karmada-io
/
karmada
mirror of https://github.com/karmada-io/karmada.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5679 from chaosi-zju/secret-local-config 

standardize the naming of karmada config in local up method
This commit is contained in:
karmada-bot 2024-10-15 20:09:26 +08:00 committed by GitHub
parent bf771c7a8a 1b79bbaf86
commit 47efa57102
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
14 changed files with 126 additions and 127 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
artifacts/agent/karmada-agent.yaml
View File

@ -25,7 +25,7 @@ spec:
imagePullPolicy: {{image_pull_policy}}
command:
- /bin/karmada-agent
- --karmada-kubeconfig=/etc/kubeconfig/karmada-kubeconfig
- --karmada-kubeconfig=/etc/karmada/config/karmada.config
- --karmada-context={{karmada_context}}
- --cluster-name={{member_cluster_name}}
- --cluster-api-endpoint={{member_cluster_api_endpoint}}
@ -48,9 +48,9 @@ spec:
name: metrics
protocol: TCP
volumeMounts:
- name: kubeconfig
mountPath: /etc/kubeconfig
- name: karmada-config
mountPath: /etc/karmada/config
volumes:
- name: kubeconfig
- name: karmada-config
secret:
secretName: karmada-kubeconfig
secretName: karmada-agent-config

25
artifacts/deploy/karmada-aggregated-apiserver.yaml
View File

@ -24,18 +24,11 @@ spec:
- name: karmada-aggregated-apiserver
image: docker.io/karmada/karmada-aggregated-apiserver:latest
imagePullPolicy: IfNotPresent
volumeMounts:
- name: karmada-certs
mountPath: /etc/karmada/pki
readOnly: true
- name: kubeconfig
subPath: kubeconfig
mountPath: /etc/kubeconfig
command:
- /bin/karmada-aggregated-apiserver
- --kubeconfig=/etc/kubeconfig
- --authentication-kubeconfig=/etc/kubeconfig
- --authorization-kubeconfig=/etc/kubeconfig
- --kubeconfig=/etc/karmada/config/karmada.config
- --authentication-kubeconfig=/etc/karmada/config/karmada.config
- --authorization-kubeconfig=/etc/karmada/config/karmada.config
- --etcd-servers=https://etcd-client.karmada-system.svc.cluster.local:2379
- --etcd-cafile=/etc/karmada/pki/etcd-ca.crt
- --etcd-certfile=/etc/karmada/pki/etcd-client.crt
@ -65,13 +58,19 @@ spec:
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 15
volumeMounts:
- name: karmada-config
mountPath: /etc/karmada/config
- name: karmada-certs
mountPath: /etc/karmada/pki
readOnly: true
volumes:
- name: karmada-config
secret:
secretName: karmada-aggregated-apiserver-config
- name: karmada-certs
secret:
secretName: karmada-cert-secret
- name: kubeconfig
secret:
secretName: kubeconfig
---
apiVersion: v1
kind: Service

26
artifacts/deploy/karmada-config-secret.yaml Normal file
View File

@ -0,0 +1,26 @@
apiVersion: v1
kind: Secret
metadata:
name: ${component}-config
namespace: karmada-system
stringData:
karmada.config: |-
apiVersion: v1
kind: Config
preferences: {}
clusters:
- name: karmada-apiserver
cluster:
certificate-authority-data: ${ca_crt}
server: https://karmada-apiserver.karmada-system.svc.cluster.local:5443
users:
- name: karmada-apiserver
user:
client-certificate-data: ${client_crt}
client-key-data: ${client_key}
contexts:
- name: karmada-apiserver
context:
cluster: karmada-apiserver
user: karmada-apiserver
current-context: karmada-apiserver

11
artifacts/deploy/karmada-controller-manager.yaml
View File

@ -25,7 +25,7 @@ spec:
imagePullPolicy: IfNotPresent
command:
- /bin/karmada-controller-manager
- --kubeconfig=/etc/kubeconfig
- --kubeconfig=/etc/karmada/config/karmada.config
- --metrics-bind-address=:8080
- --cluster-status-update-frequency=10s
- --failover-eviction-timeout=30s
@ -47,10 +47,9 @@ spec:
name: metrics
protocol: TCP
volumeMounts:
- name: kubeconfig
subPath: kubeconfig
mountPath: /etc/kubeconfig
- name: karmada-config
mountPath: /etc/karmada/config
volumes:
- name: kubeconfig
- name: karmada-config
secret:
secretName: kubeconfig
secretName: karmada-controller-manager-config

