Redact sensitive information from the karmadactl init command output
Signed-off-by: zhzhuang-zju <m17799853869@163.com>
This commit is contained in:
zhzhuang-zju
parent
72cfef5151
commit
429f2d313e
|
|
@ -47,7 +47,6 @@ import (
|
|||
"github.com/karmada-io/karmada/pkg/karmadactl/cmdinit/utils"
|
||||
"github.com/karmada-io/karmada/pkg/karmadactl/util"
|
||||
"github.com/karmada-io/karmada/pkg/karmadactl/util/apiclient"
|
||||
tokenutil "github.com/karmada-io/karmada/pkg/karmadactl/util/bootstraptoken"
|
||||
)
|
||||
|
||||
const (
|
||||
|
|
@ -128,38 +127,6 @@ func InitKarmadaResources(dir, caBase64, systemNamespace string) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
// InitKarmadaBootstrapToken create initial bootstrap token
|
||||
func InitKarmadaBootstrapToken(dir string) (string, error) {
|
||||
restConfig, err := apiclient.RestConfig("", filepath.Join(dir, options.KarmadaKubeConfigName))
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
clientSet, err := apiclient.NewClientSet(restConfig)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
// Create initial bootstrap token
|
||||
klog.Info("Initialize karmada bootstrap token")
|
||||
bootstrapToken, err := tokenutil.GenerateRandomBootstrapToken(&metav1.Duration{Duration: tokenutil.DefaultTokenDuration}, "", tokenutil.DefaultGroups, tokenutil.DefaultUsages)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
if err := tokenutil.CreateNewToken(clientSet, bootstrapToken); err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
tokenStr := bootstrapToken.Token.ID + "." + bootstrapToken.Token.Secret
|
||||
|
||||
registerCommand, err := tokenutil.GenerateRegisterCommand(filepath.Join(dir, options.KarmadaKubeConfigName), "", tokenStr, "")
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("failed to get register command, err: %w", err)
|
||||
}
|
||||
|
||||
return registerCommand, nil
|
||||
}
|
||||
|
||||
func createExtraResources(clientSet *kubernetes.Clientset, dir string) error {
|
||||
// grant view clusterrole with karmada resource permission
|
||||
if err := grantKarmadaPermissionToViewClusterRole(clientSet); err != nil {
|
||||
|
|
|
|||
|
|
@ -599,18 +599,12 @@ func (i *CommandInitOption) RunInit(parentCommand string) error {
|
|||
return err
|
||||
}
|
||||
|
||||
// Create bootstrap token in karmada
|
||||
registerCommand, err := karmada.InitKarmadaBootstrapToken(i.KarmadaDataPath)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// install karmada Component
|
||||
if err := i.initKarmadaComponent(); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
utils.GenExamples(i.KarmadaDataPath, parentCommand, registerCommand)
|
||||
utils.GenExamples(i.KarmadaDataPath, parentCommand)
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -168,7 +168,7 @@ spec:
|
|||
)
|
||||
|
||||
// GenExamples Generate sample files
|
||||
func GenExamples(path, parentCommand, printRegisterCommand string) {
|
||||
func GenExamples(path, parentCommand string) {
|
||||
karmadaAgentStr := fmt.Sprintf(karmadaAgent, options.ClusterName)
|
||||
if err := BytesToFile(path, "karmada-agent.yaml", []byte(karmadaAgentStr)); err != nil {
|
||||
klog.Warning(err)
|
||||
|
|
@ -206,11 +206,22 @@ Step 2: Show members of karmada
|
|||
|
||||
Register cluster with 'Pull' mode
|
||||
|
||||
Step 1: Use "%[2]s register" command to register the cluster to Karmada control plane. "--cluster-name" is set to cluster of current-context by default.
|
||||
(In member cluster)~# %[2]s%[3]s
|
||||
Step 1: Create bootstrap token and generate the '%[2]s register' command which will be used later.
|
||||
~# %[2]s token create --print-register-command --kubeconfig=%[1]s/karmada-apiserver.config
|
||||
This command will generate a registration command similar to:
|
||||
|
||||
Step 2: Show members of karmada
|
||||
(In karmada)~# kubectl --kubeconfig %[1]s/karmada-apiserver.config get clusters
|
||||
%[2]s register 172.18.0.5:5443 --token t8xfio.640u9gp9obc72v5d --discovery-token-ca-cert-hash sha256:9cfa542ff48f43793d1816b1dd0a78ad574e349d8f6e005e6e32e8ab528e4244
|
||||
|
||||
`, path, parentCommand, printRegisterCommand)
|
||||
Step 2: Use the output from Step 1 to register the cluster to the Karmada control plane.
|
||||
You need to specify the target member cluster by flag '--kubeconfig'
|
||||
~# %[2]s register 172.18.0.5:5443 --token t8xfio.640u9gp9obc72v5d --discovery-token-ca-cert-hash sha256:9cfa542ff48f43793d1816b1dd0a78ad574e349d8f6e005e6e32e8ab528e4244 --kubeconfig=<path-to-member-cluster-kubeconfig>
|
||||
|
||||
Step 3: Show members of Karmada.
|
||||
~# %[2]s --kubeconfig=%[1]s/karmada-apiserver.config get clusters
|
||||
|
||||
The %[2]s register command has several optional parameters for setting the properties of the member cluster. For more details, run:
|
||||
|
||||
~# %[2]s register --help
|
||||
|
||||
`, path, parentCommand)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -19,5 +19,5 @@ package utils
|
|||
import "testing"
|
||||
|
||||
func TestGenExamples(_ *testing.T) {
|
||||
GenExamples("/tmp", "kubectl karmada", " register")
|
||||
GenExamples("/tmp", "kubectl karmada")
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue