
-	m3KmsCACertFileName      = "M3_KMS_CA_CERT_FILE_NAME"
-	m3CACertDefaultMountPath = "M3_CA_CERT_DEFAULT_MOUNT_PATH"
-	m3KmsAddress             = "M3_KMS_ADDRESS"
-	m3KmsToken               = "M3_KMS_TOKEN"
-	m3K8sToken               = "M3_K8S_TOKEN"
-	m3K8sAPIServer           = "M3_K8S_API_SERVER"
-
-	M3MinioImage = "M3_MINIO_IMAGE"
-	M3MCImage    = "M3_MC_IMAGE"
+	M3K8sAPIServer = "M3_K8S_API_SERVER"
+	M3MinioImage   = "M3_MINIO_IMAGE"
+	M3MCImage      = "M3_MC_IMAGE"
 )