13
artifacts/deploy/karmada-descheduler.yaml
View File

@ -25,7 +25,7 @@ spec:
imagePullPolicy: IfNotPresent
command:
- /bin/karmada-descheduler
- --kubeconfig=/etc/kubeconfig
- --kubeconfig=/etc/karmada/config/karmada.config
- --metrics-bind-address=0.0.0.0:8080
- --health-probe-bind-address=0.0.0.0:10358
- --scheduler-estimator-ca-file=/etc/karmada/pki/ca.crt
@ -46,16 +46,15 @@ spec:
name: metrics
protocol: TCP
volumeMounts:
- name: karmada-config
mountPath: /etc/karmada/config
- name: karmada-certs
mountPath: /etc/karmada/pki
readOnly: true
- name: kubeconfig
subPath: kubeconfig
mountPath: /etc/kubeconfig
volumes:
- name: karmada-config
secret:
secretName: karmada-descheduler-config
- name: karmada-certs
secret:
secretName: karmada-cert-secret
- name: kubeconfig
secret:
secretName: kubeconfig

25
artifacts/deploy/karmada-metrics-adapter.yaml
View File

@ -24,18 +24,11 @@ spec:
- name: karmada-metrics-adapter
image: docker.io/karmada/karmada-metrics-adapter:latest
imagePullPolicy: IfNotPresent
volumeMounts:
- name: karmada-certs
mountPath: /etc/karmada/pki
readOnly: true
- name: kubeconfig
subPath: kubeconfig
mountPath: /etc/kubeconfig
command:
- /bin/karmada-metrics-adapter
- --kubeconfig=/etc/kubeconfig
- --authentication-kubeconfig=/etc/kubeconfig
- --authorization-kubeconfig=/etc/kubeconfig
- --kubeconfig=/etc/karmada/config/karmada.config
- --authentication-kubeconfig=/etc/karmada/config/karmada.config
- --authorization-kubeconfig=/etc/karmada/config/karmada.config
- --client-ca-file=/etc/karmada/pki/ca.crt
- --tls-cert-file=/etc/karmada/pki/karmada.crt
- --tls-private-key-file=/etc/karmada/pki/karmada.key
@ -64,13 +57,19 @@ spec:
resources:
requests:
cpu: 100m
volumeMounts:
- name: karmada-config
mountPath: /etc/karmada/config
- name: karmada-certs
mountPath: /etc/karmada/pki
readOnly: true
volumes:
- name: karmada-config
secret:
secretName: karmada-metrics-adapter-config
- name: karmada-certs
secret:
secretName: karmada-cert-secret
- name: kubeconfig
secret:
secretName: kubeconfig
---
apiVersion: v1
kind: Service

13
artifacts/deploy/karmada-scheduler.yaml
View File

@ -38,7 +38,7 @@ spec:
protocol: TCP
command:
- /bin/karmada-scheduler
- --kubeconfig=/etc/kubeconfig
- --kubeconfig=/etc/karmada/config/karmada.config
- --metrics-bind-address=0.0.0.0:8080
- --health-probe-bind-address=0.0.0.0:10351
- --enable-scheduler-estimator=true
@ -47,16 +47,15 @@ spec:
- --scheduler-estimator-key-file=/etc/karmada/pki/karmada.key
- --v=4
volumeMounts:
- name: karmada-config
mountPath: /etc/karmada/config
- name: karmada-certs
mountPath: /etc/karmada/pki
readOnly: true
- name: kubeconfig
subPath: kubeconfig
mountPath: /etc/kubeconfig
volumes:
- name: karmada-config
secret:
secretName: karmada-scheduler-config
- name: karmada-certs
secret:
secretName: karmada-cert-secret
- name: kubeconfig
secret:
secretName: kubeconfig

25
artifacts/deploy/karmada-search.yaml
View File

@ -24,18 +24,11 @@ spec:
- name: karmada-search
image: docker.io/karmada/karmada-search:latest
imagePullPolicy: IfNotPresent
volumeMounts:
- name: karmada-certs
mountPath: /etc/karmada/pki
readOnly: true
- name: kubeconfig
subPath: kubeconfig
mountPath: /etc/kubeconfig
command:
- /bin/karmada-search
- --kubeconfig=/etc/kubeconfig
- --authentication-kubeconfig=/etc/kubeconfig
- --authorization-kubeconfig=/etc/kubeconfig
- --kubeconfig=/etc/karmada/config/karmada.config
- --authentication-kubeconfig=/etc/karmada/config/karmada.config
- --authorization-kubeconfig=/etc/karmada/config/karmada.config
- --etcd-servers=https://etcd-client.karmada-system.svc.cluster.local:2379
- --etcd-cafile=/etc/karmada/pki/etcd-ca.crt
- --etcd-certfile=/etc/karmada/pki/etcd-client.crt
@ -58,13 +51,19 @@ spec:
resources:
requests:
cpu: 100m
volumeMounts:
- name: karmada-config
mountPath: /etc/karmada/config
- name: karmada-certs
mountPath: /etc/karmada/pki
readOnly: true
volumes:
- name: karmada-config
secret:
secretName: karmada-search-config
- name: karmada-certs
secret:
secretName: karmada-cert-secret
- name: kubeconfig
secret:
secretName: kubeconfig
---
apiVersion: v1
kind: Service

