From 429f2d313e7e45e5b61e2c5b59dc0331e910c33e Mon Sep 17 00:00:00 2001 From: zhzhuang-zju Date: Tue, 26 Nov 2024 11:15:04 +0800 Subject: [PATCH] Redact sensitive information from the karmadactl init command output Signed-off-by: zhzhuang-zju --- pkg/karmadactl/cmdinit/karmada/deploy.go | 33 ------------------- pkg/karmadactl/cmdinit/kubernetes/deploy.go | 8 +---- pkg/karmadactl/cmdinit/utils/examples.go | 23 +++++++++---- pkg/karmadactl/cmdinit/utils/examples_test.go | 2 +- 4 files changed, 19 insertions(+), 47 deletions(-) diff --git a/pkg/karmadactl/cmdinit/karmada/deploy.go b/pkg/karmadactl/cmdinit/karmada/deploy.go index 899adfead..65cea44e3 100644 --- a/pkg/karmadactl/cmdinit/karmada/deploy.go +++ b/pkg/karmadactl/cmdinit/karmada/deploy.go @@ -47,7 +47,6 @@ import ( "github.com/karmada-io/karmada/pkg/karmadactl/cmdinit/utils" "github.com/karmada-io/karmada/pkg/karmadactl/util" "github.com/karmada-io/karmada/pkg/karmadactl/util/apiclient" - tokenutil "github.com/karmada-io/karmada/pkg/karmadactl/util/bootstraptoken" ) const ( @@ -128,38 +127,6 @@ func InitKarmadaResources(dir, caBase64, systemNamespace string) error { return nil } -// InitKarmadaBootstrapToken create initial bootstrap token -func InitKarmadaBootstrapToken(dir string) (string, error) { - restConfig, err := apiclient.RestConfig("", filepath.Join(dir, options.KarmadaKubeConfigName)) - if err != nil { - return "", err - } - - clientSet, err := apiclient.NewClientSet(restConfig) - if err != nil { - return "", err - } - // Create initial bootstrap token - klog.Info("Initialize karmada bootstrap token") - bootstrapToken, err := tokenutil.GenerateRandomBootstrapToken(&metav1.Duration{Duration: tokenutil.DefaultTokenDuration}, "", tokenutil.DefaultGroups, tokenutil.DefaultUsages) - if err != nil { - return "", err - } - - if err := tokenutil.CreateNewToken(clientSet, bootstrapToken); err != nil { - return "", err - } - - tokenStr := bootstrapToken.Token.ID + "." + bootstrapToken.Token.Secret - - registerCommand, err := tokenutil.GenerateRegisterCommand(filepath.Join(dir, options.KarmadaKubeConfigName), "", tokenStr, "") - if err != nil { - return "", fmt.Errorf("failed to get register command, err: %w", err) - } - - return registerCommand, nil -} - func createExtraResources(clientSet *kubernetes.Clientset, dir string) error { // grant view clusterrole with karmada resource permission if err := grantKarmadaPermissionToViewClusterRole(clientSet); err != nil { diff --git a/pkg/karmadactl/cmdinit/kubernetes/deploy.go b/pkg/karmadactl/cmdinit/kubernetes/deploy.go index e8ca39aa8..827a6d1ea 100644 --- a/pkg/karmadactl/cmdinit/kubernetes/deploy.go +++ b/pkg/karmadactl/cmdinit/kubernetes/deploy.go @@ -599,18 +599,12 @@ func (i *CommandInitOption) RunInit(parentCommand string) error { return err } - // Create bootstrap token in karmada - registerCommand, err := karmada.InitKarmadaBootstrapToken(i.KarmadaDataPath) - if err != nil { - return err - } - // install karmada Component if err := i.initKarmadaComponent(); err != nil { return err } - utils.GenExamples(i.KarmadaDataPath, parentCommand, registerCommand) + utils.GenExamples(i.KarmadaDataPath, parentCommand) return nil } diff --git a/pkg/karmadactl/cmdinit/utils/examples.go b/pkg/karmadactl/cmdinit/utils/examples.go index 486b92500..441a37222 100644 --- a/pkg/karmadactl/cmdinit/utils/examples.go +++ b/pkg/karmadactl/cmdinit/utils/examples.go @@ -168,7 +168,7 @@ spec: ) // GenExamples Generate sample files -func GenExamples(path, parentCommand, printRegisterCommand string) { +func GenExamples(path, parentCommand string) { karmadaAgentStr := fmt.Sprintf(karmadaAgent, options.ClusterName) if err := BytesToFile(path, "karmada-agent.yaml", []byte(karmadaAgentStr)); err != nil { klog.Warning(err) @@ -206,11 +206,22 @@ Step 2: Show members of karmada Register cluster with 'Pull' mode -Step 1: Use "%[2]s register" command to register the cluster to Karmada control plane. "--cluster-name" is set to cluster of current-context by default. -(In member cluster)~# %[2]s%[3]s +Step 1: Create bootstrap token and generate the '%[2]s register' command which will be used later. +~# %[2]s token create --print-register-command --kubeconfig=%[1]s/karmada-apiserver.config +This command will generate a registration command similar to: -Step 2: Show members of karmada -(In karmada)~# kubectl --kubeconfig %[1]s/karmada-apiserver.config get clusters +%[2]s register 172.18.0.5:5443 --token t8xfio.640u9gp9obc72v5d --discovery-token-ca-cert-hash sha256:9cfa542ff48f43793d1816b1dd0a78ad574e349d8f6e005e6e32e8ab528e4244 -`, path, parentCommand, printRegisterCommand) +Step 2: Use the output from Step 1 to register the cluster to the Karmada control plane. +You need to specify the target member cluster by flag '--kubeconfig' +~# %[2]s register 172.18.0.5:5443 --token t8xfio.640u9gp9obc72v5d --discovery-token-ca-cert-hash sha256:9cfa542ff48f43793d1816b1dd0a78ad574e349d8f6e005e6e32e8ab528e4244 --kubeconfig= + +Step 3: Show members of Karmada. +~# %[2]s --kubeconfig=%[1]s/karmada-apiserver.config get clusters + +The %[2]s register command has several optional parameters for setting the properties of the member cluster. For more details, run: + +~# %[2]s register --help + +`, path, parentCommand) } diff --git a/pkg/karmadactl/cmdinit/utils/examples_test.go b/pkg/karmadactl/cmdinit/utils/examples_test.go index f5f171329..947be2a07 100644 --- a/pkg/karmadactl/cmdinit/utils/examples_test.go +++ b/pkg/karmadactl/cmdinit/utils/examples_test.go @@ -19,5 +19,5 @@ package utils import "testing" func TestGenExamples(_ *testing.T) { - GenExamples("/tmp", "kubectl karmada", " register") + GenExamples("/tmp", "kubectl karmada") }