fix(k8s.py): access API server by IP address

mboersma · mboersma · commit eb3801964968 · 2015-12-14T10:10:17.000-07:00
diff --git a/rootfs/scheduler/k8s.py b/rootfs/scheduler/k8s.py
@@ -132,7 +132,10 @@ def __init__(self, target, auth, options):
             'Authorization': 'Bearer ' + token,
             'Content-Type': 'application/json',
         }
-        session.verify = '/var/run/secrets/kubernetes.io/serviceaccount/ca.crt'
+        # TODO: accessing the k8s api server by IP address rather than hostname avoids
+        # intermittent DNS errors, but at the price of disabling cert verification.
+        # session.verify = '/var/run/secrets/kubernetes.io/serviceaccount/ca.crt'
+        session.verify = False
         self.session = session
 
     def _api(self, tmpl, *args):
diff --git a/rootfs/templates/confd_settings.py b/rootfs/templates/confd_settings.py
@@ -1,10 +1,14 @@
+import os
+
 # security keys and auth tokens
 SECRET_KEY = '{{ getv "/deis/controller/secretKey" }}'
 BUILDER_KEY = '{{ getv "/deis/controller/builderKey" }}'
 
 # scheduler settings
 SCHEDULER_MODULE = 'scheduler.k8s'
-SCHEDULER_URL = 'https://kubernetes.default.svc.cluster.local'
+SCHEDULER_URL = "https://{}:{}".format(
+    os.environ.get('KUBERNETES_SERVICE_HOST', 'kubernetes.default.svc.cluster.local'),
+    os.environ.get('KUBERNETES_SERVICE_PORT', '443'))
 
 # platform domain must be provided
 DEIS_DOMAIN = '{{ getv "/deis/platform/domain" }}'