19
artifacts/deploy/karmada-webhook.yaml
View File

@ -25,7 +25,7 @@ spec:
imagePullPolicy: IfNotPresent
command:
- /bin/karmada-webhook
- --kubeconfig=/etc/kubeconfig
- --kubeconfig=/etc/karmada/config/karmada.config
- --bind-address=0.0.0.0
- --metrics-bind-address=:8080
- --default-not-ready-toleration-seconds=30
@ -38,22 +38,21 @@ spec:
- containerPort: 8080
name: metrics
protocol: TCP
volumeMounts:
- name: kubeconfig
subPath: kubeconfig
mountPath: /etc/kubeconfig
- name: cert
mountPath: /var/serving-cert
readOnly: true
readinessProbe:
httpGet:
path: /readyz
port: 8443
scheme: HTTPS
volumeMounts:
- name: karmada-config
mountPath: /etc/karmada/config
- name: cert
mountPath: /var/serving-cert
readOnly: true
volumes:
- name: kubeconfig
- name: karmada-config
secret:
secretName: kubeconfig
secretName: karmada-webhook-config
- name: cert
secret:
secretName: webhook-cert

19
artifacts/deploy/kube-controller-manager.yaml
View File

@ -31,12 +31,14 @@ spec:
values:
- kube-controller-manager
topologyKey: kubernetes.io/hostname
priorityClassName: system-node-critical
containers:
- command:
- kube-controller-manager
- --allocate-node-cidrs=true
- --authentication-kubeconfig=/etc/kubeconfig
- --authorization-kubeconfig=/etc/kubeconfig
- --kubeconfig=/etc/karmada/config/karmada.config
- --authentication-kubeconfig=/etc/karmada/config/karmada.config
- --authorization-kubeconfig=/etc/karmada/config/karmada.config
- --bind-address=0.0.0.0
- --client-ca-file=/etc/karmada/pki/ca.crt
- --cluster-cidr=10.244.0.0/16
@ -44,7 +46,6 @@ spec:
- --cluster-signing-cert-file=/etc/karmada/pki/ca.crt
- --cluster-signing-key-file=/etc/karmada/pki/ca.key
- --controllers=namespace,garbagecollector,serviceaccount-token,ttl-after-finished,bootstrapsigner,tokencleaner,csrapproving,csrcleaner,csrsigning,clusterrole-aggregation
- --kubeconfig=/etc/kubeconfig
- --leader-elect=true
- --node-cidr-mask-size=24
- --root-ca-file=/etc/karmada/pki/ca.crt
@ -69,17 +70,15 @@ spec:
requests:
cpu: 200m
volumeMounts:
- name: karmada-config
mountPath: /etc/karmada/config
- mountPath: /etc/karmada/pki
name: karmada-certs
readOnly: true
- mountPath: /etc/kubeconfig
subPath: kubeconfig
name: kubeconfig
priorityClassName: system-node-critical
volumes:
- name: karmada-config
secret:
secretName: kube-controller-manager-config
- name: karmada-certs
secret:
secretName: karmada-cert-secret
- name: kubeconfig
secret:
secretName: kubeconfig

26
artifacts/deploy/secret.yaml
View File

@ -1,26 +0,0 @@
apiVersion: v1
stringData:
kubeconfig: |-
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: {{ca_crt}}
server: https://karmada-apiserver.karmada-system.svc.cluster.local:5443
name: kind-karmada
contexts:
- context:
cluster: kind-karmada
user: kind-karmada
name: karmada
current-context: karmada
kind: Config
preferences: {}
users:
- name: kind-karmada
user:
client-certificate-data: {{client_crt}}
client-key-data: {{client_key}}
kind: Secret
metadata:
name: kubeconfig
namespace: karmada-system

19
examples/customresourceinterpreter/karmada-interpreter-webhook-example.yaml
View File

@ -25,29 +25,28 @@ spec:
imagePullPolicy: IfNotPresent
command:
- /bin/karmada-interpreter-webhook-example
- --kubeconfig=/etc/kubeconfig
- --kubeconfig=/etc/karmada/config/karmada.config
- --bind-address=0.0.0.0
- --secure-port=8445
- --cert-dir=/var/serving-cert
- --v=4
ports:
- containerPort: 8445
volumeMounts:
- name: kubeconfig
subPath: kubeconfig
mountPath: /etc/kubeconfig
- name: cert
mountPath: /var/serving-cert
readOnly: true
readinessProbe:
httpGet:
path: /readyz
port: 8445
scheme: HTTPS
volumeMounts:
- name: karmada-config
mountPath: /etc/karmada/config
- name: cert
mountPath: /var/serving-cert
readOnly: true
volumes:
- name: kubeconfig
- name: karmada-config
secret:
secretName: kubeconfig
secretName: karmada-interpreter-webhook-example-config
- name: cert
secret:
secretName: webhook-cert

2
hack/deploy-karmada-agent.sh
View File

@ -83,7 +83,7 @@ kubectl --context="${MEMBER_CLUSTER_NAME}" apply -f "${REPO_ROOT}/artifacts/agen
kubectl --context="${MEMBER_CLUSTER_NAME}" apply -f "${REPO_ROOT}/artifacts/agent/clusterrolebinding.yaml"
# create secret
kubectl --context="${MEMBER_CLUSTER_NAME}" create secret generic karmada-kubeconfig --from-file=karmada-kubeconfig="${KARMADA_APISERVER_KUBECONFIG}" -n "${KARMADA_SYSTEM_NAMESPACE}"
kubectl --context="${MEMBER_CLUSTER_NAME}" create secret generic karmada-agent-config --from-file=karmada.config="${KARMADA_APISERVER_KUBECONFIG}" -n "${KARMADA_SYSTEM_NAMESPACE}"
# extract api endpoint of member cluster
MEMBER_CLUSTER=$(kubectl config view -o jsonpath='{.contexts[?(@.name == "'${MEMBER_CLUSTER_NAME}'")].context.cluster}')

20
hack/deploy-karmada.sh
View File

@ -96,7 +96,6 @@ function generate_cert_secret {
TEMP_PATH=$(mktemp -d)
cp -rf "${REPO_ROOT}"/artifacts/deploy/karmada-cert-secret.yaml "${TEMP_PATH}"/karmada-cert-secret-tmp.yaml
cp -rf "${REPO_ROOT}"/artifacts/deploy/secret.yaml "${TEMP_PATH}"/secret-tmp.yaml
cp -rf "${REPO_ROOT}"/artifacts/deploy/karmada-webhook-cert-secret.yaml "${TEMP_PATH}"/karmada-webhook-cert-secret-tmp.yaml
sed -i'' -e "s/{{ca_crt}}/${karmada_ca}/g" "${TEMP_PATH}"/karmada-cert-secret-tmp.yaml
@ -116,19 +115,28 @@ function generate_cert_secret {
sed -i'' -e "s/{{etcd_client_crt}}/${ETCD_CLIENT_CRT}/g" "${TEMP_PATH}"/karmada-cert-secret-tmp.yaml
sed -i'' -e "s/{{etcd_client_key}}/${ETCD_CLIENT_KEY}/g" "${TEMP_PATH}"/karmada-cert-secret-tmp.yaml
sed -i'' -e "s/{{ca_crt}}/${karmada_ca}/g" "${TEMP_PATH}"/secret-tmp.yaml
sed -i'' -e "s/{{client_crt}}/${KARMADA_CRT}/g" "${TEMP_PATH}"/secret-tmp.yaml
sed -i'' -e "s/{{client_key}}/${KARMADA_KEY}/g" "${TEMP_PATH}"/secret-tmp.yaml
sed -i'' -e "s/{{server_key}}/${KARMADA_KEY}/g" "${TEMP_PATH}"/karmada-webhook-cert-secret-tmp.yaml
sed -i'' -e "s/{{server_certificate}}/${KARMADA_CRT}/g" "${TEMP_PATH}"/karmada-webhook-cert-secret-tmp.yaml
kubectl --context="${HOST_CLUSTER_NAME}" apply -f "${TEMP_PATH}"/karmada-cert-secret-tmp.yaml
kubectl --context="${HOST_CLUSTER_NAME}" apply -f "${TEMP_PATH}"/secret-tmp.yaml
kubectl --context="${HOST_CLUSTER_NAME}" apply -f "${TEMP_PATH}"/karmada-webhook-cert-secret-tmp.yaml
components=(karmada-aggregated-apiserver karmada-controller-manager kube-controller-manager karmada-scheduler karmada-descheduler karmada-metrics-adapter karmada-search karmada-webhook karmada-interpreter-webhook-example)
for component in "${components[@]}"
do
generate_config_secret ${component} ${karmada_ca} ${KARMADA_CRT} ${KARMADA_KEY}
done
rm -rf "${TEMP_PATH}"
}
function generate_config_secret() {
export component=$1 ca_crt=$2 client_crt=$3 client_key=$4
envsubst < "${REPO_ROOT}"/artifacts/deploy/karmada-config-secret.yaml > "${TEMP_PATH}"/${component}-config-secret.yaml
kubectl --context="${HOST_CLUSTER_NAME}" apply -f "${TEMP_PATH}"/${component}-config-secret.yaml
unset component ca_crt client_crt client_key
}
# install Karmada's APIs
function installCRDs() {
local context_name=$1